The Business of Penetration Testing
description
Transcript of The Business of Penetration Testing
![Page 1: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/1.jpg)
The Business of Penetration Testing
Jacolon Walker
![Page 2: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/2.jpg)
Agenda●Introduction about me●Penetration testing Methodology●Pentesting Frameworks●Customizing your tool set●Engagement Prep●Post Engagement●Wrapping it all up
![Page 3: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/3.jpg)
The about me stuff●6 years in InfoSec● My talk not sponsored by employers●Write code, exploits, reverse malware for fun and sometimes profit
●Have Certs●Placed 2nd in Sans Netwars●Disclaimer on ideology
![Page 4: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/4.jpg)
Ethical Pentesting Methodology?
●No such thing if you want to be successful●You need to think like a hacker●Pentesting methodologies cover all grounds and help win assessments
●Attention to details and organization skills●Push the envelope but do not cross the line
![Page 5: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/5.jpg)
Penetration Methodology●5 step process●Reconnaissance●Scanning & Enumeration●Gaining Access●Maintaining Access●Covering Tracks
![Page 6: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/6.jpg)
Reconnaissance
![Page 7: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/7.jpg)
Penetration Methodology Cont.
●Reconnaissance–Gathering information passively–Not actively scanning or exploiting anything–Harvesting information
● Bing, google, yahoo, yandex● Way back machine (archive)● Social media etc
![Page 8: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/8.jpg)
Penetration Methodology Cont.
●Scanning & Enumeration–Target discovery–Enumerating–Vulnerability mapping
![Page 9: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/9.jpg)
DEMO●Maltego●Recon-ng●Theharvester●Nmap
![Page 10: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/10.jpg)
OSINT ALL THE DATA
![Page 11: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/11.jpg)
Penetration Methodology Cont.
●Gaining Access–Mapped vulns–Important to penetrate gaining user and
escalating privs–Try multiple vectors. This is actually a decently
easy part–Web application, wifi, social engineer.–Use your research
![Page 12: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/12.jpg)
Penetration Methodology Cont.
●Maintaining Access–Keeping account access–Privilege escalation–Pivoting to own all–ET phone home
![Page 13: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/13.jpg)
DEMO●Metasploit●Post scripts
![Page 14: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/14.jpg)
Broken? No luck?
![Page 15: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/15.jpg)
Penetration Methodology Cont.
●Covering Tracks–Removing tools–Backdoors, ET phone homes–Clearing logs– Windows security, application and system logs–Linux /var/log/*–Remove audit logs carefully!!!!!
![Page 16: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/16.jpg)
Penetration Frameworks●vulnerabilityassessment.co.uk●pentest-standard.org●Open Source Security Testing Methodology Manual (OSSTMM)
●Information Systems Security Assessment Framework (ISSAF)
●Open Web Application Security Project (OWASP) Top Ten●Web Application Security Consortium Threat Classification (WASC-TC)
![Page 17: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/17.jpg)
Customizing your toolset●Kali Linux – The new backtrack●Use your methodology to help build this●Recon, Scanning, Exploitation, Post exploitation
●Become familiar with those tools●Change it up to add more to your collection
![Page 18: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/18.jpg)
My toolset● A few things in my tool set●Recon-ng / Theharvester●Burpsuite●Nmap / p0f / ncat●Nessus / CoreImpact / Acunetix / Saint●Arachni / Vega / Metasploit / Websecurify ●Python Python Python●Keepnote / Lair / etherpad / (armitage *testing*)
![Page 19: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/19.jpg)
Toolset Demo
●Demonstrating some of the tools I use
![Page 21: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/21.jpg)
Pre-engagement Prep●You are selling a Service so....●Sell something●Tools customization●Knowing what offers and market rates are●Is this assessment for you?●Fixed pricing or hourly●What does the client want?●Can you provide what they want?
![Page 22: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/22.jpg)
Engagement Sold!!! ●Scope of work●Understand what the client wants
●Black, gray, white box testing or red teaming ●How long assessment will take●What to expect from the assessment●Client contacts from project manager to network admins incase of emergencies
●Use methodologies that you have created ●Remember to log everything●Secure communication with clients
![Page 23: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/23.jpg)
Post Engagement●Report writing●Any issues occur? Could they have been prevented? Can it be fixed?
●Did you get what you wanted from the engagement? Profit?
●Any new tools added or methodologies?●Possible new techniques? ●Was the customer satisfied?
![Page 24: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/24.jpg)
Report Writing● It is the last thing the customer sees. Make it the best thing they see
● Customers are paying for quality
● Different reports for various teams
● Executive Summary
● Detailed Summary
● I could write a whole presentation about this but I will not
![Page 25: The Business of Penetration Testing](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814969550346895db6bd23/html5/thumbnails/25.jpg)
Wrapping it all up●Pentesting has numerous components●Its not always about hacking its about research and business
● Making sure you are NICHE at what you do. Know your target and field
●Always improve your methods while helping your client improve their infrastructure
●“Dont learn to hack, Hack to learn”