Penetration Testing: Concepts,Attacks and Defence Stratagies

Slides:

Advertisements

Similar presentations

Module X Session Hijacking

Advertisements

Man in the Middle Attack

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Mr C Johnston ICT Teacher

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

1 Reminding - ARP Two machines on a given network can communicate only if they know each other’s physical network address ARP (Address Resolution Protocol)

Computer Security and Penetration Testing

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

COEN 252: Computer Forensics Router Investigation.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Lab #2 CT1406 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

Computer Security and Penetration Testing

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Software Security Testing Vinay Srinivasan cell:

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Linux Networking and Security

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://

CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.

Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

Alison Buben Jay Pataky COSC 316.  Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where.

By Collin Donaldson Man in the Middle Attack: Password Sniffing and Cracking.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.

How To Be nosey on the Interwebz. What you need Linux Laptop Local Wireless Network you want to do sniffing on ettercap Wireshark driftnet nmap.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

[blank page for bug work-around]

Lab #2 NET332 By Asma AlOsaimi.

Network security Vlasov Illia

An Introduction To ARP Spoofing & Other Attacks

CSCE 548 Student Presentation By Manasa Suthram

Exploiting Layer 2 By Balwant Rathore.

ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya

Lab 2: Packet Capture & Traffic Analysis with Wireshark

A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.

Penetration Testing Presented by: Elham Hojati

Secure Software Confidentiality Integrity Data Security Authentication

Penetration Testing Presented by: Elham Hojati

Metasploit a one-stop hack shop

Business Risks of Insecure Networks

CIT 480: Securing Computer Systems

Chapter 6: Network Layer

Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.

Computer Networks 9/17/2018 Computer Networks.

Real GPEN GIAC Information Security Study Guide Killtest

CS4622: Computer Networking

Network Security: IP Spoofing and Firewall

Network Security: DNS Spoofing, SQL Injection, ARP Poisoning

Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.

Presentation transcript:

Penetration Testing: Concepts,Attacks and Defence Stratagies WELCOME Penetration Testing: Concepts,Attacks and Defence Stratagies Presented by: ADARSH.S S7-C For Educational Purpose

Part one: the concept of penetration testing 2

What is a penetration test?(informal) Port scanning Vulnerability Scanning Penetration Testing 3

Why conduct a penetration test? Prevent data breach Test your security controls Ensure system security Discover new bugs in existing software 4

Why conduct a penetration test? Prevent data breach Test your security controls Ensure system security Discover new bugs in existing software 5

Steps of penetration test Step 1: Introduction and Objectives Step 2:Information gathering Step 3:Vulnerability analysis Step 4:Simulation (Penetrate the system to provide the proof) Step 5:Risk assessment Step 6:Recommendations for reduction or recovery and providing the report 10

Penetration Testing Operating Systems Linux Destro Contain a pre-packaged and pre-configured set of tools Open source license 7

Kali Linux Linux Destro for forensics 600 Penetration testing tools. Wide range of wireless devices Includes almost all security flaws in machines 8

The EXPLOIT The basic steps for exploiting a system using the Framework include: Choosing and configuring an exploit; Optionally checking whether the intended target system is susceptible to the chosen exploit; Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload; Executing the exploit. 7

ATTACKS HACKED ANDROID HACKING USING METASPLOIT MAN IN THE MIDDLE ATTACK HACKED

ANDROID HACK USING METASPLOIT → Computer security project → Provides information about security vulnerabilities and aids in penetration testing. → Contains 1517 exploits and 437 payloads. → Quick updates of recent exploits.

HOW TO HACK Step 1:Create the Payload Step 2: Transfer the apk

HOW TO HACK Step 3: Load metasploit console(msfconsole)

HOW TO HACK Exploit name: multi/handler. Step 4: Identify the exploit and launch the attack Exploit name: multi/handler. 14

Explaining The Attack Creates a listener (meterpreter) Makes a handler to handle the incoming requests(multi-handler) Exploit command the final word. Android Services like camera,contacts,voice recorder gets compromised. 15

DEFENSE STRATEGIES ANDROID METASPLOIT: Verify Permissions of each apps. Get Updated. Do not enter into public Wifi. Do not install apps from unknown sources. 16

MAN IN THE MIDDLE ATTACK attacker secretly relays and possibly alters the communication between two parties Terminology Ettercap: ec_uid/ec_gid: ARP(Address Resolution Protocol) Driftnet: Network Interface: 17

HOW TO ATTACK Step1:Change the configration file of Ettercap.

HOW TO ATTACK Step2:Packet Capturing and Sniffing. Identifying Interfaces: (wlan0/eth0) Scanning for hosts. Selecting Targets: Start Sniffing: 19

Capturing Image/Audio Data Packets DRIFTNET : a program which listens to network traffic and picks out images/audio data from TCP streams it observes. Only runs in root privilege Command: sudo driftnet -i wlan0 20

DEFENSE STRATEGIES MAN IN THE MIDDLE ATTACK(ARP Spoofing). Method 1: Protect the ARP mapping table:(static ip) 21

DEFENSE STRATEGIES When an attacker performs an ARP MITM attack, computer sends an ARP packet to the victim’s machine telling it that his MAC address is the router. Attacker will spoof the victim with false MAC id. Only strategie is to use a static physical address. Use Virtual Private Networks: mode of transmission and data is also encrypted. even if your network is compromised by ARP spoofing,decryption is impossible. 22

References: [1] http://en.wikipedia.org/wiki/White_hat_%28computer_security%29 [2] https://community.rapid7.com/docs/DOC-2248 [3] http://searchsoftwarequality.techtarget.com/definition/penetration-testing [4] http://en.wikipedia.org/wiki/Penetration_test [5] https://www.securitymetrics.com/pentest_steps.adp [6] http://www.kali.org/ [7] http://en.wikipedia.org/wiki/Kali_Linux [8] https://www.paterva.com/web6/ [9] http://en.wikipedia.org/wiki/Whois [10] https://subgraph.com/vega/ [11] http://www.youtube.com/watch?v=plitHS8Tqdo 23

THANK YOU

25