Battalion: Automating Recon

Slides:

Advertisements

Similar presentations

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

Advertisements

1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.

Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit Stephen Hall

System Security Scanning and Discovery Chapter 14.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.

Automated Tests in NICOS Nightly Control System Alexander Undrus Brookhaven National Laboratory, Upton, NY Software testing is a difficult, time-consuming.

The Business of Penetration Testing

Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.

ExactTarget State of Indiana Partnership Overview November 21, 2006.

Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.

Account Integration for use with QuickBooks® and Salesforce by Dynamic Ventures, Inc.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

End-to-End Methodology. Testing Phases  Reconnaissance  Mapping  Discovery  Exploitation  Repeat…  Report.

DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.

Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.

1 The EDIT System, Overview European Commission – Eurostat.

Footprinting and Scanning

James S. Rothfuss, Computer Protection Program COMPUTING SCIENCES NETS Network Equipment Tracking System.

-SHAMBHAVI PARADKAR TE COMP  PORT SCANNING.  DENIAL OF SERVICE(DoS). - DISTRIBUTED DENIAL OF SERVICE(DDoS). REFER Pg.637 & Pg.638.

©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.

Modern information gathering Dave van Stein 9 april 2009.

Recrusoft A web product developed for Recruitment / Placement Agencies by Gridaxis softwares recrusoft.gridaxis.in Gridaxis Softwares.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Penetration Testing Reconnaissance 2

Seminar On Ethical Hacking Submitted To: Submitted By:

5 minutes with vulners.com Kir Ermakov Skolkovo Cyberday, 2016.

A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.

Footprinting and Scanning

OSINT: DNS Module Type: Basic Method Module Number: 0x06

Automated ad placement

ViewDirect- A Report Distribution System

One OSINT Tool to Rule Them All

Conquering all phases of the attack lifecycle

Activity n° 2.

Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.

Footprinting and Scanning

Call AVG Antivirus Support | Fix Your PC

Tips to pass your Check Point CCSA exam Pass your exam successfully html.

IT Security awareness Training.

Agenda Intro Why use containers at all? Linux Kernel: a pop of history

GWIS Core Services Julie Marsland

Intro to Ethical Hacking

RECONNAISSANCE & ENUMERATION

FootPrinting CS391.

Learning objectives By the end of this unit you should: Explain

Metasploit Analysis Report Overview

Agile testing for web API with Postman

Ethical Hacking.

Acknowledgement Content from the book:

Network Discovery in Industrial Control Systems

How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.

Simplify the way you collect, integrate and share field data.

Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment

XX XX $ $ Dark Web Scans Simulated Phishing

Enterprise Class Security Scanner

IP Addresses & Ports IP Addresses – identify a device on a network

Recon DSU GenCyber.

Presentation transcript:

Battalion: Automating Recon Created by: Stewart Olson - @abraxassc2 Patrick Garrity - @eidolonpg

Agenda Who are we? Anatomy of a Pentest Existing Tools & Issues Introducing Battalion Future Development Questions!

Who are we? Stewart Olson - @Abraxassc2 Works at Nth Generation Computing ~5 years of experience in IT/Sysadmin Recently focusing more exclusively on security Pat Garrity - @eidolonpg Works at Nerdery, Inc. as a Sr. software engineer Published: Lock-Free Algorithms for Thread Safe Programming Speaker at CIGCSE & MICS This project is independent from our jobs

High-Level Pentesting Process

What is Battalion? It was designed to answer the question, “Given a website and the companies name, what useful data can automatically be gathered?”, in short, it attempts to automate recon Why? Save time Better allocate time and resources Sift through large amounts of data for key information How? Use scripts, parsers, tools, and techniques to take resulting data from one action and present it as input for another tool

Where does Battalion fit in? Recon (Duh?) DNS Enumeration Email Address Scavenging Scanning Open Ports? Vulnerabilities? Gaining Access Exploiting vulnerabilities Phishing, etc. Reporting

Structure of Battalion Some of Many Outputs: Subdomain & IP Lists Users involved in breaches Open Ports Versions of technologies and associated vulnerabilities Two Simple Inputs: Domain Name Company Name

Battalion Domain Scanning Process (partial) Collected Data Vulnerabilities Data Open Ports WPscan data Subdomain & IP Lists Host data (apache, nginx, etc.) API data on IPs and hostnames More in place and more to come!

Brief Sample Domain Scan

Battalion User Scanning Process (partial) Collected Data Current and former employees Whois Data Likely valid email addresses Email addresses involved in breaches Phishing targets and, coming soon, automated phishing campaigns Breach Detection Process Google dorks for past/current employees Name to email transformer HaveIBeenPwned API response analysis for valid format detection HaveIBeenPwned API for breaches

Existing Toolset Future Toolset Many Custom Scripts WPScan DNSRecon EyeWitness NMAP DNSTwist Ruby whois Whatweb TheHarvester Shodan’s API HaveIBeenPwned’s API More custom tools PassiveTotal API Recon-ng XSS Testing tools Gobuster/Dirbuster Metagoofil Twitter API SET Joomscan Better reports More Dorks More Scan Options Passive->Aggressive Integrate with other tools and services

Repository https://github.com/theabraxas/Battalion Try Battalion!!! Repository https://github.com/theabraxas/Battalion Contributors Welcome! Special Thanks: @Viss @Sneakerhax @xcc @001SPARTaN Questions: @AbraxasSC2 @eidolonPG