.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.

Slides:



Advertisements
Similar presentations
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Advertisements

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Offensive Security Part 1 Basics of Penetration Testing
Chapter 7 HARDENING SERVERS.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Browser Exploitation Framework (BeEF) Lab
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Enterprise Network Security Accessing the WAN – Chapter 4.
Howard Pincham, MCITP, CISSP Database and Compliance Engineer Hyland Software, Inc.
MIS Week 2 Site:
Attacks Against Database By: Behnam Hossein Ami RNRN i { }
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
Recent Internet Viruses & Worms By Doppalapudi Raghu.
Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
I-Hack’08 International Hacking Competition “Details”
Penetration Testing 101 (Boot-camp)
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Database as a networked server DB at the centre of the network Network Access Map for DB environment Tracking of tools and apps Remove unnecessary network.
Enterprise Network Security Accessing the WAN – Chapter 4.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Module 7: Designing Security for Accounts and Services.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
PostExploitation CIS 5930/4930 Offensive Computer Security Spring 2014.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
[blank page for bug work-around]
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Hacking SQL Server a peek into the dark side by Dustin Prescott
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
# 66.
Working at a Small-to-Medium Business or ISP – Chapter 8
MySQL Exploit with Metasploit
Hacking SQL Server The best defense is a good offence by Dustin
Chapter 6 Application Hardening
Penetration Test Debrief
Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.
Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016
Daniel Kouril, Ivo Nutar Masaryk University
Metasploit a one-stop hack shop
Laura Jaideny Pérez Gómez - A
Common Operating System Exploits
Ways to Secure CMS Websites. The most widely used Content Management Systems are Wordpress, Joomla and Drupal as per statistics. The highest CMS platforms.
Backtrack Metasploit and SET
Web Application Penetration Testing ‘17
Web Hacking: Beginners
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Intrusion.
Convergence IT Services Pvt. Ltd
IP Addresses & Ports IP Addresses – identify a device on a network
Bethesda Cybersecurity Club
Presentation transcript:

 User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates  SecurityFocus Vuln..  Content on Security Street  Twitter

 Network communication vital Proxies Corporate/Windows Firewalls

Problem: Hackers don’t care about Authorization

 BackTrack (bt) Bootable, vm, phone o Zenmap o Metasploit framework 927+ exploits 251+ payloads Meterpreter o Social Engineering Toolkit o Netdiscover o Fasttrack & autopwn

 Kali Linux Bootable, vm, phone o Metasploit framework 927+ exploits 251+ payloads Meterpreter o Social Engineering Toolkit o nmap o BBQSQL (sql injection) o Hydra o Top 10 List o AND MORE!

 Interesting Commands o Getuid o GetSystem o Ps o kill o Migrate o Shell o Hashdump o Webcam_snap o clearev

 If you are not patching, no reason for pen testing  Don’t forget 3 rd party utilities  Peer review servers  Cleanup!

 Reversing patches is common practice o Midi file buffer overflow exploited in wild 16 days after the patch  Common msf exploits used MSYY- naming convention  CVE – common vulnerabilities and exposures  Know unsupported dates  WSUS  SCCM  Orchestrator  WMI qfe

True or False: When using SQL Server Authentication in version 11 (2012), the password is encrypted over the network.

True or False: When using SQL Server Authentication in version 11 (2012), the password is encrypted over the network. IT DEPENDS

 Default of 0 allows for brute force  10 proves to be sufficient in this case

Bonus!

 Default 3 rd party passwords  Accidental administrators(Dev)  Extra un-used services(Writer)  Weak DBA Windows passwords

 Layers that still work o Firewalls o Strong Passwords o Antivirus o Patches o Group Policy o Log Monitoring o Least privilege o Audits and Testing  DR o Did someone say zombies?

 Don’t be a disabler for business.

 Other hacks? o ‘ OR 1=1; -- Create table, insert web.config o Browser based attacks o The next MS08_067  Review whiteboarding

        

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.