BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter

Agenda Introductions Schedule Workshop Format The Attacker Methodology Penetration Testing Execution Standard (PTES) Pentester Job Requirements

Disclaimer Do not try this at home… without permission!

Introductions Name Company Position Previous Experience  Windows & Linux  Penetration Testing  BackTrack

Schedule Hours (9:00AM to 4:30PM)  10:20 to 10:30 - Break  11:00 to 12:30 – ISSA Chapter Meeting  2:45 to 3:00 - Break

Workshop Format Session Materials Practice Exercises Workshop Survey

The Hacker Methodology Information Gathering Vulnerability Assessment Exploitation Privilege Escalation Maintaining Access

Penetration Testing Execution Standard (PTES) Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting

Pentester Job Requirements System and application scanning using analysis tools Validate automated testing results Conduct manual analysis Evaluate and communicate risk Provide feedback and guidance Certifications (CEH, CISA, CISSP, OCSP)

Physical Security Most overlooked area of Information Security If you can touch it, you can p0wn it!

Bookmarks VMware (vmware.com) BackTrack 5 R3 (backtrack-linux.org) Metasploitable (offensive-security.com) Web Security Dojo (mavensecurity.com) Pauldotcom (pauldotcom.com) OCSP (offensive-security.com) Katana (hackfromacave.com)