Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.

Slides:



Advertisements
Similar presentations
Module XIV SQL Injection
Advertisements

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Computer Security Fundamentals
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )
Computer Security and Penetration Testing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
The Business of Penetration Testing
Penetration Testing.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Chapter 6 Enumeration Modified Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Penetration Testing Training Day Capture the Flag Training.
13.1 Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Security.
Hands-On Ethical Hacking and Network Defense
IIS Security Sridurga Mavram. Contents -Introduction -Security Consideration -Creating a web page -Drawbacks -Security Tools -Conclusion -References.
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
© 1999 Ernst & Young LLP e e treme hacking Black Hat 1999 Over the Router, Through the Firewall, to Grandma’s House We Go George Kurtz & Eric Schultze.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Attack signatures derived from Metasploit Final Presentation E. Ramirez A. Zoghbi
REALLY HACKING SQL SERVER 2000 Less Theory – More Action Jasper Smith.
Crash Course in Web Hacking
Penetration Testing 101 (Boot-camp)
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!
NT SECURITY: HACKING AND HOW TO PREVENT IT BY GREG WATSON.
CNIT 124: Advanced Ethical Hacking Ch 13: Post Exploitation Part 2.
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Hands-On Ethical Hacking and Network Defense
Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Filip Chytrý Everyone of you in here can help us improve online security....
 Computer Network Attack  “… actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers.
Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Topic 5 Penetration Testing 滲透測試
Enumeration.
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
CITA 352 Chapter 5 Port Scanning.
Common Operating System Exploits
A Distributed DoS in Action
Security.
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Test 3 review FTP & Cybersecurity
Penetration Testing & Network Defense
Presentation transcript:

Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by

Presentation to insert name here 2 Hacking Systems Financial gain Commercial secrets Credit card information Political motivations To discredit individuals Cause personal harm Lulz….

Presentation to insert name here 3 Hacking Systems Weapons – Stuxnet – Flame 0 day vulnerabilities Expensive cryptographic attacks Weaponised modules

Presentation to insert name here 4 Methodology Network/Host Mapping Service Identification Vulnerability Identification Vulnerability exploitation Privilege Escalation Maintaining Access Clearing Logs Recording actions!

Presentation to insert name here 5 Host Mapping - Port Scanning

Presentation to insert name here 6 Port Scanning Demo Basic syn scan – of a default Windows XP build nmap –sSU –A –oA winxp sSU Use TCP SYN scan and UDP scan -APerform all tests -oA winxpOutput multiple files

Presentation to insert name here 7 Vulnerability Scanners - Nessus Venerable Nessus! Bad Nessus! Still a damn good tool Free

Presentation to insert name here 8 Exploitation! Excitement! Risk! …. Danger! Who owns this box? Do you have permission (shouldn’t have been scanning it) Will they be really upset if you break it?

Service Exploitation Services available on Internet Or internally Research service Poke it Can you log onto in? Love default passwords :) What will it give you? – VOIP phone with default password and access to memory

Example Services SMB – Server Message Block – Protocol for application communication – Authentication mechanisms – Windows – Win2K – 'null' user allows access to entire username directory

Example Services Veritas Netbackup – TCP port 10000, NDMP – File backup and backup agent management – Vulnerability allows download of any file from Windows system – Another overflows buffers and allows code execution

Buffer Overflows

Shell Code

Reverse Shell Shell code executes TCP connection back Starts local shell process Redirects input and output streams over TCP Attacker gains command prompt Under the account of the vulnerable process Meterpreter Shell Powerful tool Launch further attacks Pivot to other systems

Privilege Escalation Determine current priviledge level Add user? Exploit further? Professional hackers only need go so far…

Reporting Reporting carried out whilst testing Both technical details and executive summary

Vulnerability Ratings Impact – What is the possible damage that could be done? Exploitability – How easy is it to attack and realise the impact? – How much knowledge is required? – Are there public exploits? Risk Rating – Combination of Impact and Exploitability – High impact but low exploitability = low(er) risk – Many algorithms

Metasploit Express

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.