Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.

Slides:



Advertisements
Similar presentations
MGD Services, Inc. The IT Quality Assurance Specialists
Advertisements

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
and Mitigations Brady Bloxham
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Technical Methodology (bottom-up) Lesson 8. 6-step Process Step 1: Site Survey Step 2: Develop a test plan Step 3: Build the toolkit Step 4: Conduct the.
Module 2 – PenTest Overview
Cryptography and Network Security Chapter 20 Intruders
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Hacking Unix/Linux.
The Business of Penetration Testing
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Module 8 – What's Next?  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.
Drive-by pharming is an interesting type of networking attack that combines multiple networking vulnerabilities and average user laziness to create an.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Module 3 – Information Gathering  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
Cracking Techniques Onno W. Purbo
Penetration Testing 101 (Boot-camp)
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Microsoft Management Seminar Series SMS 2003 Change Management.
Packet saga Using Strategic Hacking To Terrorize Commercial And Governmental Entities On The Internet. By: Khaled M.A. Nassar Wael A. Ali.
Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
Mantra – Security Framework Free and Open Source Browser based Security Framework.
Module 6 – Penetration  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Footprinting and Scanning
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Step 1of 11 Admin Demonstrations Click Here to Start.
Module 7: Designing Security for Accounts and Services.
Incident Response Christian Seifert IMT st October 2007.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Filip Chytrý Everyone of you in here can help us improve online security....
Network Devices and Firewalls Lesson 14. It applies to our class…
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
An Anatomy of a Targeted Cyberattack
MySQL Exploit with Metasploit
Penetration Test Debrief
Employee clicks on fake
Secure Software Confidentiality Integrity Data Security Authentication
Evaluating Existing Systems
Onno W. Purbo Cracking Techniques Onno W. Purbo
Hacking Unix/Linux.
Evaluating Existing Systems
ADVANCED PERSISTENT THREATS (APTs) - Simulation
Footprinting and Scanning
Security Essentials for Small Businesses
Learning objectives By the end of this unit you should: Explain
Lecture 2 - SQL Injection
How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.
PT0-001 Exam Questions 2019
6. Application Software Security
How do hackers do it?.
Engineering Secure Software
Presentation transcript:

Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration ○ Gaining Access & Privilege Escalation ○ Enumerating Further ○ Compromise Remote Users/Sites ○ Maintaining Access ○ Cover the Tracks Heorot.net

Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise Problem: We don't have access Heorot.net

Enumerating Further  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration ○ Gaining Access & Privilege Escalation ○ Enumerating Further ○ Compromise Remote Users/Sites ○ Maintaining Access ○ Cover the Tracks Heorot.net

*Enumerating Further  address gathering  Perform Password attacks  **Sniff traffic and analyze it  **Gather cookies  **Identifying routes and networks  **Mapping internal networks *ISSAF does not cover this topic in great detail **Advance topics not covered in this class Heorot.net

Address Gathering  May already have some ○ WHOIS information ○ Forums ○ archive.org  Blind s ○ ○ ○ ○  Web site Heorot.net

Address Gathering Web page Demonstration

Perform Password Attacks  Remote Attack Hydra Unicorn  Local Attack John the Ripper (JTR)‏  Additional resources required: Wordlists Patience Heorot.net

Remote Attack Hydra Demonstration

Enumerating Further  Perform Password attacks Hydra results: Access Gained  What to do next? Continue on with Enumeration Return to “Gain Access & Privilege Escalation” Heorot.net

Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise We now have access Heorot.net

Gaining Access & Privilege Escalation  Gain Least Privilege through: Exploitable vulnerability Mis-configured system Poor security practices “In general when someone has physical access to the local host the game is over, because there is usually one or more ways to get all information from the system.” -ISSAF Heorot.net

Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise “How to do this” is not covered in any methodology Heorot.net

Gain Intermediate Privilege  Exploitable vulnerability Application exploit  Mis-configured system Application running at higher-than-needed privileges Access to applications they shouldn't have Improper maintenance (core dumps)‏  Poor security practices Users given elevated privileges Heorot.net

Gain Intermediate Privilege sudo Demonstration

Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise Heorot.net

Compromise “A system is fully compromised anywhere in the target network and further attack from this system can be performed. This system can be used as a step stone for other attacks to the final goal.” Best example of this is “Got Root?”

Gaining Access & Privilege Escalation  Gain Least Privilege  Gain Intermediate Privilege  Compromise  Final Compromise Heorot.net

Final Compromise “ In this step, the “real” victim like the company master DB or a specific system/file is compromised. ” - ISSAF Database Web Pages Mail Servers etc.

Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○... ○ Vulnerability Identification ○ Penetration ○ Gaining Access & Privilege Escalation Gain Least Privilege Gain Intermediate Privilege Compromise Final Compromise Heorot.net

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.