Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetration Testing: Concepts,Attacks and Defence Stratagies

Published byLeona Lang Modified over 6 years ago

Similar presentations

Presentation on theme: "Penetration Testing: Concepts,Attacks and Defence Stratagies"— Presentation transcript:

1 Penetration Testing: Concepts,Attacks and Defence Stratagies
WELCOME Penetration Testing: Concepts,Attacks and Defence Stratagies Presented by: ADARSH.S S7-C For Educational Purpose

2 Part one: the concept of penetration testing
2

3 What is a penetration test?(informal)
Port scanning Vulnerability Scanning Penetration Testing 3

4 Why conduct a penetration test?
Prevent data breach Test your security controls Ensure system security Discover new bugs in existing software 4

5 Why conduct a penetration test?
Prevent data breach Test your security controls Ensure system security Discover new bugs in existing software 5

6 Steps of penetration test
Step 1: Introduction and Objectives Step 2:Information gathering Step 3:Vulnerability analysis Step 4:Simulation (Penetrate the system to provide the proof) Step 5:Risk assessment Step 6:Recommendations for reduction or recovery and providing the report 10

7 Penetration Testing Operating Systems
Linux Destro Contain a pre-packaged and pre-configured set of tools Open source license 7

8 Kali Linux Linux Destro for forensics 600 Penetration testing tools.
Wide range of wireless devices Includes almost all security flaws in machines 8

9 The EXPLOIT The basic steps for exploiting a system using the
Framework include: Choosing and configuring an exploit; Optionally checking whether the intended target system is susceptible to the chosen exploit; Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload; Executing the exploit. 7

10 ATTACKS HACKED ANDROID HACKING USING METASPLOIT
MAN IN THE MIDDLE ATTACK HACKED

11 ANDROID HACK USING METASPLOIT
→ Computer security project → Provides information about security vulnerabilities and aids in penetration testing. → Contains 1517 exploits and 437 payloads. → Quick updates of recent exploits.

12 HOW TO HACK Step 1:Create the Payload Step 2: Transfer the apk

13 HOW TO HACK Step 3: Load metasploit console(msfconsole)

14 HOW TO HACK Exploit name: multi/handler.
Step 4: Identify the exploit and launch the attack Exploit name: multi/handler. 14

15 Explaining The Attack Creates a listener (meterpreter)
Makes a handler to handle the incoming requests(multi-handler) Exploit command the final word. Android Services like camera,contacts,voice recorder gets compromised. 15

16 DEFENSE STRATEGIES ANDROID METASPLOIT:
Verify Permissions of each apps. Get Updated. Do not enter into public Wifi. Do not install apps from unknown sources. 16

17 MAN IN THE MIDDLE ATTACK
attacker secretly relays and possibly alters the communication between two parties Terminology Ettercap: ec_uid/ec_gid: ARP(Address Resolution Protocol) Driftnet: Network Interface: 17

18 HOW TO ATTACK Step1:Change the configration file of Ettercap.

19 HOW TO ATTACK Step2:Packet Capturing and Sniffing.
Identifying Interfaces: (wlan0/eth0) Scanning for hosts. Selecting Targets: Start Sniffing: 19

20 Capturing Image/Audio Data Packets
 DRIFTNET : a program which listens to network traffic and picks out images/audio data from TCP streams it observes. Only runs in root privilege Command: sudo driftnet -i wlan0 20

21 DEFENSE STRATEGIES MAN IN THE MIDDLE ATTACK(ARP Spoofing).
Method 1: Protect the ARP mapping table:(static ip) 21

22 DEFENSE STRATEGIES When an attacker performs an ARP MITM attack,
computer sends an ARP packet to the victim’s machine telling it that his MAC address is the router. Attacker will spoof the victim with false MAC id. Only strategie is to use a static physical address. Use Virtual Private Networks: mode of transmission and data is also encrypted. even if your network is compromised by ARP spoofing,decryption is impossible. 22

23 References: [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] 23

24 THANK YOU

25 25

Download ppt "Penetration Testing: Concepts,Attacks and Defence Stratagies"

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Man in the Middle Attack

Man in the Middle Attack
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
1 Reminding - ARP Two machines on a given network can communicate only if they know each other’s physical network address ARP (Address Resolution Protocol)

1 Reminding - ARP Two machines on a given network can communicate only if they know each other’s physical network address ARP (Address Resolution Protocol)
Computer Security and Penetration Testing

Computer Security and Penetration Testing
A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Similar presentations

Ads by Google