1. Sam Cook April 18, 2013

2. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade

3. What is penetration testing? Penetration Testing or Pen Testing: The practice of testing a computer system, network or web application to find vulnerabilities that an attacker could exploit by simulating attacks from both internal and external threats Goals Determine the adequacy of security measures Identify security deficiencies Recommend training

4. Why penetration test? An attacker will find the vulnerability View network the same way an attacker would Providing additional insight into security posture Assess the implementation status of system security Provide a reference point for corrective action

5. Penetration Testing is NOT Hacking Hacking Pen Testing No time limit No limitations Unknown objectives Illegal Limited time Well defined scope Clearly defined goals Legal

6. Real world examples Stuxnet Used the same infection vector as the Conficker worm Spread via USB flash drives Exploited hardcoded passwords PlayStation Network Breach Leaked millions of users’ unencrypted personal data Intruders exploited a vulnerability in application server through a flaw not known to Sony Suspected to have exploited by a modified PS3 firmware known as Rebug

7. Performing a penetration test Phases of a penetration test: ProfilingEnumerationVulnerability AnalysisExploitationReporting

8. Profiling Research phase Passive Reconnaissance Strategy Obtain publicly available information on target Tactics Query publicly accessible data sources Observe physical defenses Covertly survey company and employees

9. Enumeration Discovery Phase Active Reconnaissance Strategy Find detailed information Find possibly vulnerable points of entry Tactics Map the network Analyze and identify each individual host Survey physical security mechanisms Compile list of possible entry points for an attacker

10. Vulnerability Analysis Systematic examination of vulnerabilities Procedure Using all the information gathered in the previous phases, identify vulnerabilities in the system Tactics Prioritize analysis of commonly misconfigured services Use automated tools if applicable/available

11. Exploitation Gaining access Procedure Verify previously identified vulnerabilities by attempting to exploit them Show what access can be gain and what assets can be affected

12. Reporting The important part Procedure Compile findings into a complete report Include methods as well Make suggestions to fix vulnerabilities

13. Styles of Penetration Testing Blue Team Tested as a trusted insider with complete access Perform a through survey of systems with complete access to systems to determine any vulnerabilities or misconfigurations. Attempts to provide an exhaustive listing of potential vulnerabilities

14. Styles of Penetration Testing Red Team Test done as an external hacker Attempt to penetrate defenses any way possible Only attempts to find single point of entry

15. Pen Testing Tools Backtrack Custom Linux Distribution

16. Pen Testing Tools Metasploit Exploitation framework

17. Pen Testing Tools Wireshark Network traffic monitoring tool

18. Questions?

19. Sources https://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFp bnx0dXBlbnRlc3R8Z3g6NzAzYmZlOWEwNmRjMDc2ZQ http://www.isaca.org/Pages/Glossary.aspx?tid=651&char=P https://mosaicsecurity.com/categories/27-network-penetration-testing http://www.zdnet.com/news/security-guru-lets-secure-the-net/120859 http://www.extremetech.com/gaming/84218-how-the-playstation-network- was-hacked http://online.wsj.com/article/SB1000142405274870481050457630732275929903 8.html http://en.wikipedia.org/wiki/Penetration_test