SlideShare una empresa de Scribd logo

Making PenTesting Sexy and Effective

BSidesQuebec2013
BSidesQuebec2013
Tecnología
1 de 42
Descargar para leer sin conexión
Making PenTesting Analysis Sexy! OSSAMS Adrien de Beaupré Intru-Shun.ca Inc. SANS Internet Storm Center Handler BsidesQuebec, 01 June 2013 ©2013 Intru-Shun.ca Inc.
About me • • • • • • • 32+, 22+, 12+ years Contributor to OSSTMM 3 Contributor to Hacking Exposed, Linux 3rd Ed Contributor to SANS Incident Handling Guide Contributor to SANS 401 Security Essentials SANS Instructor 503, 504, 542, 560, 642, 660 ZAP, Nikto, Watcher and other OS projects 01/0/2012 ©2013 Intru-Shun.ca Inc. 2
Agenda • • • • • • • • Definitions Methodology Workflow Reporting Problems Solutions Demo Conclusion ©2013 Intru-Shun.ca Inc. 3
Definitions • Vulnerability - flaw or weakness in a system that can be exploited. • Security audit - assess the adequacy of controls and evaluate compliance. • Vulnerability assessment - description and analysis of vulnerabilities in a system. • Penetration testing - circumvent the security features of a system. ©2013 Intru-Shun.ca Inc. 4
Penetration Testing • Requires methodology AND creativity. • Requires performing a vulnerability assessment correctly first. • Finding alternate means to access functionality or data. • Finding alternate functionality. • Should be goal oriented. • There is no such thing as cheating in a pentest. ©2013 Intru-Shun.ca Inc. 5
Testing • Every test consists of a stimulus and response, and monitoring to verify the response, or lack thereof. • Testing consists of modules. • Each module has an input and an output. • You must monitor closely for responses. • Testing must be appropriate to the target. • Testing is of limited value if nothing is fixed. ©2013 Intru-Shun.ca Inc. 6
Methodology • • • • • • • • Logistics and Planning Open Source Information Gathering Reconnaissance Identification / Enumeration Research Vulnerability Identification Validation / Exploitation Reporting ©2013 Intru-Shun.ca Inc. 7
Open Source Info • Purpose: gathering information on the target organization, typically from the Internet. • Inputs: organization name, URL, IP addresses or ranges, industry or organization type. • Outputs: URLs, IP addresses or ranges, email addresses, ‘buzz’, technologies used, resumes, names, host names… • Data types: text, graphics, statistics… ©2013 Intru-Shun.ca Inc. 8
Reconnaissance • Purpose: determine which systems are live and map the network/technology. • Inputs: URLs, IP addresses or ranges. • Outputs: Whois, DNS, IP addresses or host names of systems which are likely to be live… • Tools: Ping, Nmap, Ike-scan, Fierce Doman Scanner, traceroute, ICMP… • Data types: text files, XML files… ©2013 Intru-Shun.ca Inc. 9
Identification / Enumeration • Purpose: enumerate the systems that are live, determine open ports, listening services, map applications, operating systems, and versions. • Inputs: systems known to be live/available. • Outputs: ports, services, OS, versions, patches. • Tools: Nmap, Amap, Ike-scan, Nessus… • Data types: text files, XML files… ©2013 Intru-Shun.ca Inc. 10
Research Purpose: list all potential vulnerabilities. Inputs: technologies in use. Outputs: list of potential vulnerabilities. Tools: vulnerability databases, search engines… • Data types: text files, XML files, databases… • • • • ©2013 Intru-Shun.ca Inc. 11
Vulnerability Identification • Purpose: identify known or unknown vulnerabilities in the identified technologies. • Inputs: IP addresses, ports, services, applications. • Outputs: listing of potential vulnerabilities. • Tools: scanners such as Nessus, NexPose, Burp, W3AF, ZAP… • Data types: text files, XML files, databases… ©2013 Intru-Shun.ca Inc. 12
Validation / Exploitation • Purpose: assign a confidence value and validate potential vulnerabilities. Have FUN!! • Inputs: listing of all potential vulnerabilities. • Outputs: listing of validated vulnerabilities and confidence rating values. • Tools: penetration testing (Metasploit, Core Impact, Canvas…), manual validation, fuzzers… • Outputs: text files, graphics, XML files, database entries, databases... ©2013 Intru-Shun.ca Inc. 13
Penetration! • Pillaging. • Identification of previously unknown vulnerabilities through fuzzing. • Post exploitation and pivoting. • The best hack is just logging in... • Tools: brain power • Outputs: text files, graphics, XML files, database entries, databases... BOOTY!!! ©2013 Intru-Shun.ca Inc. 14
Reporting • Purpose: assign risk and priority ratings to confirmed vulnerabilities. • Inputs: list of validated vulnerabilities. • Outputs: analysis results. • Tools: people brain power. • Outputs: text files, database entries, documents... • Wordsmithing. ©2013 Intru-Shun.ca Inc. 15
Why Automate? Laziness ☺. Consistent results over time. Allows for scheduling and trending. Streamlined and more efficient. Engineering a process that can be run and maintained by an operational group. • Allows the test team to concentrate on the areas that are not automated. • • • • • ©2013 Intru-Shun.ca Inc. 16
Requirements • • • • • • • • • Process – follow consistent repeatable methodology. Scriptable – typically Linux CLI tools. Tool – result that can be parsed. Database – for correlation and reporting. Correlated – multiple sources of data. Analyzed – intelligent human analysis. Mitigation – how to respond, recommendations. Metrics – quantitative, measurable, trends. Severity – rating system. ©2013 Intru-Shun.ca Inc. 17
Workflow • Methodology is broken down into modules. • Output from one is the input to the next. • Unfortunately most tools do not follow the methodology flow precisely, or may not allow for data extraction between modules. • Which means that either we must run each tool multiple times with different configurations, or different tools for each module. ©2013 Intru-Shun.ca Inc. 18
Workflow Output from module > database import Database queries > inputs to next module Reporting module > ticketing Tickets > vulnerability management and mitigation • Close the loop back to the test team process • Re-test where necessary • • • • ©2013 Intru-Shun.ca Inc. 19
Problem • Individual tools do not always follow a methodology and do not always allow for sufficiently granular control. • No one tool can perform all modules. • Methodology requires use of multiple tools. • Each tool may have a different output format or use a proprietary database. • Correlation and analysis can be time consuming. ©2013 Intru-Shun.ca Inc. 20
What is Missing • Security Assessments collect a lot of data, but don’t always correlate the data. • To properly identify risk and threats, correlation of collected data is necessary. • Correlation between different tools is essential! • Marking false positives, adding manual findings, and annotating is also required. • Current systems – Extremely Expensive. ©2013 Intru-Shun.ca Inc. 21
Solutions • Single unified and normalized database schema for all security assessment tools. • Obviously requires that such a schema exist! • Requires a parser for each tool we use. • This allows us to create an abstract layer between the tools and the common database, while still allowing us to enforce the methodology regardless of the tools used. ©2013 Intru-Shun.ca Inc. 22
OSSAMS • Open Source Security Assessment Management System www.ossams.com • A framework for security assessors to correlate and analyze risk to information systems. • Streamlines the assessment reporting process. • A modular process that builds on past assessments. ©2013 Intru-Shun.ca Inc. 23
Database Design • One of the key aspects of OSSAMS is the database design. • It is capable of having any number of tool outputs as an input. • Currently using MySQL on Linux with Python, PowerShell, or Perl scripts to parse outputs. • A front-end will be designed in addition to CLI. • It is flexible, extensible, and Open Source. ©2013 Intru-Shun.ca Inc. 24
19/07/2011 Intru-Shun.ca Inc. 25
Tooloutput • For every tool there are outputs. An output file, typically an XML file, will describe what the tool has discovered from the target domain, subnet, system, host, or application). • Tooloutputnumber - Primary Key, autoincrement. Projectname, Projectid, Toolname, Filename, Filedate, Tooldate , Version, OSSAMSversion, Scanner , Inputtimestamp. ©2013 Intru-Shun.ca Inc. 26
Configuration • For every TOOLOUTPUT it may contain configuration information about the tool. Its primary key is Configurationnumber, which is an auto-increment. • Configurationtype, Configurationoptionname, Configurationoptionvalue, Configurationnumber. ©2013 Intru-Shun.ca Inc. 27
Domain • A grouping of systems, subnets, CIDR ranges, or non-contiguous but related IP addresses will be considered a domain. DNS and Sctive Directory domains fir here as well. Primary key is Domainnumber which is auto-increment. • Domainname, Domaintype, Domainnumber, Domainnotes, Domainaddresses. ©2013 Intru-Shun.ca Inc. 28
Groups • A domain or a host may have none, one, or more user groups. Its primary key is Groupnumber, which is an auto-increment. • Groupproperty, Groupvalue, Groupname, Groupnumber, Groupnotes, Groupprivilege, Groupmembers. ©2013 Intru-Shun.ca Inc. 29
Hosts • A toolout may describe none, one, or more hosts (computers or network devices). Its primary key is Hostnumber, which is an autoincrement. • Domainnumber, Hostproperty, Hostvalue, ipv4, ipv6, Hostname, Hostnumber, Hostptr, Whois, Recon, Reconreason, Hostcriticality, Macaddress, Macvendor, Hostnotes, Hostos, Osgen, Osfamily. ©2013 Intru-Shun.ca Inc. 30
Users • A Domain, application, or a host may have none, one, or more users. Its primary key is Usernumber, which is an auto-increment. • Userproperty, Uservalue, Username, Usernumber, Domainnumber, Groupnumber, Hostnumber, Passwordhash, Password, Userprivilege, Usernotes. ©2013 Intru-Shun.ca Inc. 31
Ports • A host may have none, one, or more ports open. This table contains information about ports (open, filtered, or closed). Its primary key is Portnumber, which is an autoincrement. • Protocol, Portnumber, Portstate, Reason, Portbanner, Portversion, Portname, Service, Method, Confidence, Portvalue. ©2013 Intru-Shun.ca Inc. 32
Vulnerabilities • A host, port, or application may have none, one, or more vulnerabilities associated with it. Its primary key is Vulnerabilitynumber, which is an autoincrement. • Vulnerabilityid, Vulnerabilityseverity, Vulnerabilityrisk, Vulnerabilityconf, Falsepositive, Vulnerabilityname, Vulnerabilitydescription, Vulnerabilitysolution, Vulnerabilitydetails, Vulnerabilityextra, Vulnerabilityvalidation, Vulnerabilitynotes, Vulnerabilityattribute, Vulnerabilityvalue, Vulnerabilityuri, Httprequest, Httpresponse, Httpparam. ©2013 Intru-Shun.ca Inc. 33
Refs • A vulnerability may have none, one, or more references associated with it. A reference can be a link to a web site, a database entry (such as SecurityFous bid, OSVDB, Secunia, CVE, CCE, CWE, …). • Vulnerabilitynumber, Referencenumber, Referencetype - Type reference (URI, OSVDB, CVE…), Referencevalue – Value of the reference. ©2013 Intru-Shun.ca Inc. 34
Booty • Booty may have been taken from a Domain, User, Host, Application, or other assorted places the pentester finds stuff ☺ • Domainnumber, Hostnumber, Bootyproperty, Bootyvalue, Bootynumber, Bootynotes. ©2013 Intru-Shun.ca Inc. 35
Scripts • Flow: – Scanning scripts – Import scripts – Query scripts – Analysis with brainpower – Iterative process – Reporting scripts ©2013 Intru-Shun.ca Inc. 36
Parsing Scripts • • • • • • • • Main function Read configuration function Database access function Read a list of files Read a directory of files Parsing XML, HML, or text file function Insert function Return ©2013 Intru-Shun.ca Inc. 37
Supported tools • Completed: – acunetix, burp, grendel, nessus, netsparker, nexpose community, nikto, nmap, ratproxy, retina community, skipfish, sslscan, w3af, wapiti, watcher, websecurify, zap. • Roadmap: – appscan, arachni, core impact, fierce, httprint, iss, languard, metasploit, ncircle, nexpose, n-stalker, ntospider, openvas, proxystrike, retina, saint, sandcat, webcruiser, webinspect, wsfuzzer… ©2013 Intru-Shun.ca Inc. 38
Demo • A brief demo of the parsing script and database use. • Also briefly discuss the roadmap for OSSAMS: – – – – – – – – Finalize the database design and scripts. Reporting templates. Query database for module tool input. OSSTMM RAVs. OWASP. Other methodologies/frameworks. Work on tool data interchange format. Get more people involved!! ©2013 Intru-Shun.ca Inc. 39
Code • Currently living at: handlers.dshield.org/adebeaupre/ossams-parser.tgz And www.ossams.com • Requires: – Python > 2.5; – Python-mysqldb; and – Lxml. ©2013 Intru-Shun.ca Inc. 40
Conclusions • The key is not running the scanners, but analysis, methodology, correlation, documentation, and problem solving. • Organizations can automate security testing and reporting processes, particularly consultants and enterprises. • The key is analysis and database utilization. • These can be built using Free / Open Source Software tools and/or commercial offerings. • Should be done with proper planning, tools, methodology, processes, and expertise. ©2013 Intru-Shun.ca Inc. 41
QUESTIONS? ADRIEN@INTRU-SHUN.CA @ADRIENDB THANK YOU! ©2013 Intru-Shun.ca Inc. 42

Recomendados

Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
encase enterprise
encase enterprise encase enterprise
encase enterprise Damir Delija
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Damir Delija
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection Damir Delija
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 

Recomendados

Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
encase enterprise
encase enterprise encase enterprise
encase enterprise Damir Delija
 
Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Datafoucs 2014 on line digital forensic investigations damir delija 2
Datafoucs 2014 on line digital forensic investigations damir delija 2Damir Delija
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection EnCase Enterprise Basic File Collection
EnCase Enterprise Basic File Collection Damir Delija
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1Damir Delija
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Rod Soto
 
Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015Malachi Jones
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsDamir Delija
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...Damir Delija
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthTechBiz Forense Digital
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformJason Letourneau
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacksgocybersec
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
Insider Threat Visualization - HITB 2007, Kuala Lumpur
Insider Threat Visualization - HITB 2007, Kuala LumpurInsider Threat Visualization - HITB 2007, Kuala Lumpur
Insider Threat Visualization - HITB 2007, Kuala LumpurRaffael Marty
 
2016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v12016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v1Jenny Midwinter
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacksgocybersec
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
Automating Analysis and Exploitation of Embedded Device Firmware
Automating Analysis and Exploitation of Embedded Device FirmwareAutomating Analysis and Exploitation of Embedded Device Firmware
Automating Analysis and Exploitation of Embedded Device FirmwareMalachi Jones
 
Conjunto N
Conjunto NConjunto N
Conjunto Nguestc11487
 
Slc Wcoff Ad !
Slc Wcoff Ad !Slc Wcoff Ad !
Slc Wcoff Ad !Joline Charlton
 
Conjunto N
Conjunto NConjunto N
Conjunto Nguestc11487
 

Más contenido relacionado

La actualidad más candente

Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1Damir Delija
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Rod Soto
 
Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015Malachi Jones
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsDamir Delija
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...Damir Delija
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformJason Letourneau
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacksgocybersec
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
Insider Threat Visualization - HITB 2007, Kuala Lumpur
Insider Threat Visualization - HITB 2007, Kuala LumpurInsider Threat Visualization - HITB 2007, Kuala Lumpur
Insider Threat Visualization - HITB 2007, Kuala LumpurRaffael Marty
 
2016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v12016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v1Jenny Midwinter
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacksgocybersec
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
Automating Analysis and Exploitation of Embedded Device Firmware
Automating Analysis and Exploitation of Embedded Device FirmwareAutomating Analysis and Exploitation of Embedded Device Firmware
Automating Analysis and Exploitation of Embedded Device FirmwareMalachi Jones
 

La actualidad más candente (19)

Ecase direct servlet acess v1
Ecase direct servlet acess v1Ecase direct servlet acess v1
Ecase direct servlet acess v1
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
 
Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
 
6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...6414 preparation and planning of the development of a proficiency test in the...
6414 preparation and planning of the development of a proficiency test in the...
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacks
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
 
Insider Threat Visualization - HITB 2007, Kuala Lumpur
Insider Threat Visualization - HITB 2007, Kuala LumpurInsider Threat Visualization - HITB 2007, Kuala Lumpur
Insider Threat Visualization - HITB 2007, Kuala Lumpur
 
2016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v12016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v1
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
 
Automating Analysis and Exploitation of Embedded Device Firmware
Automating Analysis and Exploitation of Embedded Device FirmwareAutomating Analysis and Exploitation of Embedded Device Firmware
Automating Analysis and Exploitation of Embedded Device Firmware
 

Destacado

Trabalho 2 - exemplo
Trabalho 2 - exemploTrabalho 2 - exemplo
Trabalho 2 - exemploguestd4970df
 
Digital marketing, Automated Trading & Real Time Bidding
Digital marketing, Automated Trading & Real Time BiddingDigital marketing, Automated Trading & Real Time Bidding
Digital marketing, Automated Trading & Real Time BiddingNikki de Kok
 

Destacado (6)

Conjunto N
Conjunto NConjunto N
Conjunto N
 
Slc Wcoff Ad !
Slc Wcoff Ad !Slc Wcoff Ad !
Slc Wcoff Ad !
 
Conjunto N
Conjunto NConjunto N
Conjunto N
 
Test
TestTest
Test
 
Trabalho 2 - exemplo
Trabalho 2 - exemploTrabalho 2 - exemplo
Trabalho 2 - exemplo
 
Digital marketing, Automated Trading & Real Time Bidding
Digital marketing, Automated Trading & Real Time BiddingDigital marketing, Automated Trading & Real Time Bidding
Digital marketing, Automated Trading & Real Time Bidding
 

Similar a Making PenTesting Sexy and Effective

Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
Useful Shareware for Technical Communicators - STC New England Interchange co...
Useful Shareware for Technical Communicators - STC New England Interchange co...Useful Shareware for Technical Communicators - STC New England Interchange co...
Useful Shareware for Technical Communicators - STC New England Interchange co...Ed Marshall
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...Jon Papp
 

Similar a Making PenTesting Sexy and Effective (20)

Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Metasploit
MetasploitMetasploit
Metasploit
 
Useful Shareware for Technical Communicators - STC New England Interchange co...
Useful Shareware for Technical Communicators - STC New England Interchange co...Useful Shareware for Technical Communicators - STC New England Interchange co...
Useful Shareware for Technical Communicators - STC New England Interchange co...
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
 

Más de BSidesQuebec2013

Simplified security code review - BSidesQuebec2013
Simplified security code review - BSidesQuebec2013Simplified security code review - BSidesQuebec2013
Simplified security code review - BSidesQuebec2013BSidesQuebec2013
 
L'information personnelle numérique - BSidesQuebec2013
L'information personnelle numérique - BSidesQuebec2013L'information personnelle numérique - BSidesQuebec2013
L'information personnelle numérique - BSidesQuebec2013BSidesQuebec2013
 
Investigating at the speed of compromise - BSidesQuebec2013
Investigating at the speed of compromise - BSidesQuebec2013Investigating at the speed of compromise - BSidesQuebec2013
Investigating at the speed of compromise - BSidesQuebec2013BSidesQuebec2013
 
How to VERISize v2 - BSidesQuebec2013
How to VERISize v2 - BSidesQuebec2013How to VERISize v2 - BSidesQuebec2013
How to VERISize v2 - BSidesQuebec2013BSidesQuebec2013
 

Más de BSidesQuebec2013 (6)

Simplified security code review - BSidesQuebec2013
Simplified security code review - BSidesQuebec2013Simplified security code review - BSidesQuebec2013
Simplified security code review - BSidesQuebec2013
 
L'information personnelle numérique - BSidesQuebec2013
L'information personnelle numérique - BSidesQuebec2013L'information personnelle numérique - BSidesQuebec2013
L'information personnelle numérique - BSidesQuebec2013
 
Investigating at the speed of compromise - BSidesQuebec2013
Investigating at the speed of compromise - BSidesQuebec2013Investigating at the speed of compromise - BSidesQuebec2013
Investigating at the speed of compromise - BSidesQuebec2013
 
How to VERISize v2 - BSidesQuebec2013
How to VERISize v2 - BSidesQuebec2013How to VERISize v2 - BSidesQuebec2013
How to VERISize v2 - BSidesQuebec2013
 
BSidesQuebec2013-ssl
BSidesQuebec2013-sslBSidesQuebec2013-ssl
BSidesQuebec2013-ssl
 
BSidesQuebec2013_fred
BSidesQuebec2013_fredBSidesQuebec2013_fred
BSidesQuebec2013_fred
 

Último

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Último (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Making PenTesting Sexy and Effective

  • 1. Making PenTesting Analysis Sexy! OSSAMS Adrien de Beaupré Intru-Shun.ca Inc. SANS Internet Storm Center Handler BsidesQuebec, 01 June 2013 ©2013 Intru-Shun.ca Inc.
  • 2. About me • • • • • • • 32+, 22+, 12+ years Contributor to OSSTMM 3 Contributor to Hacking Exposed, Linux 3rd Ed Contributor to SANS Incident Handling Guide Contributor to SANS 401 Security Essentials SANS Instructor 503, 504, 542, 560, 642, 660 ZAP, Nikto, Watcher and other OS projects 01/0/2012 ©2013 Intru-Shun.ca Inc. 2
  • 4. Definitions • Vulnerability - flaw or weakness in a system that can be exploited. • Security audit - assess the adequacy of controls and evaluate compliance. • Vulnerability assessment - description and analysis of vulnerabilities in a system. • Penetration testing - circumvent the security features of a system. ©2013 Intru-Shun.ca Inc. 4
  • 5. Penetration Testing • Requires methodology AND creativity. • Requires performing a vulnerability assessment correctly first. • Finding alternate means to access functionality or data. • Finding alternate functionality. • Should be goal oriented. • There is no such thing as cheating in a pentest. ©2013 Intru-Shun.ca Inc. 5
  • 6. Testing • Every test consists of a stimulus and response, and monitoring to verify the response, or lack thereof. • Testing consists of modules. • Each module has an input and an output. • You must monitor closely for responses. • Testing must be appropriate to the target. • Testing is of limited value if nothing is fixed. ©2013 Intru-Shun.ca Inc. 6
  • 7. Methodology • • • • • • • • Logistics and Planning Open Source Information Gathering Reconnaissance Identification / Enumeration Research Vulnerability Identification Validation / Exploitation Reporting ©2013 Intru-Shun.ca Inc. 7
  • 8. Open Source Info • Purpose: gathering information on the target organization, typically from the Internet. • Inputs: organization name, URL, IP addresses or ranges, industry or organization type. • Outputs: URLs, IP addresses or ranges, email addresses, ‘buzz’, technologies used, resumes, names, host names… • Data types: text, graphics, statistics… ©2013 Intru-Shun.ca Inc. 8
  • 9. Reconnaissance • Purpose: determine which systems are live and map the network/technology. • Inputs: URLs, IP addresses or ranges. • Outputs: Whois, DNS, IP addresses or host names of systems which are likely to be live… • Tools: Ping, Nmap, Ike-scan, Fierce Doman Scanner, traceroute, ICMP… • Data types: text files, XML files… ©2013 Intru-Shun.ca Inc. 9
  • 10. Identification / Enumeration • Purpose: enumerate the systems that are live, determine open ports, listening services, map applications, operating systems, and versions. • Inputs: systems known to be live/available. • Outputs: ports, services, OS, versions, patches. • Tools: Nmap, Amap, Ike-scan, Nessus… • Data types: text files, XML files… ©2013 Intru-Shun.ca Inc. 10
  • 11. Research Purpose: list all potential vulnerabilities. Inputs: technologies in use. Outputs: list of potential vulnerabilities. Tools: vulnerability databases, search engines… • Data types: text files, XML files, databases… • • • • ©2013 Intru-Shun.ca Inc. 11
  • 12. Vulnerability Identification • Purpose: identify known or unknown vulnerabilities in the identified technologies. • Inputs: IP addresses, ports, services, applications. • Outputs: listing of potential vulnerabilities. • Tools: scanners such as Nessus, NexPose, Burp, W3AF, ZAP… • Data types: text files, XML files, databases… ©2013 Intru-Shun.ca Inc. 12
  • 13. Validation / Exploitation • Purpose: assign a confidence value and validate potential vulnerabilities. Have FUN!! • Inputs: listing of all potential vulnerabilities. • Outputs: listing of validated vulnerabilities and confidence rating values. • Tools: penetration testing (Metasploit, Core Impact, Canvas…), manual validation, fuzzers… • Outputs: text files, graphics, XML files, database entries, databases... ©2013 Intru-Shun.ca Inc. 13
  • 14. Penetration! • Pillaging. • Identification of previously unknown vulnerabilities through fuzzing. • Post exploitation and pivoting. • The best hack is just logging in... • Tools: brain power • Outputs: text files, graphics, XML files, database entries, databases... BOOTY!!! ©2013 Intru-Shun.ca Inc. 14
  • 15. Reporting • Purpose: assign risk and priority ratings to confirmed vulnerabilities. • Inputs: list of validated vulnerabilities. • Outputs: analysis results. • Tools: people brain power. • Outputs: text files, database entries, documents... • Wordsmithing. ©2013 Intru-Shun.ca Inc. 15
  • 16. Why Automate? Laziness ☺. Consistent results over time. Allows for scheduling and trending. Streamlined and more efficient. Engineering a process that can be run and maintained by an operational group. • Allows the test team to concentrate on the areas that are not automated. • • • • • ©2013 Intru-Shun.ca Inc. 16
  • 17. Requirements • • • • • • • • • Process – follow consistent repeatable methodology. Scriptable – typically Linux CLI tools. Tool – result that can be parsed. Database – for correlation and reporting. Correlated – multiple sources of data. Analyzed – intelligent human analysis. Mitigation – how to respond, recommendations. Metrics – quantitative, measurable, trends. Severity – rating system. ©2013 Intru-Shun.ca Inc. 17
  • 18. Workflow • Methodology is broken down into modules. • Output from one is the input to the next. • Unfortunately most tools do not follow the methodology flow precisely, or may not allow for data extraction between modules. • Which means that either we must run each tool multiple times with different configurations, or different tools for each module. ©2013 Intru-Shun.ca Inc. 18
  • 19. Workflow Output from module > database import Database queries > inputs to next module Reporting module > ticketing Tickets > vulnerability management and mitigation • Close the loop back to the test team process • Re-test where necessary • • • • ©2013 Intru-Shun.ca Inc. 19
  • 20. Problem • Individual tools do not always follow a methodology and do not always allow for sufficiently granular control. • No one tool can perform all modules. • Methodology requires use of multiple tools. • Each tool may have a different output format or use a proprietary database. • Correlation and analysis can be time consuming. ©2013 Intru-Shun.ca Inc. 20
  • 21. What is Missing • Security Assessments collect a lot of data, but don’t always correlate the data. • To properly identify risk and threats, correlation of collected data is necessary. • Correlation between different tools is essential! • Marking false positives, adding manual findings, and annotating is also required. • Current systems – Extremely Expensive. ©2013 Intru-Shun.ca Inc. 21
  • 22. Solutions • Single unified and normalized database schema for all security assessment tools. • Obviously requires that such a schema exist! • Requires a parser for each tool we use. • This allows us to create an abstract layer between the tools and the common database, while still allowing us to enforce the methodology regardless of the tools used. ©2013 Intru-Shun.ca Inc. 22
  • 23. OSSAMS • Open Source Security Assessment Management System www.ossams.com • A framework for security assessors to correlate and analyze risk to information systems. • Streamlines the assessment reporting process. • A modular process that builds on past assessments. ©2013 Intru-Shun.ca Inc. 23
  • 24. Database Design • One of the key aspects of OSSAMS is the database design. • It is capable of having any number of tool outputs as an input. • Currently using MySQL on Linux with Python, PowerShell, or Perl scripts to parse outputs. • A front-end will be designed in addition to CLI. • It is flexible, extensible, and Open Source. ©2013 Intru-Shun.ca Inc. 24
  • 26. Tooloutput • For every tool there are outputs. An output file, typically an XML file, will describe what the tool has discovered from the target domain, subnet, system, host, or application). • Tooloutputnumber - Primary Key, autoincrement. Projectname, Projectid, Toolname, Filename, Filedate, Tooldate , Version, OSSAMSversion, Scanner , Inputtimestamp. ©2013 Intru-Shun.ca Inc. 26
  • 27. Configuration • For every TOOLOUTPUT it may contain configuration information about the tool. Its primary key is Configurationnumber, which is an auto-increment. • Configurationtype, Configurationoptionname, Configurationoptionvalue, Configurationnumber. ©2013 Intru-Shun.ca Inc. 27
  • 28. Domain • A grouping of systems, subnets, CIDR ranges, or non-contiguous but related IP addresses will be considered a domain. DNS and Sctive Directory domains fir here as well. Primary key is Domainnumber which is auto-increment. • Domainname, Domaintype, Domainnumber, Domainnotes, Domainaddresses. ©2013 Intru-Shun.ca Inc. 28
  • 29. Groups • A domain or a host may have none, one, or more user groups. Its primary key is Groupnumber, which is an auto-increment. • Groupproperty, Groupvalue, Groupname, Groupnumber, Groupnotes, Groupprivilege, Groupmembers. ©2013 Intru-Shun.ca Inc. 29
  • 30. Hosts • A toolout may describe none, one, or more hosts (computers or network devices). Its primary key is Hostnumber, which is an autoincrement. • Domainnumber, Hostproperty, Hostvalue, ipv4, ipv6, Hostname, Hostnumber, Hostptr, Whois, Recon, Reconreason, Hostcriticality, Macaddress, Macvendor, Hostnotes, Hostos, Osgen, Osfamily. ©2013 Intru-Shun.ca Inc. 30
  • 31. Users • A Domain, application, or a host may have none, one, or more users. Its primary key is Usernumber, which is an auto-increment. • Userproperty, Uservalue, Username, Usernumber, Domainnumber, Groupnumber, Hostnumber, Passwordhash, Password, Userprivilege, Usernotes. ©2013 Intru-Shun.ca Inc. 31
  • 32. Ports • A host may have none, one, or more ports open. This table contains information about ports (open, filtered, or closed). Its primary key is Portnumber, which is an autoincrement. • Protocol, Portnumber, Portstate, Reason, Portbanner, Portversion, Portname, Service, Method, Confidence, Portvalue. ©2013 Intru-Shun.ca Inc. 32
  • 33. Vulnerabilities • A host, port, or application may have none, one, or more vulnerabilities associated with it. Its primary key is Vulnerabilitynumber, which is an autoincrement. • Vulnerabilityid, Vulnerabilityseverity, Vulnerabilityrisk, Vulnerabilityconf, Falsepositive, Vulnerabilityname, Vulnerabilitydescription, Vulnerabilitysolution, Vulnerabilitydetails, Vulnerabilityextra, Vulnerabilityvalidation, Vulnerabilitynotes, Vulnerabilityattribute, Vulnerabilityvalue, Vulnerabilityuri, Httprequest, Httpresponse, Httpparam. ©2013 Intru-Shun.ca Inc. 33
  • 34. Refs • A vulnerability may have none, one, or more references associated with it. A reference can be a link to a web site, a database entry (such as SecurityFous bid, OSVDB, Secunia, CVE, CCE, CWE, …). • Vulnerabilitynumber, Referencenumber, Referencetype - Type reference (URI, OSVDB, CVE…), Referencevalue – Value of the reference. ©2013 Intru-Shun.ca Inc. 34
  • 35. Booty • Booty may have been taken from a Domain, User, Host, Application, or other assorted places the pentester finds stuff ☺ • Domainnumber, Hostnumber, Bootyproperty, Bootyvalue, Bootynumber, Bootynotes. ©2013 Intru-Shun.ca Inc. 35
  • 36. Scripts • Flow: – Scanning scripts – Import scripts – Query scripts – Analysis with brainpower – Iterative process – Reporting scripts ©2013 Intru-Shun.ca Inc. 36
  • 37. Parsing Scripts • • • • • • • • Main function Read configuration function Database access function Read a list of files Read a directory of files Parsing XML, HML, or text file function Insert function Return ©2013 Intru-Shun.ca Inc. 37
  • 38. Supported tools • Completed: – acunetix, burp, grendel, nessus, netsparker, nexpose community, nikto, nmap, ratproxy, retina community, skipfish, sslscan, w3af, wapiti, watcher, websecurify, zap. • Roadmap: – appscan, arachni, core impact, fierce, httprint, iss, languard, metasploit, ncircle, nexpose, n-stalker, ntospider, openvas, proxystrike, retina, saint, sandcat, webcruiser, webinspect, wsfuzzer… ©2013 Intru-Shun.ca Inc. 38
  • 39. Demo • A brief demo of the parsing script and database use. • Also briefly discuss the roadmap for OSSAMS: – – – – – – – – Finalize the database design and scripts. Reporting templates. Query database for module tool input. OSSTMM RAVs. OWASP. Other methodologies/frameworks. Work on tool data interchange format. Get more people involved!! ©2013 Intru-Shun.ca Inc. 39
  • 40. Code • Currently living at: handlers.dshield.org/adebeaupre/ossams-parser.tgz And www.ossams.com • Requires: – Python > 2.5; – Python-mysqldb; and – Lxml. ©2013 Intru-Shun.ca Inc. 40
  • 41. Conclusions • The key is not running the scanners, but analysis, methodology, correlation, documentation, and problem solving. • Organizations can automate security testing and reporting processes, particularly consultants and enterprises. • The key is analysis and database utilization. • These can be built using Free / Open Source Software tools and/or commercial offerings. • Should be done with proper planning, tools, methodology, processes, and expertise. ©2013 Intru-Shun.ca Inc. 41