SlideShare una empresa de Scribd logo

Bsides Knoxville - APT2

Descargar como PPTX, PDF
A
Adam Compton

Bsides Knoxville - APT2

Internet
1 de 30
Automated PenTest Toolkit Adam Compton, Senior Security Consultant (absent) Austin Lane, Security Consultant
Who Am I? • Adam in 5 words: • Father 5 years • Husband 16 years • Hillbilly 39 years • Pentester 15+ years • Programmer 20+ years Automated Pentest Toolkit
Overview • Penetration testing often begins with a simple routine. Recon & Discovery Test Simple Services Test Default Creds Common Exploits Dump Creds/Info Pivot & Continue Automated Pentest Toolkit
Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. Automated Pentest Toolkit
Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. • Much of this routine can be automated. Automated Pentest Toolkit
Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. • Much of this routine can be automated. • So we wrote a tool to help with the automation. Automated Pentest Toolkit
Typical Pentest Routine • Run Nmap (or port scanner of choice) Automated Pentest Toolkit
Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... Automated Pentest Toolkit
Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... • Run Responder / Metasploit / CrackMapExec / … Automated Pentest Toolkit
Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... • Run Responder / Metasploit / CrackMapExec / … • … • Take over the DC/database/etc.. Automated Pentest Toolkit
If it is not broken… • Repeatability • Consistency • Can be tedious and slow • Manually parsing through data can be prone to error • Automation can help Automated Pentest Toolkit
Why Not Use <insert favorite scanner>? PROS • Plenty to choose from • Useful in specific scenarios • Some are OpenSource / cheap Automated Pentest Toolkit
Why Not Use <insert favorite scanner>? PROS • Plenty to choose from • Useful in specific scenarios • Some are OpenSource CONS • Can be fairly resource intensive • Can be expensive • How easy to add a new check/tool? Automated Pentest Toolkit
Automation via Scripting • Kali already has LOTS of popular tools and scripts • Automation methods: • Bash • Python (or scripting language of choice) • Metasploit RPC Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks • Modules can create new events Automated Pentest Toolkit
APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks • Modules can create new events • Runs until event queue is empty Automated Pentest Toolkit
How Does This Help? • Multi-threaded event queue is fast. • Simple to create new modules for nearly any tool/script. • Ready to go: • Get Kali (or your favorite distro & tools) • Clone the repo • Doesn’t have a module for your favorite tool? Then make it. Automated Pentest Toolkit
So, What Can It Do? • Identify services & operating systems • Screenshot web applications, X11, VNC, … • Analyze FTP and file shares • Brute force accounts • Run Metasploit modules • Compile hashes -> John the Ripper/HashCat • “ls /usr/share” – If it is listed here, a module can probably be made for it Automated Pentest Toolkit
Anatomy of a Module • Inherit from base module (typically ActionModule) • Has standard properties: • Name • Description • Requirements – Which tools need to be installed? • Trigger – Which event does this module listen for? • Safety Level – Scale of 1 – 5 (5 = safe, 1 = dangerous) • ”process()” is the primary method Automated Pentest Toolkit
Are There Limitations? • Tools need to be non-interactive Automated Pentest Toolkit
Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author Automated Pentest Toolkit
Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author • Brute force with caution • you might break some things • safety levels are your friend Automated Pentest Toolkit
Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author • Brute force with caution • you might break some things • safety levels are your friend • Nonstandard ports and service names may throw off modules Automated Pentest Toolkit
Demo Time Automated Pentest Toolkit
Development • Open source – Available on the Rapid7 Github account at https://www.github.com/MooseDojo/apt2 • Future plans • Import from more than just NMAP • Responder -> John the Ripper -> Hydra • Multiple Passes • Pretty Reports • ? Automated Pentest Toolkit
411 & Questions • Adam Compton • @tatanus • adam_compton@rapid7.com • adam.compton@gmail.com • https://www.github.com/MooseDojo/apt2 • QUESTIONS??? Automated Pentest Toolkit

Recomendados

DerbyCon - APT2
DerbyCon - APT2DerbyCon - APT2
DerbyCon - APT2Adam Compton
 
SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2Adam Compton
 
Testing sync engine
Testing sync engineTesting sync engine
Testing sync engineIlya Puchka
 
Training – Going Async
Training – Going AsyncTraining – Going Async
Training – Going AsyncBetclic Everest Group Tech Team
 
Practical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgPractical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgSam Bowne
 
Automation testing
Automation testingAutomation testing
Automation testingkamilkaide
 
Oscp - Journey
Oscp - JourneyOscp - Journey
Oscp - JourneyVandana Verma
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Igalia
 

Recomendados

DerbyCon - APT2
DerbyCon - APT2DerbyCon - APT2
DerbyCon - APT2Adam Compton
 
SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2Adam Compton
 
Testing sync engine
Testing sync engineTesting sync engine
Testing sync engineIlya Puchka
 
Training – Going Async
Training – Going AsyncTraining – Going Async
Training – Going AsyncBetclic Everest Group Tech Team
 
Practical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgPractical Malware Analysis: Ch 9: OllyDbg
Practical Malware Analysis: Ch 9: OllyDbgSam Bowne
 
Automation testing
Automation testingAutomation testing
Automation testingkamilkaide
 
Oscp - Journey
Oscp - JourneyOscp - Journey
Oscp - JourneyVandana Verma
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Property-based testing an open-source compiler, pflua (FOSDEM 2015)
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Igalia
 
Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblyPractical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblySam Bowne
 
Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...Danny Mulligan
 
CNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
CNIT 127 Ch 16: Fault Injection and 17: The Art of FuzzingCNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
CNIT 127 Ch 16: Fault Injection and 17: The Art of FuzzingSam Bowne
 
CNIT 126 8: Debugging
CNIT 126 8: DebuggingCNIT 126 8: Debugging
CNIT 126 8: DebuggingSam Bowne
 
Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer AdaCore
 
Tech Days 2015: CodePeer - Introduction and Examples of Use
Tech Days 2015: CodePeer - Introduction and Examples of Use Tech Days 2015: CodePeer - Introduction and Examples of Use
Tech Days 2015: CodePeer - Introduction and Examples of Use AdaCore
 
CNIT 126 13: Data Encoding
CNIT 126 13: Data EncodingCNIT 126 13: Data Encoding
CNIT 126 13: Data EncodingSam Bowne
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Sam Bowne
 
Can you TDD Rails?
Can you TDD Rails?Can you TDD Rails?
Can you TDD Rails?Andrzej Krzywda
 
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Daniel Czerwonk
 
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Sam Bowne
 
CNIT 126 7: Analyzing Malicious Windows Programs
CNIT 126 7: Analyzing Malicious Windows ProgramsCNIT 126 7: Analyzing Malicious Windows Programs
CNIT 126 7: Analyzing Malicious Windows ProgramsSam Bowne
 
Systematic Unit Testing
Systematic Unit TestingSystematic Unit Testing
Systematic Unit Testingscotchfield
 
Scala Bay Meetup - The state of Scala code style and quality
Scala Bay Meetup - The state of Scala code style and qualityScala Bay Meetup - The state of Scala code style and quality
Scala Bay Meetup - The state of Scala code style and qualityJaime Jorge
 
Introduction ,characteristics, properties,pseudo code conventions
Introduction ,characteristics, properties,pseudo code conventionsIntroduction ,characteristics, properties,pseudo code conventions
Introduction ,characteristics, properties,pseudo code conventionsswapnac12
 
CNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgCNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgSam Bowne
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisPrashant Gupta
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still funpyschedelicsupernova
 
Speed geeking-lotusscript
Speed geeking-lotusscriptSpeed geeking-lotusscript
Speed geeking-lotusscriptBill Buchan
 
CNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware LaunchingCNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware LaunchingSam Bowne
 
Jose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release PipelineJose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release PipelineJose Luis Soria
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 

Más contenido relacionado

La actualidad más candente

Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblyPractical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblySam Bowne
 
Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...Danny Mulligan
 
CNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
CNIT 127 Ch 16: Fault Injection and 17: The Art of FuzzingCNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
CNIT 127 Ch 16: Fault Injection and 17: The Art of FuzzingSam Bowne
 
CNIT 126 8: Debugging
CNIT 126 8: DebuggingCNIT 126 8: Debugging
CNIT 126 8: DebuggingSam Bowne
 
Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer AdaCore
 
Tech Days 2015: CodePeer - Introduction and Examples of Use
Tech Days 2015: CodePeer - Introduction and Examples of Use Tech Days 2015: CodePeer - Introduction and Examples of Use
Tech Days 2015: CodePeer - Introduction and Examples of Use AdaCore
 
CNIT 126 13: Data Encoding
CNIT 126 13: Data EncodingCNIT 126 13: Data Encoding
CNIT 126 13: Data EncodingSam Bowne
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Sam Bowne
 
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Daniel Czerwonk
 
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Sam Bowne
 
CNIT 126 7: Analyzing Malicious Windows Programs
CNIT 126 7: Analyzing Malicious Windows ProgramsCNIT 126 7: Analyzing Malicious Windows Programs
CNIT 126 7: Analyzing Malicious Windows ProgramsSam Bowne
 
Systematic Unit Testing
Systematic Unit TestingSystematic Unit Testing
Systematic Unit Testingscotchfield
 
Scala Bay Meetup - The state of Scala code style and quality
Scala Bay Meetup - The state of Scala code style and qualityScala Bay Meetup - The state of Scala code style and quality
Scala Bay Meetup - The state of Scala code style and qualityJaime Jorge
 
Introduction ,characteristics, properties,pseudo code conventions
Introduction ,characteristics, properties,pseudo code conventionsIntroduction ,characteristics, properties,pseudo code conventions
Introduction ,characteristics, properties,pseudo code conventionsswapnac12
 
CNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgCNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgSam Bowne
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisPrashant Gupta
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still funpyschedelicsupernova
 
Speed geeking-lotusscript
Speed geeking-lotusscriptSpeed geeking-lotusscript
Speed geeking-lotusscriptBill Buchan
 
CNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware LaunchingCNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware LaunchingSam Bowne
 

La actualidad más candente (20)

Practical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-DisassemblyPractical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-Disassembly
 
Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...Austin Python Learners Meetup - Everything you need to know about programming...
Austin Python Learners Meetup - Everything you need to know about programming...
 
CNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
CNIT 127 Ch 16: Fault Injection and 17: The Art of FuzzingCNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
CNIT 127 Ch 16: Fault Injection and 17: The Art of Fuzzing
 
CNIT 126 8: Debugging
CNIT 126 8: DebuggingCNIT 126 8: Debugging
CNIT 126 8: Debugging
 
Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer
 
Tech Days 2015: CodePeer - Introduction and Examples of Use
Tech Days 2015: CodePeer - Introduction and Examples of Use Tech Days 2015: CodePeer - Introduction and Examples of Use
Tech Days 2015: CodePeer - Introduction and Examples of Use
 
CNIT 126 13: Data Encoding
CNIT 126 13: Data EncodingCNIT 126 13: Data Encoding
CNIT 126 13: Data Encoding
 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging
 
Can you TDD Rails?
Can you TDD Rails?Can you TDD Rails?
Can you TDD Rails?
 
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
Open source tools for optimizing your peering infrastructure @ DE-CIX TechMee...
 
Practical Malware Analysis Ch13
Practical Malware Analysis Ch13Practical Malware Analysis Ch13
Practical Malware Analysis Ch13
 
CNIT 126 7: Analyzing Malicious Windows Programs
CNIT 126 7: Analyzing Malicious Windows ProgramsCNIT 126 7: Analyzing Malicious Windows Programs
CNIT 126 7: Analyzing Malicious Windows Programs
 
Systematic Unit Testing
Systematic Unit TestingSystematic Unit Testing
Systematic Unit Testing
 
Scala Bay Meetup - The state of Scala code style and quality
Scala Bay Meetup - The state of Scala code style and qualityScala Bay Meetup - The state of Scala code style and quality
Scala Bay Meetup - The state of Scala code style and quality
 
Introduction ,characteristics, properties,pseudo code conventions
Introduction ,characteristics, properties,pseudo code conventionsIntroduction ,characteristics, properties,pseudo code conventions
Introduction ,characteristics, properties,pseudo code conventions
 
CNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgCNIT 126 9: OllyDbg
CNIT 126 9: OllyDbg
 
Sonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysisSonar Tool - JAVA code analysis
Sonar Tool - JAVA code analysis
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still fun
 
Speed geeking-lotusscript
Speed geeking-lotusscriptSpeed geeking-lotusscript
Speed geeking-lotusscript
 
CNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware LaunchingCNIT 126 12: Covert Malware Launching
CNIT 126 12: Covert Malware Launching
 

Similar a Bsides Knoxville - APT2

Jose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release PipelineJose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release PipelineJose Luis Soria
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeNishant Das Patnaik
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleJohn Bambenek
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Real time system_performance_mon
Real time system_performance_monReal time system_performance_mon
Real time system_performance_monTomas Doran
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingNetSPI
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...SegInfo
 
Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Sanjay Willie
 
5 Steps on the Way to Continuous Delivery
5 Steps on the Way to Continuous Delivery5 Steps on the Way to Continuous Delivery
5 Steps on the Way to Continuous DeliveryXebiaLabs
 
Why Software Test Performance Matters
Why Software Test Performance MattersWhy Software Test Performance Matters
Why Software Test Performance MattersSolano Labs
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment isc2-hellenic
 
Performance tuning Grails applications
Performance tuning Grails applicationsPerformance tuning Grails applications
Performance tuning Grails applicationsLari Hotari
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinMatt Tesauro
 

Similar a Bsides Knoxville - APT2 (20)

Jose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release PipelineJose Luis Soria - XP2014 - Designing a Release Pipeline
Jose Luis Soria - XP2014 - Designing a Release Pipeline
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
 
JavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrimeJavaScript Static Security Analysis made easy with JSPrime
JavaScript Static Security Analysis made easy with JSPrime
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
 
Real time system_performance_mon
Real time system_performance_monReal time system_performance_mon
Real time system_performance_mon
 
Fuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox TestingFuzzing and You: Automating Whitebox Testing
Fuzzing and You: Automating Whitebox Testing
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
Redundant devops
Redundant devopsRedundant devops
Redundant devops
 
Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...Functionality, security and performance monitoring of web assets (e.g. Joomla...
Functionality, security and performance monitoring of web assets (e.g. Joomla...
 
5 Steps on the Way to Continuous Delivery
5 Steps on the Way to Continuous Delivery5 Steps on the Way to Continuous Delivery
5 Steps on the Way to Continuous Delivery
 
Why Software Test Performance Matters
Why Software Test Performance MattersWhy Software Test Performance Matters
Why Software Test Performance Matters
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
 
Learning to code
Learning to codeLearning to code
Learning to code
 
Performance tuning Grails applications
Performance tuning Grails applicationsPerformance tuning Grails applications
Performance tuning Grails applications
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
 

Más de Adam Compton

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a PentesterAdam Compton
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVAdam Compton
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatAdam Compton
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest FailsAdam Compton
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest FailsAdam Compton
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsAdam Compton
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFailsAdam Compton
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsAdam Compton
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFailsAdam Compton
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsAdam Compton
 

Más de Adam Compton (13)

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a Pentester
 
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWVA HillyBilly's Guide to Staying Anonymous Online - SecureWV
A HillyBilly's Guide to Staying Anonymous Online - SecureWV
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White Meat
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest Fails
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFails
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFails
 
HackCon - SPF
HackCon - SPFHackCon - SPF
HackCon - SPF
 
DerbyCon - Legion
DerbyCon - LegionDerbyCon - Legion
DerbyCon - Legion
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFails
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINT
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFails
 

Último

PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 

Último (20)

PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 

Bsides Knoxville - APT2

  • 1. Automated PenTest Toolkit Adam Compton, Senior Security Consultant (absent) Austin Lane, Security Consultant
  • 2. Who Am I? • Adam in 5 words: • Father 5 years • Husband 16 years • Hillbilly 39 years • Pentester 15+ years • Programmer 20+ years Automated Pentest Toolkit
  • 3. Overview • Penetration testing often begins with a simple routine. Recon & Discovery Test Simple Services Test Default Creds Common Exploits Dump Creds/Info Pivot & Continue Automated Pentest Toolkit
  • 4. Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. Automated Pentest Toolkit
  • 5. Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. • Much of this routine can be automated. Automated Pentest Toolkit
  • 6. Overview • Penetration testing often begins with a simple routine. • This routine can be slow on large networks. • Much of this routine can be automated. • So we wrote a tool to help with the automation. Automated Pentest Toolkit
  • 7. Typical Pentest Routine • Run Nmap (or port scanner of choice) Automated Pentest Toolkit
  • 8. Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... Automated Pentest Toolkit
  • 9. Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... • Run Responder / Metasploit / CrackMapExec / … Automated Pentest Toolkit
  • 10. Typical Pentest Routine • Run Nmap (or port scanner of choice) • Review ports and services • Port 21 -> test for anonymous FTP • Port 80 -> identify web service and check for flaws/default creds • Port 445 -> enum users/shares, ms08-067?, … • ... • Run Responder / Metasploit / CrackMapExec / … • … • Take over the DC/database/etc.. Automated Pentest Toolkit
  • 11. If it is not broken… • Repeatability • Consistency • Can be tedious and slow • Manually parsing through data can be prone to error • Automation can help Automated Pentest Toolkit
  • 12. Why Not Use <insert favorite scanner>? PROS • Plenty to choose from • Useful in specific scenarios • Some are OpenSource / cheap Automated Pentest Toolkit
  • 13. Why Not Use <insert favorite scanner>? PROS • Plenty to choose from • Useful in specific scenarios • Some are OpenSource CONS • Can be fairly resource intensive • Can be expensive • How easy to add a new check/tool? Automated Pentest Toolkit
  • 14. Automation via Scripting • Kali already has LOTS of popular tools and scripts • Automation methods: • Bash • Python (or scripting language of choice) • Metasploit RPC Automated Pentest Toolkit
  • 15. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase Automated Pentest Toolkit
  • 16. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output Automated Pentest Toolkit
  • 17. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services Automated Pentest Toolkit
  • 18. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks Automated Pentest Toolkit
  • 19. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks • Modules can create new events Automated Pentest Toolkit
  • 20. APT2 – Automate the standard stuff • APT2 is a framework • Modules • Event queue • KnowledgeBase • Run Nmap and parse output • Create events based on ports/services • Modules respond to events to perform specific tasks • Modules can create new events • Runs until event queue is empty Automated Pentest Toolkit
  • 21. How Does This Help? • Multi-threaded event queue is fast. • Simple to create new modules for nearly any tool/script. • Ready to go: • Get Kali (or your favorite distro & tools) • Clone the repo • Doesn’t have a module for your favorite tool? Then make it. Automated Pentest Toolkit
  • 22. So, What Can It Do? • Identify services & operating systems • Screenshot web applications, X11, VNC, … • Analyze FTP and file shares • Brute force accounts • Run Metasploit modules • Compile hashes -> John the Ripper/HashCat • “ls /usr/share” – If it is listed here, a module can probably be made for it Automated Pentest Toolkit
  • 23. Anatomy of a Module • Inherit from base module (typically ActionModule) • Has standard properties: • Name • Description • Requirements – Which tools need to be installed? • Trigger – Which event does this module listen for? • Safety Level – Scale of 1 – 5 (5 = safe, 1 = dangerous) • ”process()” is the primary method Automated Pentest Toolkit
  • 24. Are There Limitations? • Tools need to be non-interactive Automated Pentest Toolkit
  • 25. Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author Automated Pentest Toolkit
  • 26. Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author • Brute force with caution • you might break some things • safety levels are your friend Automated Pentest Toolkit
  • 27. Are There Limitations? • Tools need to be non-interactive • Multi-threading is tricky • lot of traffic fast • modules can have limits defined, depend on the author • Brute force with caution • you might break some things • safety levels are your friend • Nonstandard ports and service names may throw off modules Automated Pentest Toolkit
  • 29. Development • Open source – Available on the Rapid7 Github account at https://www.github.com/MooseDojo/apt2 • Future plans • Import from more than just NMAP • Responder -> John the Ripper -> Hydra • Multiple Passes • Pretty Reports • ? Automated Pentest Toolkit
  • 30. 411 & Questions • Adam Compton • @tatanus • adam_compton@rapid7.com • adam.compton@gmail.com • https://www.github.com/MooseDojo/apt2 • QUESTIONS??? Automated Pentest Toolkit