SlideShare una empresa de Scribd logo

Vulnerability Ass... Penetrate What?

Jorge Orchilles
Jorge Orchilles

This is a high level introduction to vulnerability assessment and penetration testing given at Hacker Halted 2010.

Tecnología
1 de 25
Vulnerability Ass... Penetrate What? You are doing it wrong! Hacker Halted 2010
Jorge Orchilles is a South Florida Information Security Professional Information * field for over 8 years Security Analyst for Fortune 10 company (not speaking on their behalf, LinkedIn.com for more ;) Consultant by night - Orchilles Consulting BBA and MS in MIS - Florida International University Author - Microsoft Windows 7 Administrator’s Reference (Syngress) Certs - CEH, GCIH, CICP, CCDA, CSSDA, MCTS, MCP, Security+ Organizations - VP of SFISSA, OWASP, Hack Miami, InfraGard, MECTF
We will be discussing how to perform a vulnerability assessment (VA) or penetration test (PenTest) to provide the most value to the target business Audience Feedback Terminology Planning (scope) Testing Reporting
What does the audience know about VA and/or PenTesting and/or Ethical Hacking Does your company have a VA or PenTest policy or had an assessment performed against your organization? Internal or third-party testing? Have you ever performed a VA or PenTest? Internal or for another organization?
VA and/or PenTests are performed to bring business value Measure the organizations business risk What is the business trying to accomplish or get out of the test? Identify vulnerabilities Add realism to threats Test defenses (IDS, IPS, Firewall, AV, etc) Compliance :(
Terminology Vulnerability - a flaw or weakness in system security procedures, design, implementation, or internal controls that may be exploited Threat - any potential danger to information or an information system Attack - an effort by a threat agent to launch a threat by exploiting a vulnerability Risk - compromised of the factors of threats, vulnerabilities, and current value of assets
Vulnerability Assessments and Penetration Testing are different Vulnerability Assessment (VA)- process of identifying, quantifying, and prioritizing the vulnerabilities in a system Penetration Testing (PenTest)- simulating an actual attack. May not identify all vulnerabilities. Difference is in the scope (is exploitation allowed; how far can you go)
Defining the scope is critical What does the business want? External or Internal: External testing is more realistic of an external attacker Internal testing is more realistic to an insider threat or once an external attacker has breached the perimeter. Easier to identify vulnerabilities Type of testing: Black Box testing - no authentication White Box testing - authenticated testing Who will be notified? What systems will be tested? When may they be tested (green zones)? What systems may be exploited? Social Engineering allowed? Physical, Wireless, Web App, Network testing?
Attackers do not have these boundaries Attackers don’t have a scope or testing times Attackers don’t stop once they get root Attackers don’t have portions of the test removed from scope
Manage the VA or Pentest Sales Engineer - understands technical and business Project Manager Primary Tester Secondary Tester Specialized testers? Communication is key!
The kick off call is very important for everyone This is the conference that must occur before the testing begins It is mainly to confirm the scope A great time and opportunity for the testers to understand the business and processes (reason for the systems in the first place) Notify business where you will be attacking from (if in scope)
Different Methodologies Information System Security Assessment Framework (ISSAF) Open Source Security Testing Methodology Manual (OSSTM) Project Management Body of Knowledge Combination of these and some of your own
The testing process may vary depending on scope Step 1: Information Gathering Step 2: Scanning Step 3: Identify and Validate vulnerabilities Step 4: Exploitation, Post-Exploitation, and clean-up (Pen Testing) Step 5: Reporting
Information Gathering is VERY important Understand and learn the network Learn about your target Develop your attack for this specific target This will ensure the other steps don’t fail
Gathering Information is time consuming but worth it Google Hacking (Dorks) Social Networks Mailing Lists DNS (whois, host)
Scanning “One machine can do the work of fifty ordinary men. No machine can do the work of an extraordinary man.” – Elbert Hubbard Automated Scanning nmap - identify hosts, OS, services Nessus - based on nmap (Nmap NASL) and intel configure the scan Manual Testing Difference between you and others
Vulnerability Identification & Verification Go through the automated and manual scan output http://cve.mitre.org http://osvdb.org/ Must verify all identified vulnerabilities as they may be false positive
Exploitation Frameworks Metasploit Core Impact Immunity Canvas Manual http://www.exploit-db.com/ http://inj3ct0r.com/
OMG! I g0t r00t! So what? This brings no business value! Dig deeper - find: Intellectual property Future projections Confidential or Secret documents
Clean-up your mess! After exploitation and digging deeper, clean up your mess! Very important to document what you did. If this step fails we as an industry look bad!
The report is the most important to the business Who will get the report? SysAdmins get technical Management gets summary Spend time writing the report! Make sure it is understandable and brings value!
Most organizations and service providers are not doing it right Lack of talent and focus Many cheap providers of VA and PenTests Reason for testing = Compliance
How it should be done
Remediation & Retesting The report alone doesn’t bring value if the issues are not fixed. Assist the business in fixing. Provide recommendations to issues on the report. Retest once the business thinks they fixed the issue
Thank you Email: jorge@orchilles.com Blog: http://www.orchilles.com/ Twitter: jorgeorchilles

Recomendados

What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hydRama krishna
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by primePrime Infoserv
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing ServicesCyber 51 LLC
 

Recomendados

What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hydRama krishna
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by primePrime Infoserv
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing ServicesCyber 51 LLC
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing servicesAlisha Henderson
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overviewSupriya G
 
Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewSusan Rantall
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1Nutan Kumar Panda
 
Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodOpen Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodFalgun Rathod
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
SOC Duties and Training Needs
SOC Duties and Training NeedsSOC Duties and Training Needs
SOC Duties and Training NeedsAmin Asia
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and toolsVikram Khanna
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web ApplicationsNadia BENCHIKHA
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case studyAntonio Fontes
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskBeyondTrust
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testingshwetaupadhyay
 
Building a stronger culture through vulnerability chris olex - 2014
Building a stronger culture through vulnerability chris olex - 2014Building a stronger culture through vulnerability chris olex - 2014
Building a stronger culture through vulnerability chris olex - 2014Massachusetts Bay Organization Development Learning Group
 
Vulnerability and resilience in small states
Vulnerability and resilience in small statesVulnerability and resilience in small states
Vulnerability and resilience in small statesUniversity of West Indies
 

Más contenido relacionado

La actualidad más candente

Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing servicesAlisha Henderson
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overviewSupriya G
 
Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewSusan Rantall
 
Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodOpen Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodFalgun Rathod
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
SOC Duties and Training Needs
SOC Duties and Training NeedsSOC Duties and Training Needs
SOC Duties and Training NeedsAmin Asia
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and toolsVikram Khanna
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web ApplicationsNadia BENCHIKHA
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case studyAntonio Fontes
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskBeyondTrust
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testingshwetaupadhyay
 

La actualidad más candente (20)

Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing services
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
 
Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) Overview
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun RathodOpen Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
Open Source Security Testing Methodology Manual - OSSTMM by Falgun Rathod
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
SOC Duties and Training Needs
SOC Duties and Training NeedsSOC Duties and Training Needs
SOC Duties and Training Needs
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and tools
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web Applications
 
Rapid Threat Modeling : case study
Rapid Threat Modeling : case studyRapid Threat Modeling : case study
Rapid Threat Modeling : case study
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
 
Explore Security Testing
Explore Security TestingExplore Security Testing
Explore Security Testing
 

Destacado

Vulnerability and resilience in small states
Vulnerability and resilience in small statesVulnerability and resilience in small states
Vulnerability and resilience in small statesUniversity of West Indies
 
The Power of Vulnerability by Brene Brown (A Visual Summary)
The Power of Vulnerability by Brene Brown (A Visual Summary)The Power of Vulnerability by Brene Brown (A Visual Summary)
The Power of Vulnerability by Brene Brown (A Visual Summary)Sameer Mathur
 
Vulnerability and Resilience: Developing Metrics to Measure Sustainable Diets...
Vulnerability and Resilience: Developing Metrics to Measure Sustainable Diets...Vulnerability and Resilience: Developing Metrics to Measure Sustainable Diets...
Vulnerability and Resilience: Developing Metrics to Measure Sustainable Diets...Bioversity International
 
Connect with Your Vulnerability
Connect with Your VulnerabilityConnect with Your Vulnerability
Connect with Your VulnerabilityJeri Dube
 
The power of vulnerability by brene brown
The power of vulnerability by brene brownThe power of vulnerability by brene brown
The power of vulnerability by brene brown67 Golden Rules
 

Destacado (6)

Building a stronger culture through vulnerability chris olex - 2014
Building a stronger culture through vulnerability chris olex - 2014Building a stronger culture through vulnerability chris olex - 2014
Building a stronger culture through vulnerability chris olex - 2014
 
Vulnerability and resilience in small states
Vulnerability and resilience in small statesVulnerability and resilience in small states
Vulnerability and resilience in small states
 
The Power of Vulnerability by Brene Brown (A Visual Summary)
The Power of Vulnerability by Brene Brown (A Visual Summary)The Power of Vulnerability by Brene Brown (A Visual Summary)
The Power of Vulnerability by Brene Brown (A Visual Summary)
 
Vulnerability and Resilience: Developing Metrics to Measure Sustainable Diets...
Vulnerability and Resilience: Developing Metrics to Measure Sustainable Diets...Vulnerability and Resilience: Developing Metrics to Measure Sustainable Diets...
Vulnerability and Resilience: Developing Metrics to Measure Sustainable Diets...
 
Connect with Your Vulnerability
Connect with Your VulnerabilityConnect with Your Vulnerability
Connect with Your Vulnerability
 
The power of vulnerability by brene brown
The power of vulnerability by brene brownThe power of vulnerability by brene brown
The power of vulnerability by brene brown
 

Similar a Vulnerability Ass... Penetrate What?

pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdfRamya Nellutla
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesChris Nickerson
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals211 Check
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?Rapid7
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamenskamensm02
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration TestingBluechip Gulf IT Services
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA SensePost
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-SessionRyan Faircloth
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfElanusTechnologies
 

Similar a Vulnerability Ass... Penetrate What? (20)

pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing Guide
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA knowthyself : Internal IT Security in SA
knowthyself : Internal IT Security in SA
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
Regan, Keller, SF State Securing the vendor mr&ak
Regan, Keller, SF State Securing the vendor mr&akRegan, Keller, SF State Securing the vendor mr&ak
Regan, Keller, SF State Securing the vendor mr&ak
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
 
Information Security
Information SecurityInformation Security
Information Security
 

Más de Jorge Orchilles

SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzJorge Orchilles
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamerJorge Orchilles
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyJorge Orchilles
 
KringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive SecurityKringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive SecurityJorge Orchilles
 
C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020Jorge Orchilles
 
Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020Jorge Orchilles
 
External Threat Hunters are Red Teamers
External Threat Hunters are Red TeamersExternal Threat Hunters are Red Teamers
External Threat Hunters are Red TeamersJorge Orchilles
 
Evolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV ConferenceEvolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV ConferenceJorge Orchilles
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 
Evolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConEvolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConJorge Orchilles
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerJorge Orchilles
 
Blackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 MatrixBlackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 MatrixJorge Orchilles
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29Jorge Orchilles
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Jorge Orchilles
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 

Más de Jorge Orchilles (20)

SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim Schulz
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamer
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
 
KringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive SecurityKringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive Security
 
C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020
 
Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020
 
External Threat Hunters are Red Teamers
External Threat Hunters are Red TeamersExternal Threat Hunters are Red Teamers
External Threat Hunters are Red Teamers
 
Evolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV ConferenceEvolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV Conference
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
 
Evolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConEvolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootCon
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
 
Blackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 MatrixBlackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 Matrix
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
 
Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpCon
 

Último

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Último (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Vulnerability Ass... Penetrate What?

  • 1. Vulnerability Ass... Penetrate What? You are doing it wrong! Hacker Halted 2010
  • 2. Jorge Orchilles is a South Florida Information Security Professional Information * field for over 8 years Security Analyst for Fortune 10 company (not speaking on their behalf, LinkedIn.com for more ;) Consultant by night - Orchilles Consulting BBA and MS in MIS - Florida International University Author - Microsoft Windows 7 Administrator’s Reference (Syngress) Certs - CEH, GCIH, CICP, CCDA, CSSDA, MCTS, MCP, Security+ Organizations - VP of SFISSA, OWASP, Hack Miami, InfraGard, MECTF
  • 3. We will be discussing how to perform a vulnerability assessment (VA) or penetration test (PenTest) to provide the most value to the target business Audience Feedback Terminology Planning (scope) Testing Reporting
  • 4. What does the audience know about VA and/or PenTesting and/or Ethical Hacking Does your company have a VA or PenTest policy or had an assessment performed against your organization? Internal or third-party testing? Have you ever performed a VA or PenTest? Internal or for another organization?
  • 5. VA and/or PenTests are performed to bring business value Measure the organizations business risk What is the business trying to accomplish or get out of the test? Identify vulnerabilities Add realism to threats Test defenses (IDS, IPS, Firewall, AV, etc) Compliance :(
  • 6. Terminology Vulnerability - a flaw or weakness in system security procedures, design, implementation, or internal controls that may be exploited Threat - any potential danger to information or an information system Attack - an effort by a threat agent to launch a threat by exploiting a vulnerability Risk - compromised of the factors of threats, vulnerabilities, and current value of assets
  • 7. Vulnerability Assessments and Penetration Testing are different Vulnerability Assessment (VA)- process of identifying, quantifying, and prioritizing the vulnerabilities in a system Penetration Testing (PenTest)- simulating an actual attack. May not identify all vulnerabilities. Difference is in the scope (is exploitation allowed; how far can you go)
  • 8. Defining the scope is critical What does the business want? External or Internal: External testing is more realistic of an external attacker Internal testing is more realistic to an insider threat or once an external attacker has breached the perimeter. Easier to identify vulnerabilities Type of testing: Black Box testing - no authentication White Box testing - authenticated testing Who will be notified? What systems will be tested? When may they be tested (green zones)? What systems may be exploited? Social Engineering allowed? Physical, Wireless, Web App, Network testing?
  • 9. Attackers do not have these boundaries Attackers don’t have a scope or testing times Attackers don’t stop once they get root Attackers don’t have portions of the test removed from scope
  • 10. Manage the VA or Pentest Sales Engineer - understands technical and business Project Manager Primary Tester Secondary Tester Specialized testers? Communication is key!
  • 11. The kick off call is very important for everyone This is the conference that must occur before the testing begins It is mainly to confirm the scope A great time and opportunity for the testers to understand the business and processes (reason for the systems in the first place) Notify business where you will be attacking from (if in scope)
  • 12. Different Methodologies Information System Security Assessment Framework (ISSAF) Open Source Security Testing Methodology Manual (OSSTM) Project Management Body of Knowledge Combination of these and some of your own
  • 13. The testing process may vary depending on scope Step 1: Information Gathering Step 2: Scanning Step 3: Identify and Validate vulnerabilities Step 4: Exploitation, Post-Exploitation, and clean-up (Pen Testing) Step 5: Reporting
  • 14. Information Gathering is VERY important Understand and learn the network Learn about your target Develop your attack for this specific target This will ensure the other steps don’t fail
  • 15. Gathering Information is time consuming but worth it Google Hacking (Dorks) Social Networks Mailing Lists DNS (whois, host)
  • 16. Scanning “One machine can do the work of fifty ordinary men. No machine can do the work of an extraordinary man.” – Elbert Hubbard Automated Scanning nmap - identify hosts, OS, services Nessus - based on nmap (Nmap NASL) and intel configure the scan Manual Testing Difference between you and others
  • 17. Vulnerability Identification & Verification Go through the automated and manual scan output http://cve.mitre.org http://osvdb.org/ Must verify all identified vulnerabilities as they may be false positive
  • 18. Exploitation Frameworks Metasploit Core Impact Immunity Canvas Manual http://www.exploit-db.com/ http://inj3ct0r.com/
  • 19. OMG! I g0t r00t! So what? This brings no business value! Dig deeper - find: Intellectual property Future projections Confidential or Secret documents
  • 20. Clean-up your mess! After exploitation and digging deeper, clean up your mess! Very important to document what you did. If this step fails we as an industry look bad!
  • 21. The report is the most important to the business Who will get the report? SysAdmins get technical Management gets summary Spend time writing the report! Make sure it is understandable and brings value!
  • 22. Most organizations and service providers are not doing it right Lack of talent and focus Many cheap providers of VA and PenTests Reason for testing = Compliance
  • 23. How it should be done
  • 24. Remediation & Retesting The report alone doesn’t bring value if the issues are not fixed. Assist the business in fixing. Provide recommendations to issues on the report. Retest once the business thinks they fixed the issue
  • 25. Thank you Email: jorge@orchilles.com Blog: http://www.orchilles.com/ Twitter: jorgeorchilles

Notas del editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n