SlideShare a Scribd company logo

Ccsit cyberlympics 2017 workshop 3 - presentation

Nasir Bhutta
Nasir Bhutta

Hands On practice for Hacking a Linux Machine

Technology
1 of 32
Download to read offline
Muhammad Nasir Mumtaz Bhutta College of Computer Science and Information Systems King Faisal University, Saudi Arabia Email: mmbhutta@kfu.edu.sa, Tel: +966 – 13589-9207 Office: 2088, first floor, CCSIT Building www.kfu.edu.sa CCSIT Cyberlympics 2017 Infrastructure Penetration Testing - Hands On Training 28 March 2017
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Presentation Overview • Reconnaissance 45 Minutes • Vulnerability Analysis 45 Minutes • Threat Modeling 15 Minutes • Exploitation 45 Minutes • Post Exploitation 20 Minutes • Reporting 15 Minutes 2
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Overview of Infrastructure Hacking • Infrastructure Penetration Testing usually involves: – Gaining Access to the system or network Devices. • Steps Usually Involve: – Finding IP address(es) of machines to hack. – Finding information about users (Email Addresses or Usernames). – Finding out the running soft wares on the system. – Finding Vulnerabilities on the target system. – Deciding attack vectors and executing attacks. – Maintaining access to system by opening back doors after exploitation. – Reporting • List of Tools and Their Usage Guidelines – Many tools available on following website. Please learn more and more tools according to your interests. – http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines 3
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Experiment Lab Setup • Attacking Machine – Virtual Machine running Kali Linux. – Kali Linux is Linux distribution with lot of Penetration tools pre-configured. – Most stable and advanced Penetration Testing Linux Distribution. • Victim Machine – Virtual Machine running Metasploitable 2. – Metasploitable 2 is a Linux distribution pre-configured with lot of vulnerabilities to practice hacking. 4
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Important Things to Understand • Penetration testing does not always involve all steps: – Any part of the above described can be given as a hacking task to ethical hacker. For example, • Cracking a username and password. • Gaining Access via some service like FTP etc. • Please remember to try different approaches to each part. • Only one way: Try, Try and Try. – Learn advanced programming to advanced your hacking and attack launching capabilities. 5
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Reconnaissance (Intelligence Gathering) Penetration Testing Execution Phases 6
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering • Usually in this phase more and more information is gained about target organization. – We shall learn different techniques here. – But, our workshop focus is to find out: • IP address of our target machine. • Whether the target machine is alive or not. • We shall use already existing tools for this purpose. 7
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering - II • So you are given the name of company and assigned task to check the security of this company. – How will you progress further? • Try to gain public information as specified in OSINT. • So how let’s learn some techniques. – Remember to remain within scope. 8
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering – III • Finding URL of the company? – Usually provided by hiring company or – Search on internet. • How to find IP address of machine hosting the website? – Ping URL e.g. ping www.google.com • How to find IP address of main server of organization, owner name, technical contact, DNS server information? – Whois URL e.g. Whois kfu.edu.sa – Practice on syngress.com e.g. whois syngress.com • Prefer to practice on your local setup website. 9
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering – IV • Another way to translate hostname into IP address: – Host URL (host name) e.g. host syngress.com • Now you have IP address of main contact point (Public IP) of target organization. – What next? • Find out information IP addresses of internal networked machines and more information. How ? 10
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering – V • Domain Name Server (DNS) ? – Translates host names into IP addresses. – Contains information about organizations internal networks, hosts and their IP addresses. – Main target of malicious attackers, Why ? • What if DNS is compromised by attacker? • Will they be very powerful then? – Many commands exist for DNS (Please see Linux documentation to learn further). 11
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering – VI • How to find out Email server address from DNS? – Find email server address of syngress.com? • Play with Email server, learn commands to extract information from email server. – If you have passion, learn this.  • Our focus in this workshop is to find IP address of target machine and we know it already  (192.168.112.128). – NetDiscover can be used to find internal network hosts. (learn if you have passion ) 12
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning (Vulnerability Analysis) Penetration Testing Execution Phases 13
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – I • First of all check whether target host is alive. How ? – Ping IP Address e.g. ping 192.168.112.128 • If Alive, we can progress further for our task. • But here we first learn some tools in general for purpose of scanning. • Two activities to perform in Scanning: – Port Scanning – Vulnerability Scanning 14
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – II • Port ? – Port is location or address for services to run on the ports. – It can be understood as an entry point to the system. – As many ports, as many possible entry points to gain access to the system. • Port Scanning? – To find out active ports. – To find out services running on the target system. – How this information can be helpful? 15
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – III 16 Common Ports and their Corresponding Services
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – IV • Perform Port Scanning on our target machine to get status of ports. – Use Nmap tool to perform this task. • Nmap uses different techniques to perform port scanning. – Three Way Handshake – TCP Connect Scan – SYN Scan • Run nmap –sS –p- -Pn 192.168.112.128 • To know in detail about these and other scans like Xmas Scan, Null scan (passion ). 17
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – V • Nmap has scripting engine as well to add your own customized scripts. – Learn network programming (Passion  ). • Another approach is service scanning. – To find more detailed information about services. – Nmap –sV –p- -Pn 192.168.112.128 • Now you have list of ports, their status and running services. – What is next ? (Vulnerability Scanning) 18
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – VI • Vulnerability Scanning – What is Vulnerability? • Weakness in the system. • Weakness can exist in any thing e.g. software, protocol, algorithm, implementation etc. – These weaknesses are exploited by some attack to compromise the system. – Why we have found list of services? • To find out any weaknesses in those services. • It will help to gain access to system depending upon its functionality. 19
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – VII • What weaknesses are present in found services and How to find them? – Many companies maintain databases of found vulnerabilities. – They store vulnerabilities with reference to software and its version. – Many tools are developed to search these databases for specific softwares. • Nessus: Most advanced and frequently used tool to find vulnerabilities. – Not available by default in Kali Linux, have to install it. – Good guidelines available https://uwnthesis.wordpress.com/2013/07/31/kali-how-to-install-nessus-on-kali/ – My configured tool has : Username: nasir, Password; CCSIT 20
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – VIII • Scanning using Nessus to Find Vulnerabilities: – Run Nessus server first installed on kali Linux machine by command /etc/init.d/nessusd start – Now, access web interface in browser by typing https://127.0.0.1:8834 (you can specify remote server IP address or URL there as well). – Let’s do some practical to learn this tool and explore vulnerabilities for our target machine’s services. – No one can stop you to learn more details and more tools, if you have passion . 21
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa EXPLOITATION Penetration Testing Execution Phases 22
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Exploitation - I • Exploitation: – Executing the threat to attack the target system. – Process of gaining access to the target system. • Payload: software written to launch the selected attack. – Payload can help us to do any thing e.g. gaining access to system, installing software, installing backdoor etc. 23
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Exploitation - II • rLogin vulnerability is there. – Exploit it to gain access to machine as administrator. • Try rlogin –l root 192.168.112.128 • If command prompt changes, you have administrative access to remote machine. • Done, so simple. • Another vulnerability there is: – Telnet running VSFTPD – telnet 192.168.112.128 24
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Exploitation - III • Very important tools to learn: – Wireshark – Medusa – Metasploit (most important) – Password Crackers • John the Ripper • Learn more tools in details and learn different exploitation tricks, payloads, – Write your own scripts, payloads. 25
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa POST EXPLOITATION Penetration Testing Execution Phases 26
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Post Exploitation - I • Maintaining Access to Compromised Machine – You have gain access to this compromised Machine so maintain access. – Later on can get into this machine easily even if the attacked vulnerability is protected. – Install some backdoors to gain access later on. • Installing Backdoor – Use Netcat tool (a strong backdoor tool which can give file transfer facility and work as communication channel). – Netcat already available in most Linux distributions. 27
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Post Exploitation - II • Connect with Netcat – Gained access to metaspoitable 2, – Start netcat in listening mode in Metasploitable 2 • nc –l –p 2500 – Now to demonstrate from Kali Linux, connect using netcat: • Nc IP address port no • Terminal screen goes blank, it means connected. • Type text and enter to show on other side. • No permanent connection can be made with this free version. Have to purchase licence of netcat. 28
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Post Exploitation – II • Transfer virus to compromised machine using netcat ? – Nc –l –p 2200 > virus.exe – From attacking machine, send the file to Metasploitable 2, • Nc 192.168.112.128 2200 < virus.exe • Learn more details about netcat ( if have passion). • Learn more tools if have passion e.g cryptcat, Rootkits. 29
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa REPORTING Penetration Testing Execution Phases 30
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Reporting • Write a Detailed Report on: – Your approach – Your findings – Raw output of process done – Vulnerabilities found and exploited – Proposed solutions to protect against these vulnerabilities. 31
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa32 Thanks for listening ! »Questions ?

Recommended

Introduction to Ethical Hacking
Introduction to Ethical Hacking Introduction to Ethical Hacking
Introduction to Ethical Hacking Nasir Bhutta
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Mohammed Adam
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 

Recommended

Introduction to Ethical Hacking
Introduction to Ethical Hacking Introduction to Ethical Hacking
Introduction to Ethical Hacking Nasir Bhutta
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Mohammed Adam
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot EssentialsAnton Chuvakin
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
3Com 992264-01
3Com 992264-013Com 992264-01
3Com 992264-01savomir
 
Haciendo Universidad no. 57
Haciendo Universidad no. 57 Haciendo Universidad no. 57
Haciendo Universidad no. 57 Universidad Católica Santa María la Antigua
 

More Related Content

What's hot

Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554TISA
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 

What's hot (20)

Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 

Viewers also liked

3Com 992264-01
3Com 992264-013Com 992264-01
3Com 992264-01savomir
 
Be&amp;gg,irsan sugiarto,prof. dr. ir. hapzi ali, mm, cma,good governance di ...
Be&amp;gg,irsan sugiarto,prof. dr. ir. hapzi ali, mm, cma,good governance di ...Be&amp;gg,irsan sugiarto,prof. dr. ir. hapzi ali, mm, cma,good governance di ...
Be&amp;gg,irsan sugiarto,prof. dr. ir. hapzi ali, mm, cma,good governance di ...Irsan Sugiarto
 
Manual zk access3.5 (1)
Manual zk access3.5 (1)Manual zk access3.5 (1)
Manual zk access3.5 (1)JAV_999
 
Krijgsmacht als medehandhaver van openbare orde en veiligheid - Artikel
Krijgsmacht als medehandhaver van openbare orde en veiligheid - ArtikelKrijgsmacht als medehandhaver van openbare orde en veiligheid - Artikel
Krijgsmacht als medehandhaver van openbare orde en veiligheid - ArtikelBart Litjens
 
Two Weeks in Paris 1981
Two Weeks in Paris 1981Two Weeks in Paris 1981
Two Weeks in Paris 1981Steve Garfield
 
Geracoes y e_z_divulgacao
Geracoes y e_z_divulgacaoGeracoes y e_z_divulgacao
Geracoes y e_z_divulgacaoSOMOSMAISQUE1
 
поради батькам щодо безпечного використання інтернету їхніми дітьми
поради батькам щодо безпечного використання інтернету їхніми дітьмипоради батькам щодо безпечного використання інтернету їхніми дітьми
поради батькам щодо безпечного використання інтернету їхніми дітьмиСергей Чабан
 
Alternative education
Alternative educationAlternative education
Alternative educationFiona Beals
 
Урок-семінар "Україна на шляху державотворення у 1917 році"
Урок-семінар "Україна на шляху державотворення у 1917 році" Урок-семінар "Україна на шляху державотворення у 1917 році"
Урок-семінар "Україна на шляху державотворення у 1917 році" Alexander Kostyuk
 
Estudio comparativo de la transmisión de la presión ejercida por la tuberosid...
Estudio comparativo de la transmisión de la presión ejercida por la tuberosid...Estudio comparativo de la transmisión de la presión ejercida por la tuberosid...
Estudio comparativo de la transmisión de la presión ejercida por la tuberosid...GNEAUPP.
 
SharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective CollaborationSharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective CollaborationScienceSoft
 
Time Table Management system
Time Table Management systemTime Table Management system
Time Table Management systemShaswat Lovee
 
4 2 trig functions
4 2 trig functions4 2 trig functions
4 2 trig functionsLomasPreCalc
 
Chapitre 4: V. L'illusion ego-corps
Chapitre 4: V. L'illusion ego-corpsChapitre 4: V. L'illusion ego-corps
Chapitre 4: V. L'illusion ego-corpsPierrot Caron
 

Viewers also liked (20)

3Com 992264-01
3Com 992264-013Com 992264-01
3Com 992264-01
 
Haciendo Universidad no. 57
Haciendo Universidad no. 57 Haciendo Universidad no. 57
Haciendo Universidad no. 57
 
Be&amp;gg,irsan sugiarto,prof. dr. ir. hapzi ali, mm, cma,good governance di ...
Be&amp;gg,irsan sugiarto,prof. dr. ir. hapzi ali, mm, cma,good governance di ...Be&amp;gg,irsan sugiarto,prof. dr. ir. hapzi ali, mm, cma,good governance di ...
Be&amp;gg,irsan sugiarto,prof. dr. ir. hapzi ali, mm, cma,good governance di ...
 
Manual zk access3.5 (1)
Manual zk access3.5 (1)Manual zk access3.5 (1)
Manual zk access3.5 (1)
 
Haciendo Universidad No. 58
Haciendo Universidad No. 58 Haciendo Universidad No. 58
Haciendo Universidad No. 58
 
Krijgsmacht als medehandhaver van openbare orde en veiligheid - Artikel
Krijgsmacht als medehandhaver van openbare orde en veiligheid - ArtikelKrijgsmacht als medehandhaver van openbare orde en veiligheid - Artikel
Krijgsmacht als medehandhaver van openbare orde en veiligheid - Artikel
 
Two Weeks in Paris 1981
Two Weeks in Paris 1981Two Weeks in Paris 1981
Two Weeks in Paris 1981
 
Geracoes y e_z_divulgacao
Geracoes y e_z_divulgacaoGeracoes y e_z_divulgacao
Geracoes y e_z_divulgacao
 
поради батькам щодо безпечного використання інтернету їхніми дітьми
поради батькам щодо безпечного використання інтернету їхніми дітьмипоради батькам щодо безпечного використання інтернету їхніми дітьми
поради батькам щодо безпечного використання інтернету їхніми дітьми
 
Teoría de necesidades psicosociales
Teoría de necesidades psicosocialesTeoría de necesidades psicosociales
Teoría de necesidades psicosociales
 
Alternative education
Alternative educationAlternative education
Alternative education
 
Урок-семінар "Україна на шляху державотворення у 1917 році"
Урок-семінар "Україна на шляху державотворення у 1917 році" Урок-семінар "Україна на шляху державотворення у 1917 році"
Урок-семінар "Україна на шляху державотворення у 1917 році"
 
Estudio comparativo de la transmisión de la presión ejercida por la tuberosid...
Estudio comparativo de la transmisión de la presión ejercida por la tuberosid...Estudio comparativo de la transmisión de la presión ejercida por la tuberosid...
Estudio comparativo de la transmisión de la presión ejercida por la tuberosid...
 
EMEA Airheads- ClearPass extensions and how they can help
EMEA Airheads- ClearPass extensions and how they can helpEMEA Airheads- ClearPass extensions and how they can help
EMEA Airheads- ClearPass extensions and how they can help
 
SharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective CollaborationSharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective Collaboration
 
Magnet and magnetism
Magnet and magnetismMagnet and magnetism
Magnet and magnetism
 
Java collections notes
Java collections notesJava collections notes
Java collections notes
 
Time Table Management system
Time Table Management systemTime Table Management system
Time Table Management system
 
4 2 trig functions
4 2 trig functions4 2 trig functions
4 2 trig functions
 
Chapitre 4: V. L'illusion ego-corps
Chapitre 4: V. L'illusion ego-corpsChapitre 4: V. L'illusion ego-corps
Chapitre 4: V. L'illusion ego-corps
 

Similar to Ccsit cyberlympics 2017 workshop 3 - presentation

INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration toolsJenishChauhan4
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis MPhil/MRes/BSc
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxBoston Institute of Analytics
 
Ethical hacking presentation.pptx
Ethical hacking presentation.pptxEthical hacking presentation.pptx
Ethical hacking presentation.pptxvineetrajput7902
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
Introduction to Offensive Security.pptx
Introduction to Offensive Security.pptxIntroduction to Offensive Security.pptx
Introduction to Offensive Security.pptxMaaitrayoDas
 

Similar to Ccsit cyberlympics 2017 workshop 3 - presentation (20)

INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration tools
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
ethical Hack
ethical Hackethical Hack
ethical Hack
 
Wm4
Wm4Wm4
Wm4
 
Wm4
Wm4Wm4
Wm4
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
Btpro-Penetration Testing Service
Btpro-Penetration Testing ServiceBtpro-Penetration Testing Service
Btpro-Penetration Testing Service
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
SOHOpelessly Broken
SOHOpelessly BrokenSOHOpelessly Broken
SOHOpelessly Broken
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
 
Metasploit
MetasploitMetasploit
Metasploit
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking presentation.pptx
Ethical hacking presentation.pptxEthical hacking presentation.pptx
Ethical hacking presentation.pptx
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
Introduction to Offensive Security.pptx
Introduction to Offensive Security.pptxIntroduction to Offensive Security.pptx
Introduction to Offensive Security.pptx
 

More from Nasir Bhutta

Blockchain for Interdisciplinary Research
Blockchain for Interdisciplinary ResearchBlockchain for Interdisciplinary Research
Blockchain for Interdisciplinary ResearchNasir Bhutta
 
Basics of Blockchain Technology
Basics of Blockchain TechnologyBasics of Blockchain Technology
Basics of Blockchain TechnologyNasir Bhutta
 
secure smart cities
secure smart cities secure smart cities
secure smart citiesNasir Bhutta
 
Different types of networks
Different types of networksDifferent types of networks
Different types of networksNasir Bhutta
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)Nasir Bhutta
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsNasir Bhutta
 
Cyber Security: Trends and Globar War
Cyber Security: Trends and Globar WarCyber Security: Trends and Globar War
Cyber Security: Trends and Globar WarNasir Bhutta
 
Introduction to Delay/Disruption Tolerant Networking and Applications
Introduction to Delay/Disruption Tolerant Networking and ApplicationsIntroduction to Delay/Disruption Tolerant Networking and Applications
Introduction to Delay/Disruption Tolerant Networking and ApplicationsNasir Bhutta
 
Cloud computing overview & current research
Cloud computing overview & current researchCloud computing overview & current research
Cloud computing overview & current researchNasir Bhutta
 

More from Nasir Bhutta (10)

Blockchain for Interdisciplinary Research
Blockchain for Interdisciplinary ResearchBlockchain for Interdisciplinary Research
Blockchain for Interdisciplinary Research
 
Basics of Blockchain Technology
Basics of Blockchain TechnologyBasics of Blockchain Technology
Basics of Blockchain Technology
 
secure smart cities
secure smart cities secure smart cities
secure smart cities
 
Different types of networks
Different types of networksDifferent types of networks
Different types of networks
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet Protocols
 
Cyber Security: Trends and Globar War
Cyber Security: Trends and Globar WarCyber Security: Trends and Globar War
Cyber Security: Trends and Globar War
 
Introduction to Delay/Disruption Tolerant Networking and Applications
Introduction to Delay/Disruption Tolerant Networking and ApplicationsIntroduction to Delay/Disruption Tolerant Networking and Applications
Introduction to Delay/Disruption Tolerant Networking and Applications
 
Cloud computing overview & current research
Cloud computing overview & current researchCloud computing overview & current research
Cloud computing overview & current research
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Ccsit cyberlympics 2017 workshop 3 - presentation

  • 1. Muhammad Nasir Mumtaz Bhutta College of Computer Science and Information Systems King Faisal University, Saudi Arabia Email: mmbhutta@kfu.edu.sa, Tel: +966 – 13589-9207 Office: 2088, first floor, CCSIT Building www.kfu.edu.sa CCSIT Cyberlympics 2017 Infrastructure Penetration Testing - Hands On Training 28 March 2017
  • 2. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Presentation Overview • Reconnaissance 45 Minutes • Vulnerability Analysis 45 Minutes • Threat Modeling 15 Minutes • Exploitation 45 Minutes • Post Exploitation 20 Minutes • Reporting 15 Minutes 2
  • 3. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Overview of Infrastructure Hacking • Infrastructure Penetration Testing usually involves: – Gaining Access to the system or network Devices. • Steps Usually Involve: – Finding IP address(es) of machines to hack. – Finding information about users (Email Addresses or Usernames). – Finding out the running soft wares on the system. – Finding Vulnerabilities on the target system. – Deciding attack vectors and executing attacks. – Maintaining access to system by opening back doors after exploitation. – Reporting • List of Tools and Their Usage Guidelines – Many tools available on following website. Please learn more and more tools according to your interests. – http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines 3
  • 4. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Experiment Lab Setup • Attacking Machine – Virtual Machine running Kali Linux. – Kali Linux is Linux distribution with lot of Penetration tools pre-configured. – Most stable and advanced Penetration Testing Linux Distribution. • Victim Machine – Virtual Machine running Metasploitable 2. – Metasploitable 2 is a Linux distribution pre-configured with lot of vulnerabilities to practice hacking. 4
  • 5. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Important Things to Understand • Penetration testing does not always involve all steps: – Any part of the above described can be given as a hacking task to ethical hacker. For example, • Cracking a username and password. • Gaining Access via some service like FTP etc. • Please remember to try different approaches to each part. • Only one way: Try, Try and Try. – Learn advanced programming to advanced your hacking and attack launching capabilities. 5
  • 6. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Reconnaissance (Intelligence Gathering) Penetration Testing Execution Phases 6
  • 7. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering • Usually in this phase more and more information is gained about target organization. – We shall learn different techniques here. – But, our workshop focus is to find out: • IP address of our target machine. • Whether the target machine is alive or not. • We shall use already existing tools for this purpose. 7
  • 8. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering - II • So you are given the name of company and assigned task to check the security of this company. – How will you progress further? • Try to gain public information as specified in OSINT. • So how let’s learn some techniques. – Remember to remain within scope. 8
  • 9. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering – III • Finding URL of the company? – Usually provided by hiring company or – Search on internet. • How to find IP address of machine hosting the website? – Ping URL e.g. ping www.google.com • How to find IP address of main server of organization, owner name, technical contact, DNS server information? – Whois URL e.g. Whois kfu.edu.sa – Practice on syngress.com e.g. whois syngress.com • Prefer to practice on your local setup website. 9
  • 10. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering – IV • Another way to translate hostname into IP address: – Host URL (host name) e.g. host syngress.com • Now you have IP address of main contact point (Public IP) of target organization. – What next? • Find out information IP addresses of internal networked machines and more information. How ? 10
  • 11. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering – V • Domain Name Server (DNS) ? – Translates host names into IP addresses. – Contains information about organizations internal networks, hosts and their IP addresses. – Main target of malicious attackers, Why ? • What if DNS is compromised by attacker? • Will they be very powerful then? – Many commands exist for DNS (Please see Linux documentation to learn further). 11
  • 12. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Information Gathering – VI • How to find out Email server address from DNS? – Find email server address of syngress.com? • Play with Email server, learn commands to extract information from email server. – If you have passion, learn this.  • Our focus in this workshop is to find IP address of target machine and we know it already  (192.168.112.128). – NetDiscover can be used to find internal network hosts. (learn if you have passion ) 12
  • 13. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning (Vulnerability Analysis) Penetration Testing Execution Phases 13
  • 14. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – I • First of all check whether target host is alive. How ? – Ping IP Address e.g. ping 192.168.112.128 • If Alive, we can progress further for our task. • But here we first learn some tools in general for purpose of scanning. • Two activities to perform in Scanning: – Port Scanning – Vulnerability Scanning 14
  • 15. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – II • Port ? – Port is location or address for services to run on the ports. – It can be understood as an entry point to the system. – As many ports, as many possible entry points to gain access to the system. • Port Scanning? – To find out active ports. – To find out services running on the target system. – How this information can be helpful? 15
  • 16. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – III 16 Common Ports and their Corresponding Services
  • 17. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – IV • Perform Port Scanning on our target machine to get status of ports. – Use Nmap tool to perform this task. • Nmap uses different techniques to perform port scanning. – Three Way Handshake – TCP Connect Scan – SYN Scan • Run nmap –sS –p- -Pn 192.168.112.128 • To know in detail about these and other scans like Xmas Scan, Null scan (passion ). 17
  • 18. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – V • Nmap has scripting engine as well to add your own customized scripts. – Learn network programming (Passion  ). • Another approach is service scanning. – To find more detailed information about services. – Nmap –sV –p- -Pn 192.168.112.128 • Now you have list of ports, their status and running services. – What is next ? (Vulnerability Scanning) 18
  • 19. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – VI • Vulnerability Scanning – What is Vulnerability? • Weakness in the system. • Weakness can exist in any thing e.g. software, protocol, algorithm, implementation etc. – These weaknesses are exploited by some attack to compromise the system. – Why we have found list of services? • To find out any weaknesses in those services. • It will help to gain access to system depending upon its functionality. 19
  • 20. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – VII • What weaknesses are present in found services and How to find them? – Many companies maintain databases of found vulnerabilities. – They store vulnerabilities with reference to software and its version. – Many tools are developed to search these databases for specific softwares. • Nessus: Most advanced and frequently used tool to find vulnerabilities. – Not available by default in Kali Linux, have to install it. – Good guidelines available https://uwnthesis.wordpress.com/2013/07/31/kali-how-to-install-nessus-on-kali/ – My configured tool has : Username: nasir, Password; CCSIT 20
  • 21. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Scanning – VIII • Scanning using Nessus to Find Vulnerabilities: – Run Nessus server first installed on kali Linux machine by command /etc/init.d/nessusd start – Now, access web interface in browser by typing https://127.0.0.1:8834 (you can specify remote server IP address or URL there as well). – Let’s do some practical to learn this tool and explore vulnerabilities for our target machine’s services. – No one can stop you to learn more details and more tools, if you have passion . 21
  • 22. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa EXPLOITATION Penetration Testing Execution Phases 22
  • 23. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Exploitation - I • Exploitation: – Executing the threat to attack the target system. – Process of gaining access to the target system. • Payload: software written to launch the selected attack. – Payload can help us to do any thing e.g. gaining access to system, installing software, installing backdoor etc. 23
  • 24. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Exploitation - II • rLogin vulnerability is there. – Exploit it to gain access to machine as administrator. • Try rlogin –l root 192.168.112.128 • If command prompt changes, you have administrative access to remote machine. • Done, so simple. • Another vulnerability there is: – Telnet running VSFTPD – telnet 192.168.112.128 24
  • 25. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Exploitation - III • Very important tools to learn: – Wireshark – Medusa – Metasploit (most important) – Password Crackers • John the Ripper • Learn more tools in details and learn different exploitation tricks, payloads, – Write your own scripts, payloads. 25
  • 26. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa POST EXPLOITATION Penetration Testing Execution Phases 26
  • 27. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Post Exploitation - I • Maintaining Access to Compromised Machine – You have gain access to this compromised Machine so maintain access. – Later on can get into this machine easily even if the attacked vulnerability is protected. – Install some backdoors to gain access later on. • Installing Backdoor – Use Netcat tool (a strong backdoor tool which can give file transfer facility and work as communication channel). – Netcat already available in most Linux distributions. 27
  • 28. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Post Exploitation - II • Connect with Netcat – Gained access to metaspoitable 2, – Start netcat in listening mode in Metasploitable 2 • nc –l –p 2500 – Now to demonstrate from Kali Linux, connect using netcat: • Nc IP address port no • Terminal screen goes blank, it means connected. • Type text and enter to show on other side. • No permanent connection can be made with this free version. Have to purchase licence of netcat. 28
  • 29. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Post Exploitation – II • Transfer virus to compromised machine using netcat ? – Nc –l –p 2200 > virus.exe – From attacking machine, send the file to Metasploitable 2, • Nc 192.168.112.128 2200 < virus.exe • Learn more details about netcat ( if have passion). • Learn more tools if have passion e.g cryptcat, Rootkits. 29
  • 30. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa REPORTING Penetration Testing Execution Phases 30
  • 31. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Reporting • Write a Detailed Report on: – Your approach – Your findings – Raw output of process done – Vulnerabilities found and exploited – Proposed solutions to protect against these vulnerabilities. 31
  • 32. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa32 Thanks for listening ! »Questions ?