SlideShare a Scribd company logo

WTF is Penetration Testing v.2

Download as PPTX, PDF
Scott Sutherland
Scott Sutherland

This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world. Additional resources can be found in the blog below: https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers More security blogs by the authors can be found @ https://www.netspi.com/blog/

Technology
1 of 54
WTF is Penetration Testing v.2
Who are we? Eric Gruber @egru http://github.com/egru http://github.com/netspi http://netspi.com/blog Karl Fosaaen @kfosaaen http://github.com/kfosaaen http://slideshare.com/kfosaaen Scott Sutherland @_nullbind http://github.com/nullbind http://slideshare.com/nullbind
Demo Common Escalation Paths: • Enumerate live systems and open ports with nmap • Brute force database account with SQLPingv3 • Get a shell on the database server with the mssql_payload Metasploit module • Dump domain admin passwords in clear text with mimikatz • Log into high value database to access data • Log into domain controller to find and access everything else
Overview • • • • • • • • • What is a penetration test? Why do companies pay for them? Types of penetration testing What are the rules of engagement? Who does penetration testing? What skills do they have? What tools do they use? Penetration testing as a Career Questions
What is a Penetration Test?
What is Penetration Testing? Our Definition: “The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities usually from the perspective of an unprivileged or anonymous user to determine potential real world impacts…” “…legally and under contract”
What is Penetration Testing? In short…
What is Penetration Testing? …we try to break into stuff before the bad guys do
Why do companies buy Penetration Tests?
Why do companies buy pentests? • Meet compliance requirements • Evaluate risks associated with an acquisition or partnership • Validate preventative controls • Validate detective controls • Prioritize internal security initiatives • Proactively prevent breaches
Why do Companies Pen Test?
Why do Companies Pen Test?
What types of Penetration Tests are there?
Hats and Boxes?
Types of Penetration Testers Black Hat Independent research and exploitation with no collaboration with vendor. Gray Hat Independent research and exploitation with some collaboration with vendor. White Hat Collaborative research, assessment, and exploitation with vendor.
Types of Penetration Tests Black Box Zero knowledge of target. Gray Box User knowledge of target. Sometimes as an anonymous user. White Box Administrative or development knowledge of target.
Types of Penetration Tests Information Black Box Gray Box White Box Network Ranges x x IP Addresses x x Domains x x Network Documentation x x Application Documentation x x API Documentation x x Application Credentials x Database Credentials x Server Credentials x
Types of Penetration Tests • Technical Control Layer ‒ Network ‒ Application (mobile, web, desktop etc) ‒ Server ‒ Wireless ‒ Embedded Device • Physical Control Layer ‒Client specific site ‒Data centers • Administrative Control Layer ‒Email phishing ‒Phone and onsite social engineering
What are the Rules of Engagement?
Rules of Engagement • • • • • • • • • Hack Responsibly! Written permission Clear communication Stay in scope No Denial-of-Service Don’t change major state Restore state Use native technologies Stay off disk
Are there any Penetration Testing methodologies?
Common Approach • • • • • • • • • Kickoff: Scope, test windows, risks, contacts Information Gathering Vulnerability Enumeration Penetration Escalation Evidence Gathering Clean up Report Creation Report Delivery and Review
Common Approach: Standards Methodologies • Ptes • OSSTM • ISSAF • NIST • OWASP Certifications • SANS • OSCP • CREST
Penetration Test vs. Vulnerability Assessment
Assessment VS. Penetration What can both an assessment or pentest answer? • • • • • What are my system layer vulnerabilities? Where are my system layer vulnerabilities? Will we know if we are being scanned? How do I fix my vulnerabilities? Are we fixing things over time?
Assessment VS. Penetration What else can a pentest answer? • What vulnerabilities represent the most risk? • What are my high impact system, network, and application layer issues? • Can an attacker gain unauthorized access to critical infrastructure, application functionality, and sensitive data • Can attackers bypass multiple layers of detective and preventative controls? • Can attackers pivot between environments? • Are procedures being enforced
Who conducts Penetration Testing?
Who Conducts Penetration Testing? People that can pass a background check
Who Conducts Penetration Testing? • Internal Employees ‒ Security analysts ‒ Security consultants • Third Parties ‒ Audit Firms ‒ Value-Added Reseller (VAR) ‒ Manage Services ‒ Software as a Service (SaaS) ‒ Software Vendors ‒ Security Consultants
What skills are required?
What Skills are Needed? • • • • Non Technical Basic Technical Offensive Defensive
Non Technical Skillsets • Written and Verbal Communications ‒ Emails/phone calls ‒ Report development ‒ Small and large group presentations • Professionalism ‒ Respecting others, setting, and meeting expectations
Non Technical Skillsets • Troubleshooting Mindset ‒ Never give up, never surrender! ‒ Where there is a will, there is a way • Ethics ‒ Don’t do bad things ‒ Pros (career) vs. Cons (jail) ‒ Hack responsibly
Basic Technical Skillsets • • • • • Windows Desktop Administration Windows Domain Administration Linux and Unix Administration Network Infrastructure Administration Application Development ‒ Scripting (Ruby, Python, PHP, Bash, PS, Batch) ‒ Managed languages (.Net, Java, Davlik) ‒ Unmanaged languages (C, C++)
Offensive and Defensive Knowledge • System enumeration and service fingerprinting • Linux system exploitation and escalation • Windows system exploitation and escalation • Network system exploitation and escalation • Protocol exploitation • Web application exploitation • Reverse engineering • Anti-virus Evasion • Social engineering techniques
What are some of the common tools?
Common Tools There are hundreds of “hacker” tools. Generally, you need to have enough knowledge to know what tool or tool(s) is right for the task at hand…. …and if one doesn’t exist, then create it.
Common Tools That being said…
Common Tools Knowledge > Tools = Train your brain! Understand the core technologies Understand basic offensive techniques Understand basic defensive techniques
Common Tools: Info Gathering Find online resources owned by target including: • Subsidiaries (companies) • Systems (live IP addresses) • Services • Domains • Web applications • Email addresses Tool Examples: • Public registries: IP, DNS, SEC Filings, etc. • Nmap • Recon-ng • Google • BackTrack / Kali tool sets (many discovery tools)
Common Tools: Identify Vulnerabilities Find vulnerabilities: • Missing patches • Weak configurations ‒ system, application, network • Application issues Tool Examples: • Patches/Configurations: OpenVAS, Nessus, NeXpose, Qualys, IP360 etc • Applications: Burp, Zap, w3af, Nikto, DirBuster, SQLMap, Web Inspect, Appscan etc
Common Tools: Penetration Common penetration methods: • Buffer overflows • Default and weak passwords • SQL Injection • Insecure Protocols Tool Examples: • Patches: Metasploit, Canvas, Core Impact • Configurations: Native tools, Responder, Metasploit, Yersinia, Cain, Loki, Medusa • Applications: SQLMap, Metasploit, Burp, Zap etc
Common Tools: Privilege Escalation Exploit trust relationships to access to everything! Tool Examples: • Local Exploits & Weak Configurations ‒ Metasploit, Core Impact, Canvas, ‒ exploit-db.com • Password Hash Cracking ‒ John the ripper, Hashcat, Rainbow Tables • Pass-the-Hash ‒ Metasploit, PTH toolkits, WCE • Token stealing ‒ Metasploit and Incognito • Credential dumping ‒ Mimikatz, LSA Secrets, Credential Manager, groups.xml, unattend.xml etc
Common Tools Tools output a TON of data!
How do people manage all that data?
Common Pentest CMS Options Managing penetration test data: • Storing files in organized folders • Writing reports from word/excel templates • Storing information in databases and XML • Open source CMS projects • Commercial CMS products • Examples: ‒ Dradis ‒ Threadfix ‒ CorrelatedVM ‒ Risk IO
Penetration Testing as a Career?
Pen Testing as a Career: How to Start • Read and learn! – There is no “end” • Tap into the community! • Research and development ‒ Contribute to/start open source projects ‒ Present research at conferences • Training and Certifications ‒ Community: DC612, OWASP, Conferences, etc ‒ Professional ($): SANS, OffSec, CISSP, CREST, etc • Volunteer • Internships
Pen Testing as a Career: Common Paths • Internal Paths ‒ Help Desk ‒ IT Support ‒ IT Admin ‒ Security Analyst ‒ IRP Team ‒ Senior Security Analyst ‒ Internal Consultant ‒ CISO • Security Consulting Paths ‒ Internship ‒ Consultant ‒ Senior Consultant ‒ Principal Consultant ‒ Team Lead ‒ Director Corporate employees tend to stay corporate. Security consultants often end up in malware research and exploit development.
What we covered… • • • • • • • • • What is a penetration test? Why do companies pay for them? Types of penetration testing What are the rules of engagement? Who does penetration testing? What skills do they have? What tools do they use? Penetration testing as a Career Questions
Questions, comments, curses?
BE SAFE and HACK RESPONSIBLY

Recommended

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 

Recommended

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 

More Related Content

What's hot

Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 

What's hot (20)

Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
 
Application Security
Application SecurityApplication Security
Application Security
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
 

Viewers also liked

NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?amiable_indian
 
Tipos de Pentest
Tipos de PentestTipos de Pentest
Tipos de PentestRafael Seg
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: ResilienceEd Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: ResilienceEd Batista
 
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...Mundo Contact
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticasyomito_2
 
Importancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaImportancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaMeztli Valeriano Orozco
 
Pruebas de penetración
Pruebas de penetraciónPruebas de penetración
Pruebas de penetraciónDavid Thomas
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomHardway Hou
 
Desmitificando el pentest share
Desmitificando el pentest shareDesmitificando el pentest share
Desmitificando el pentest shareny4nyi
 

Viewers also liked (19)

NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?Vulnerability Scanning or Penetration Testing?
Vulnerability Scanning or Penetration Testing?
 
Tipos de Pentest
Tipos de PentestTipos de Pentest
Tipos de Pentest
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: ResilienceEd Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
Ed Batista, The Art of Self-Coaching @StanfordBiz, Class 5: Resilience
 
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
Contact Centers en Nube y Nubes de Contact Centers: Las 6 As (Any network, An...
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas18646089 tipos-y-clases-de-auditorias-informaticas
18646089 tipos-y-clases-de-auditorias-informaticas
 
Importancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad InformáticaImportancia de la Auditoria en Seguridad Informática
Importancia de la Auditoria en Seguridad Informática
 
Ciberseguridad en empresas
Ciberseguridad en empresasCiberseguridad en empresas
Ciberseguridad en empresas
 
Pruebas de penetración
Pruebas de penetraciónPruebas de penetración
Pruebas de penetración
 
Penetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostomPenetration testing the cloud - vlad gostom
Penetration testing the cloud - vlad gostom
 
Desmitificando el pentest share
Desmitificando el pentest shareDesmitificando el pentest share
Desmitificando el pentest share
 

Similar to WTF is Penetration Testing v.2

The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfgcara4
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementAndrew McNicol
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
Httpillage lascon-2015
Httpillage lascon-2015Httpillage lascon-2015
Httpillage lascon-2015forcedrequest
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDaveEdwards12
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment isc2-hellenic
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoConferencias FIST
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingAndrew McNicol
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 

Similar to WTF is Penetration Testing v.2 (20)

The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdf
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Httpillage lascon-2015
Httpillage lascon-2015Httpillage lascon-2015
Httpillage lascon-2015
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
 
Analisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario MaliciosoAnalisis Estatico y de Comportamiento de un Binario Malicioso
Analisis Estatico y de Comportamiento de un Binario Malicioso
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
SOHOpelessly Broken
SOHOpelessly BrokenSOHOpelessly Broken
SOHOpelessly Broken
 
Becoming a better pen tester overview
Becoming a better pen tester overviewBecoming a better pen tester overview
Becoming a better pen tester overview
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 

More from Scott Sutherland

Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)Scott Sutherland
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsScott Sutherland
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQLScott Sutherland
 
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationPowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationScott Sutherland
 
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerSecure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerScott Sutherland
 
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL ServerScott Sutherland
 
Beyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerBeyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerScott Sutherland
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShellScott Sutherland
 
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial EmulationScott Sutherland
 
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)Scott Sutherland
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellDerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015Scott Sutherland
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)Scott Sutherland
 
Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Scott Sutherland
 
Secure360 - Extracting Password from Windows
Secure360 - Extracting Password from WindowsSecure360 - Extracting Password from Windows
Secure360 - Extracting Password from WindowsScott Sutherland
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360Scott Sutherland
 

More from Scott Sutherland (20)

Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsTROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL
 
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationPowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
 
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerSecure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
 
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
 
Beyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL ServerBeyond xp_cmdshell: Owning the Empire through SQL Server
Beyond xp_cmdshell: Owning the Empire through SQL Server
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell2017 Secure360 - Hacking SQL Server on Scale with PowerShell
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
 
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
 
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
 
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellDerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)
 
Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!
 
Secure360 - Extracting Password from Windows
Secure360 - Extracting Password from WindowsSecure360 - Extracting Password from Windows
Secure360 - Extracting Password from Windows
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 

Recently uploaded

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

WTF is Penetration Testing v.2

  • 1. WTF is Penetration Testing v.2
  • 2. Who are we? Eric Gruber @egru http://github.com/egru http://github.com/netspi http://netspi.com/blog Karl Fosaaen @kfosaaen http://github.com/kfosaaen http://slideshare.com/kfosaaen Scott Sutherland @_nullbind http://github.com/nullbind http://slideshare.com/nullbind
  • 3. Demo Common Escalation Paths: • Enumerate live systems and open ports with nmap • Brute force database account with SQLPingv3 • Get a shell on the database server with the mssql_payload Metasploit module • Dump domain admin passwords in clear text with mimikatz • Log into high value database to access data • Log into domain controller to find and access everything else
  • 4. Overview • • • • • • • • • What is a penetration test? Why do companies pay for them? Types of penetration testing What are the rules of engagement? Who does penetration testing? What skills do they have? What tools do they use? Penetration testing as a Career Questions
  • 5. What is a Penetration Test?
  • 6. What is Penetration Testing? Our Definition: “The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities usually from the perspective of an unprivileged or anonymous user to determine potential real world impacts…” “…legally and under contract”
  • 7. What is Penetration Testing? In short…
  • 8. What is Penetration Testing? …we try to break into stuff before the bad guys do
  • 9. Why do companies buy Penetration Tests?
  • 10. Why do companies buy pentests? • Meet compliance requirements • Evaluate risks associated with an acquisition or partnership • Validate preventative controls • Validate detective controls • Prioritize internal security initiatives • Proactively prevent breaches
  • 11. Why do Companies Pen Test?
  • 12. Why do Companies Pen Test?
  • 13.
  • 14.
  • 15. What types of Penetration Tests are there?
  • 17. Types of Penetration Testers Black Hat Independent research and exploitation with no collaboration with vendor. Gray Hat Independent research and exploitation with some collaboration with vendor. White Hat Collaborative research, assessment, and exploitation with vendor.
  • 18. Types of Penetration Tests Black Box Zero knowledge of target. Gray Box User knowledge of target. Sometimes as an anonymous user. White Box Administrative or development knowledge of target.
  • 19. Types of Penetration Tests Information Black Box Gray Box White Box Network Ranges x x IP Addresses x x Domains x x Network Documentation x x Application Documentation x x API Documentation x x Application Credentials x Database Credentials x Server Credentials x
  • 20. Types of Penetration Tests • Technical Control Layer ‒ Network ‒ Application (mobile, web, desktop etc) ‒ Server ‒ Wireless ‒ Embedded Device • Physical Control Layer ‒Client specific site ‒Data centers • Administrative Control Layer ‒Email phishing ‒Phone and onsite social engineering
  • 21. What are the Rules of Engagement?
  • 22. Rules of Engagement • • • • • • • • • Hack Responsibly! Written permission Clear communication Stay in scope No Denial-of-Service Don’t change major state Restore state Use native technologies Stay off disk
  • 23. Are there any Penetration Testing methodologies?
  • 24. Common Approach • • • • • • • • • Kickoff: Scope, test windows, risks, contacts Information Gathering Vulnerability Enumeration Penetration Escalation Evidence Gathering Clean up Report Creation Report Delivery and Review
  • 25. Common Approach: Standards Methodologies • Ptes • OSSTM • ISSAF • NIST • OWASP Certifications • SANS • OSCP • CREST
  • 27. Assessment VS. Penetration What can both an assessment or pentest answer? • • • • • What are my system layer vulnerabilities? Where are my system layer vulnerabilities? Will we know if we are being scanned? How do I fix my vulnerabilities? Are we fixing things over time?
  • 28. Assessment VS. Penetration What else can a pentest answer? • What vulnerabilities represent the most risk? • What are my high impact system, network, and application layer issues? • Can an attacker gain unauthorized access to critical infrastructure, application functionality, and sensitive data • Can attackers bypass multiple layers of detective and preventative controls? • Can attackers pivot between environments? • Are procedures being enforced
  • 30. Who Conducts Penetration Testing? People that can pass a background check
  • 31. Who Conducts Penetration Testing? • Internal Employees ‒ Security analysts ‒ Security consultants • Third Parties ‒ Audit Firms ‒ Value-Added Reseller (VAR) ‒ Manage Services ‒ Software as a Service (SaaS) ‒ Software Vendors ‒ Security Consultants
  • 32. What skills are required?
  • 33. What Skills are Needed? • • • • Non Technical Basic Technical Offensive Defensive
  • 34. Non Technical Skillsets • Written and Verbal Communications ‒ Emails/phone calls ‒ Report development ‒ Small and large group presentations • Professionalism ‒ Respecting others, setting, and meeting expectations
  • 35. Non Technical Skillsets • Troubleshooting Mindset ‒ Never give up, never surrender! ‒ Where there is a will, there is a way • Ethics ‒ Don’t do bad things ‒ Pros (career) vs. Cons (jail) ‒ Hack responsibly
  • 36. Basic Technical Skillsets • • • • • Windows Desktop Administration Windows Domain Administration Linux and Unix Administration Network Infrastructure Administration Application Development ‒ Scripting (Ruby, Python, PHP, Bash, PS, Batch) ‒ Managed languages (.Net, Java, Davlik) ‒ Unmanaged languages (C, C++)
  • 37. Offensive and Defensive Knowledge • System enumeration and service fingerprinting • Linux system exploitation and escalation • Windows system exploitation and escalation • Network system exploitation and escalation • Protocol exploitation • Web application exploitation • Reverse engineering • Anti-virus Evasion • Social engineering techniques
  • 38. What are some of the common tools?
  • 39. Common Tools There are hundreds of “hacker” tools. Generally, you need to have enough knowledge to know what tool or tool(s) is right for the task at hand…. …and if one doesn’t exist, then create it.
  • 41. Common Tools Knowledge > Tools = Train your brain! Understand the core technologies Understand basic offensive techniques Understand basic defensive techniques
  • 42. Common Tools: Info Gathering Find online resources owned by target including: • Subsidiaries (companies) • Systems (live IP addresses) • Services • Domains • Web applications • Email addresses Tool Examples: • Public registries: IP, DNS, SEC Filings, etc. • Nmap • Recon-ng • Google • BackTrack / Kali tool sets (many discovery tools)
  • 43. Common Tools: Identify Vulnerabilities Find vulnerabilities: • Missing patches • Weak configurations ‒ system, application, network • Application issues Tool Examples: • Patches/Configurations: OpenVAS, Nessus, NeXpose, Qualys, IP360 etc • Applications: Burp, Zap, w3af, Nikto, DirBuster, SQLMap, Web Inspect, Appscan etc
  • 44. Common Tools: Penetration Common penetration methods: • Buffer overflows • Default and weak passwords • SQL Injection • Insecure Protocols Tool Examples: • Patches: Metasploit, Canvas, Core Impact • Configurations: Native tools, Responder, Metasploit, Yersinia, Cain, Loki, Medusa • Applications: SQLMap, Metasploit, Burp, Zap etc
  • 45. Common Tools: Privilege Escalation Exploit trust relationships to access to everything! Tool Examples: • Local Exploits & Weak Configurations ‒ Metasploit, Core Impact, Canvas, ‒ exploit-db.com • Password Hash Cracking ‒ John the ripper, Hashcat, Rainbow Tables • Pass-the-Hash ‒ Metasploit, PTH toolkits, WCE • Token stealing ‒ Metasploit and Incognito • Credential dumping ‒ Mimikatz, LSA Secrets, Credential Manager, groups.xml, unattend.xml etc
  • 46. Common Tools Tools output a TON of data!
  • 47. How do people manage all that data?
  • 48. Common Pentest CMS Options Managing penetration test data: • Storing files in organized folders • Writing reports from word/excel templates • Storing information in databases and XML • Open source CMS projects • Commercial CMS products • Examples: ‒ Dradis ‒ Threadfix ‒ CorrelatedVM ‒ Risk IO
  • 50. Pen Testing as a Career: How to Start • Read and learn! – There is no “end” • Tap into the community! • Research and development ‒ Contribute to/start open source projects ‒ Present research at conferences • Training and Certifications ‒ Community: DC612, OWASP, Conferences, etc ‒ Professional ($): SANS, OffSec, CISSP, CREST, etc • Volunteer • Internships
  • 51. Pen Testing as a Career: Common Paths • Internal Paths ‒ Help Desk ‒ IT Support ‒ IT Admin ‒ Security Analyst ‒ IRP Team ‒ Senior Security Analyst ‒ Internal Consultant ‒ CISO • Security Consulting Paths ‒ Internship ‒ Consultant ‒ Senior Consultant ‒ Principal Consultant ‒ Team Lead ‒ Director Corporate employees tend to stay corporate. Security consultants often end up in malware research and exploit development.
  • 52. What we covered… • • • • • • • • • What is a penetration test? Why do companies pay for them? Types of penetration testing What are the rules of engagement? Who does penetration testing? What skills do they have? What tools do they use? Penetration testing as a Career Questions
  • 54. BE SAFE and HACK RESPONSIBLY

Editor's Notes

  1. Internal - wears many other hats or is a consultant on internal “Plan, build, deploy” teams – also help to maintain compliance status and deal with actual breaches when no response team existsExternal – brought because they don’t have the skillset on staff or a third party is required for legal, regulatory, or political reasonsNote: Touch briefly on crowd source of exploit development and the difference.Audit = often sold at loss as part of larger projects – example include deloit, larsonallen, and Value-Added Reseller – often part of goal to sell software, hardware, or applianceManaged services - Deploy appliances managed by third partySaas - Provide services through online application such as white hat, or qualysSoftware Vendors - Hp web inspect, cigitial with blah, rapid7 with metasploit, core with core impact – they makes, sell and use the product during the pentestSecurity consultants – focus just on services – often in advisory role
  2. Internal - wears many other hats or is a consultant on internal “Plan, build, deploy” teams – also help to maintain compliance status and deal with actual breaches when no response team existsExternal – brought because they don’t have the skillset on staff or a third party is required for legal, regulatory, or political reasonsNote: Touch briefly on crowd source of exploit development and the difference.Audit = often sold at loss as part of larger projects – example include deloit, larsonallen, and Value-Added Reseller – often part of goal to sell software, hardware, or applianceManaged services - Deploy appliances managed by third partySaas - Provide services through online application such as white hat, or qualysSoftware Vendors - Hp web inspect, cigitial with blah, rapid7 with metasploit, core with core impact – they makes, sell and use the product during the pentestSecurity consultants – focus just on services – often in advisory role
  3. Internal - wears many other hats or is a consultant on internal “Plan, build, deploy” teamsExternal – brought because they don’t have the skillset on staff or a third party is required for legal, regulatory, or political reasons
  4. Note: full blown reverse engineering using debugging techniques is often more of the focus of and malware analyst or exploit development. However, there is a cross over in toolsets.
  5. Note: full blown reverse engineering using debugging techniques is often more of the focus of and malware analyst or exploit development. However, there is a cross over in toolsets.
  6. Note: full blown reverse engineering using debugging techniques is often more of the focus of and malware analyst or exploit development. However, there is a cross over in toolsets.