Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Practical White Hat Hacker Training - Vulnerability Detection

804 views

Published on

This presentation part of Prisma CSI's Practical White Hat Hacker Training v1

PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com

This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.

Published in: Education
  • Login to see the comments

Practical White Hat Hacker Training - Vulnerability Detection

  1. 1. www.prismacsi.com © All Rights Reserved. 1 Practical White Hat Hacker Training #4 Vulnerability Detection This document may be quoted or shared, but cannot be modified or used for commercial purposes. For more information, visit https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.tr
  2. 2. www.prismacsi.com © All Rights Reserved. 2 Topics • What’s a vulnerability? • What are the sources of vulnerabilities? • Vulnerability Management Cycle • Automated Vulnerability Scanners • Vulnerability Databases • Frequently used tools • Applications
  3. 3. www.prismacsi.com © All Rights Reserved. 3 What is a Vulnerability? • Vulnerabilites are defined as conditions in an application, service or protocol, previously or recently discovered in research work, that give a cyber attacker the opportunity to execute any type of attack which may affect the normal operation of a system. • [Senaryo]
  4. 4. www.prismacsi.com © All Rights Reserved. 4 What are the sources of vulnerabilities? • Old versions/ out of date applications and services • Patch failures • Incorrect configurations • Secure software development process shortcomings • Insecure Network Architecture Designs • Insider, unintentional actions
  5. 5. www.prismacsi.com © All Rights Reserved. 5 Vulnerability Management Cycle
  6. 6. www.prismacsi.com © All Rights Reserved. 6 Vulnerability Scanners • Netsparker • Acunetix • Burpsuite • Appscan • Webinspect • W3af • Arachni • Nikto • Sqlmap • Nessus • Nexpose • OpenVAS • Qualys • Core Impact • Vega • Skipfish • Commix • nmap
  7. 7. www.prismacsi.com © All Rights Reserved. 7 What’s the point of Vulnerability Scanning? • Identify risks! • Manage risks! • Prevent possible cyber attacks! • The case of Wannacry! • Learn lessons from past cyber attack incidents!
  8. 8. www.prismacsi.com © All Rights Reserved. 8 Key Words • POLICY: It is the name given to special configurations done before performing a scan. For example the POLICY used in network scanning and the POLICY used in web application scanning are different. • PLUGIN: Small tools / scripts developed for security checks. • SCAN: The scanning process.
  9. 9. www.prismacsi.com © All Rights Reserved. 9 Vulnerability Databases • Vulnerability databases are storage points where discovered vulnerabilities are kept. • https://nvd.nist.gov/ • https://www.cvedetails.com/
  10. 10. www.prismacsi.com © All Rights Reserved. 10 Security Scanners • All In One logic • Better for discovering vulnerabilities on a network • More often used in controlling server/client based vulnerabilities • Compatibility, configuration vulnerability tests • Counters false positive events • Significantly shortens test time
  11. 11. www.prismacsi.com © All Rights Reserved. 11 OpenVAS Security Scanner - DEMO • Open-source vulnerability scanning tool. • Contains advanced features. • Can be used as an alternative to Nessus.
  12. 12. www.prismacsi.com © All Rights Reserved. 12 Nmap NSE - DEMO • Vulnerability scanning with Nmap Scripting Engine is possible. • Open source software. You can also contribute and develop modules on top of it. • Allows fast scanning. • Generally, all tests begin with nmap vulnerability scans.
  13. 13. www.prismacsi.com © All Rights Reserved. 13 Nessus - Demo • The most commonly used vulnerability scanning tool. • Return to Penetration testing and vulnerability scanning! • Licensed and Free versions are available. • You can also perform many security checks with the free version. • Includes options like Web, Network, SCADA Compatibility Scanning. • Often used in network scans.
  14. 14. www.prismacsi.com © All Rights Reserved. 14 Nessus - Demo • Starting a New Scan • Policy • Advanced Scan • Configurable • You can customize the scan and make advanced configurations.
  15. 15. www.prismacsi.com © All Rights Reserved. 15 Nessus - Demo • New Scan • Target Systems • Plugins • Schedule configurations • Brute-force attacks • Advanced settings
  16. 16. www.prismacsi.com © All Rights Reserved. 16 Nessus - Demo • Scan results are presented in many different formats. A large network can be easily analyzed with these outputs. • Detailed Analysis • Criticality Levels
  17. 17. www.prismacsi.com © All Rights Reserved. 17 Nessus - Demo
  18. 18. www.prismacsi.com © All Rights Reserved. 18 Nessus - Demo
  19. 19. www.prismacsi.com © All Rights Reserved. 19 Nessus - Demo • The scan report is available in the following formats and can be integrated with other penetration testing tools. • Formats • XML • HTML • Nessus
  20. 20. www.prismacsi.com © All Rights Reserved. 20 Core Impact - Demonstration • Security Scanner • Includes a lot of advanced security checkers and has its own unique tools. • Contains special exploits. • Has its very own special Zeroday team. • It’s a licensed tool J
  21. 21. www.prismacsi.com © All Rights Reserved. 21 Web Security Scanners • Used for security scans of web applications and services • There are several that also allow users manual tests • Netsparker is accepted worldwide as one the most successful vulnerability scanner. • Burp suite is the most critical tool!
  22. 22. www.prismacsi.com © All Rights Reserved. 22 Netsparker - Demo • Web application security scanning tool • Licensed and Free version available • Specifically developed for web technologies. • Is a more advanced and integrated solution with Netsparker Cloud
  23. 23. www.prismacsi.com © All Rights Reserved. 23 Burpsuite - Demo • Web application Proxy tool and Security Scanner • Licensed and Free version available • Specific to Web technologies • Most frequently used tool. • Hackers and Pentesters’ most valuable tool
  24. 24. www.prismacsi.com © All Rights Reserved. 24 Nikto Security Scanner - Demo • Web application and server security scanner. • Frequently used practical application. • Used via command line.
  25. 25. www.prismacsi.com © All Rights Reserved. 25 W3af Web Scanner - Demo • Is a web application security scanner. • Developed by OWASP. • Includes various policies and customized scans can be performed. • Even though not frequently utilized it is very useful.
  26. 26. www.prismacsi.com © All Rights Reserved. 26 Sqlmap – SQL Injection Scanner – Demo • Developed specifically for SQL Injection attacks.. • Developed in Python programming language. • Open source • Contains advanced parameters and attack methods
  27. 27. www.prismacsi.com © All Rights Reserved. 27 Are vulnerabilities only scanned remotely? • A scan does not only have to be performed remotely for web applications or for a server. • It is also possible to gain entry into a server and scan the operating system. (RDP, SSH login -> internal scanning) • Compatibility or configuration checks can be performed. • Static code analysis can be done
  28. 28. www.prismacsi.com © All Rights Reserved. 28 Summary: • We have a lot of intelligence data we've collected from the beginning.. • Now we know existing systems that are up. • We discovered open ports in these systems and we know the software running on these ports. • We have noted the vulnerabilities we have discovered on the applications that are running on these software or that we have discovered on the services. • Now we need to understand how to use these vulnerabilities to our advantage!
  29. 29. www.prismacsi.com © All Rights Reserved. 29 Applications
  30. 30. www.prismacsi.com © All Rights Reserved. 30 Questions?
  31. 31. www.prismacsi.com © All Rights Reserved. 31 www.prismacsi.com info@prismacsi.com 0 850 303 85 35 /prismacsi Contacts

×