3. AGENDA
PENETRATION TESTING
TYPE
SCOPE (AREA)
LIMITATIONS
PENETRATION TESTING
METHODOLOGIES
WELL KNOWN STANDARD
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
4. SECURITY ASSESSMENT
IS A WAY TO VALIDATE/CHECK THE LEVEL OF SECURITY
ON EVERY ASPECT OF IT INFRASTRUCTURE.
ALSO TO ENSURE THAT NECESSARY SECURITY
CONTROLS ARE INTEGRATED INTO THE DESIGN AND
IMPLEMENTATION.
TO PREPARE FOR BETTER ENHANCEMENT
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
5. SECURITY ASSESSMENT
VULNERABILITY ASSESSMENT
A VULNERABILITY ASSESSMENT IS USUALLY
CARRIED OUT BY SECURITY VULNERABILITY SCANNER
APPLICATION. MOST OF THE PRODUCT TEST TYPE OF
OPERATING SYSTEM, APPLICATION, PATCH LEVEL,
USER ACCOUNT AND ELSE.
VULNERABILITY SCANNER IDENTIFY COMMON
SECURITY CONFIGURATION MISTAKES AND COMMON
ATTACK
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
6. SECURITY ASSESSMENT
SECURITY AUDIT
MOST PART ARE CHECKLIST-BASED (CORPORATE
SECURITY POLICICES OR REGULATION STANDARDS
(ISO) OR PBI)
IMPORTANT FOR BEING COMPLIED WITH SECURITY
POLICIES, LEGISLATION AND STANDARDS
E.G: IS THERE ANY BACKUPS? ANTIVIRUS?
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
7. SECURITY ASSESSMENT
PENETRATION TESTING
IS WHEN A “HACKER” DO THE ATTACKER WORK.
THE ONLY GOAL IS TO GET AS MUCH AS POSSIBLE
AND AS DEEP AS POSSIBLE TO BREAK INTO THE
SYSTEM.
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
8. VA V.S PENTEST
VULNERABILITY ASSESSMENT IDENTIFIES THE
“POSSIBLE” VULNERABILITIES (ALSO FALSE POSITIVE)
PENETRATION TESTING VALIDATES THE VULNERABILITY
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
9. PENTEST V.S SECURITY AUDITS
SECURITY AUDITS IMPORTANT FOR BEING COMPLIED
WITH SECURITY POLICIES, LEGISLATION AND
STANDARDS
PENTEST COMPLEMENT SYSTEM AUDITS AND HELP TO
FIX SECURITY THREAT BEFORE AN ATTACKER
DISCOVERS IT
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
10. PENETRATION TESTING
CHECK SENSITIVE INFORMATION AVAILABLE
CHECK WHAT KIND OF PRIVILEGES PENTESTER GAIN
CHECK IF POSSIBLE TO ESCALATE PRIVILEGES
CHECK IF VULNERABILITY CAN LEAD TO MORE EXPLOITS
(ANOTHER APPLICATION, SYSTEM, OR SERVER)
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
11. PENETRATION TESTING
TYPE OF PENETRATION TESTING:
BLACK BOX: 0 INFORMATION ABOUT THE SYSTEM,
MAYBE ONLY THE IP/DOMAIN NAME. FULL ATTACKER
PERSPECTIVE
GRAY BOX: PARTIAL INFORMATION ABOUT A SYSTEM,
SIMULATE ATTACK BY EMPLOYEE, VENDORS.
WHITE BOX: SIGNIFICANT INFORMATION ABOUT A
SYSTEM, SOURCE CODE/CONFIGURATION REVIEW.
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
12. PENETRATION TESTING
NETWORK INFRASTRUCTURE PENTEST
WIFI, VOIP, TELEPHONE
APPLICATION INFRASTRUCTURE PENTEST
WEB, MOBILE
SYSTEM INFRASTRUCTURE PENTEST
PHYSICAL SECURITY
SOCIAL ENGINEETING (PEOPLE)
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
14. PENETRATION TESTING
METHODOLOGY
A GUIDELINE FOR SOLVING A PROBLEM, WITH SPECIFIC
COMPONENTS SUCH AS PHASES, TASKS, METHODS,
TECHNIQUES AND TOOLS
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
17. PENETRATION TESTING
INFORMATION GATHERING : USING ALL RESOURCES
(INTERNET) TO FIND ALL THE INFORMATION ABOUT
TARGET, USING TECHNICAL AND NON-TEHCNICAL
METHODS
SOURCE: ISSAF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
18. INFORMATION GATHERING
NON TECHNICAL
SEARCH COMPANY INFO ON SOCIAL NETWORK :
LINKEDIN.COM, FACEBOOK
SEARCH KEY PERSONAL ACTIVITY: ADMINISTRATOR,
PROGRAMMER
GOOGLE HACKING
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
19. HANDS ON
INFORMATION GATHERING VIA SOCIAL NETWORK
INFORMATION GATHERING VIA GOOGLE HACKING
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
22. PENETRATION TESTING
NETWORK MAPPING: FOOTPRINT THE NETWORK AND
RESOURCES THAT ALREADY GATHER FROM
INFORMATION GATHERING. E.G: FIND LIVE HOST, PORT
AND SERVICE, NETWORK PERIMETER, OS AND SERVICE
FINGERPRINTING
SOURCE: ISSAF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
23. NETWORK MAPPING
TOOLS: NMAP, TRACEROUTE, PING
MENCOBA NMAP, TRACEROUTE
SOURCE: ISSAF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
26. PENETRATION TESTING
VULNERABILITY IDENTIFICATION : IDENTIFY ALL
SERVICES VULNERABILITY (BASED ON VERSION/
BANNER), USING VULNERABILITY SCAN, IDENTIFY
ATTACK PATH
TOOLS: NMAP, NESSUS
SOURCE: ISSAF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
27. HANDS ON
NMAP -SV (DETECT OPEN PORT WITH SERVICE INFO
(VERSION))
NMAP -O (DETECT POSSIBLE OS)
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
28. PENETRATION TESTING
PENETRATION: TRY TO GAIN UNAUTHORIZED ACCESS BY
CIRCUMVENTING THE SECURITY MEASURES TO GET
ACCESS,. E.G: FIND POC, CREATE TOOLS, TESTING
SOURCE: ISSAF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
29. PENETRATION TESTING
GAINING ACCESS AND PRIVILEGES : GAINING LEAST
PRIVILEGE BY DEFAULT USER OR PASSWORD, DEFAULT
SETTINGS, PUBLIC SERVICES, TRY TO ESCALATE
PRIVILEGES TO SUPERIOR LEVEL (ADMINISTRATOR/
ROOT)
USING/CREATING EXPLOIT
OR METASPLOIT (FREE) , IMMUNITY CANVAS, CORE
IMPACT
SOURCE: ISSAF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
33. PENETRATION TESTING
COMPROMISE REMOTE USERS/SITES: (IF POSSIBLE) TRY
TO COMPROMISE REMOTE USER (VPN USERS) TO GET
PRIVILEGE TO INTERNAL NETWORK
SOURCE: ISSAF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
34. PENETRATION TESTING
MAINTAINING ACCESS: OFTEN NOT PERFORM
COVERING TRACKS: OFTEN NOT PERFORM
SOURCE: ISSAF
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
35. PENETRATION TESTING
VALUE IS ON THE REPORT
PENETRATION TESTING SERVICE LEVEL AGREEMENT
NON DISCLOSURE AGREEMENT
THERE ARE ALWAYS A RISK, E.G : SYSTEM DOWN/
CRASH DURING PENTEST, SLOWDOWN NETWORK
AHMAD MUAMMAR !(C)2011 | @Y3DIPS