Penetration testing

SECURITY PENETRATION
TESTING
TEKNIS PELATIHAN KEAMANAN INFORMASI

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

AGENDA

SECURITY ASSESSMENT

VULNERABILITY ASSESSMENT

SECURITY AUDIT

PENETRATION TESTING

VA V.S PENTEST

PENTEST V.S SYSTEM AUDIT


AGENDA

PENETRATION TESTING

TYPE

SCOPE (AREA)

LIMITATIONS

PENETRATION TESTING

METHODOLOGIES

WELL KNOWN STANDARD


SECURITY ASSESSMENT

IS A WAY TO VALIDATE/CHECK THE LEVEL OF SECURITY
ON EVERY ASPECT OF IT INFRASTRUCTURE.

ALSO TO ENSURE THAT NECESSARY SECURITY
CONTROLS ARE INTEGRATED INTO THE DESIGN AND
IMPLEMENTATION.

TO PREPARE FOR BETTER ENHANCEMENT


SECURITY ASSESSMENT

VULNERABILITY ASSESSMENT

A VULNERABILITY ASSESSMENT IS USUALLY
CARRIED OUT BY SECURITY VULNERABILITY SCANNER
APPLICATION. MOST OF THE PRODUCT TEST TYPE OF
OPERATING SYSTEM, APPLICATION, PATCH LEVEL,
USER ACCOUNT AND ELSE.

VULNERABILITY SCANNER IDENTIFY COMMON
SECURITY CONFIGURATION MISTAKES AND COMMON
ATTACK


SECURITY ASSESSMENT

SECURITY AUDIT

MOST PART ARE CHECKLIST-BASED (CORPORATE
SECURITY POLICICES OR REGULATION STANDARDS
(ISO) OR PBI)

IMPORTANT FOR BEING COMPLIED WITH SECURITY
POLICIES, LEGISLATION AND STANDARDS

E.G: IS THERE ANY BACKUPS? ANTIVIRUS?


SECURITY ASSESSMENT

PENETRATION TESTING

IS WHEN A “HACKER” DO THE ATTACKER WORK.

THE ONLY GOAL IS TO GET AS MUCH AS POSSIBLE
AND AS DEEP AS POSSIBLE TO BREAK INTO THE
SYSTEM.


VA V.S PENTEST

VULNERABILITY ASSESSMENT IDENTIFIES THE
“POSSIBLE” VULNERABILITIES (ALSO FALSE POSITIVE)

PENETRATION TESTING VALIDATES THE VULNERABILITY


PENTEST V.S SECURITY AUDITS

SECURITY AUDITS IMPORTANT FOR BEING COMPLIED
WITH SECURITY POLICIES, LEGISLATION AND
STANDARDS

PENTEST COMPLEMENT SYSTEM AUDITS AND HELP TO
FIX SECURITY THREAT BEFORE AN ATTACKER
DISCOVERS IT


PENETRATION TESTING

CHECK SENSITIVE INFORMATION AVAILABLE

CHECK WHAT KIND OF PRIVILEGES PENTESTER GAIN

CHECK IF POSSIBLE TO ESCALATE PRIVILEGES

CHECK IF VULNERABILITY CAN LEAD TO MORE EXPLOITS
(ANOTHER APPLICATION, SYSTEM, OR SERVER)


PENETRATION TESTING

TYPE OF PENETRATION TESTING:

BLACK BOX: 0 INFORMATION ABOUT THE SYSTEM,
MAYBE ONLY THE IP/DOMAIN NAME. FULL ATTACKER
PERSPECTIVE

GRAY BOX: PARTIAL INFORMATION ABOUT A SYSTEM,
SIMULATE ATTACK BY EMPLOYEE, VENDORS.

WHITE BOX: SIGNIFICANT INFORMATION ABOUT A
SYSTEM, SOURCE CODE/CONFIGURATION REVIEW.


PENETRATION TESTING

NETWORK INFRASTRUCTURE PENTEST

WIFI, VOIP, TELEPHONE

APPLICATION INFRASTRUCTURE PENTEST

WEB, MOBILE

SYSTEM INFRASTRUCTURE PENTEST

PHYSICAL SECURITY

SOCIAL ENGINEETING (PEOPLE)


PENETRATION TESTING

MOST LIMITATIONS

TIME

SKILLED

ACCESS TO EQUIPMENT


PENETRATION TESTING

METHODOLOGY

A GUIDELINE FOR SOLVING A PROBLEM, WITH SPECIFIC
COMPONENTS SUCH AS PHASES, TASKS, METHODS,
TECHNIQUES AND TOOLS


PENETRATION TESTING

WELL KNOWN STANDARD

!


PENETRATION TESTING

SOURCE: ISSAF


PENETRATION TESTING

INFORMATION GATHERING : USING ALL RESOURCES
(INTERNET) TO FIND ALL THE INFORMATION ABOUT
TARGET, USING TECHNICAL AND NON-TEHCNICAL
METHODS

SOURCE: ISSAF


INFORMATION GATHERING

NON TECHNICAL

SEARCH COMPANY INFO ON SOCIAL NETWORK :
LINKEDIN.COM, FACEBOOK

SEARCH KEY PERSONAL ACTIVITY: ADMINISTRATOR,
PROGRAMMER

GOOGLE HACKING


HANDS ON

INFORMATION GATHERING VIA SOCIAL NETWORK

INFORMATION GATHERING VIA GOOGLE HACKING


INFORMATION GATHERING

TECHNICAL

USING DIG. NSLOOKUP, WHOIS TO FIND INFORMATION


HANDS ON

INFORMATION GATHERING USING DIG

INFORMATION GATHERING USING WHOIS


PENETRATION TESTING

NETWORK MAPPING: FOOTPRINT THE NETWORK AND
RESOURCES THAT ALREADY GATHER FROM
INFORMATION GATHERING. E.G: FIND LIVE HOST, PORT
AND SERVICE, NETWORK PERIMETER, OS AND SERVICE
FINGERPRINTING

SOURCE: ISSAF


NETWORK MAPPING

TOOLS: NMAP, TRACEROUTE, PING

MENCOBA NMAP, TRACEROUTE

SOURCE: ISSAF


HANDS ON


PENETRATION TESTING

VULNERABILITY IDENTIFICATION : IDENTIFY ALL
SERVICES VULNERABILITY (BASED ON VERSION/
BANNER), USING VULNERABILITY SCAN, IDENTIFY
ATTACK PATH

TOOLS: NMAP, NESSUS

SOURCE: ISSAF


HANDS ON

NMAP -SV (DETECT OPEN PORT WITH SERVICE INFO
(VERSION))

NMAP -O (DETECT POSSIBLE OS)


PENETRATION TESTING

PENETRATION: TRY TO GAIN UNAUTHORIZED ACCESS BY
CIRCUMVENTING THE SECURITY MEASURES TO GET
ACCESS,. E.G: FIND POC, CREATE TOOLS, TESTING

SOURCE: ISSAF


PENETRATION TESTING

GAINING ACCESS AND PRIVILEGES : GAINING LEAST
PRIVILEGE BY DEFAULT USER OR PASSWORD, DEFAULT
SETTINGS, PUBLIC SERVICES, TRY TO ESCALATE
PRIVILEGES TO SUPERIOR LEVEL (ADMINISTRATOR/
ROOT)

USING/CREATING EXPLOIT

OR METASPLOIT (FREE) , IMMUNITY CANVAS, CORE
IMPACT

SOURCE: ISSAF


HANDS ON

USING METASPLOIT

USING LOCAL EXPLOIT TO GAIN HIGHER LEVEL
PRIVILEGES


PENETRATION TESTING

ENUMERATING FURTHER: OBTAIN PASSWORD
(PASSWORD FILE (/ETC/SHADOW, SAM), USER
DATABASE), SNIFFING NETWORK, MAPPING INTERNAL
NETWORK

SOURCE: ISSAF


HANDS ON

CRACKING PASSWORD FILE


PENETRATION TESTING

COMPROMISE REMOTE USERS/SITES: (IF POSSIBLE) TRY
TO COMPROMISE REMOTE USER (VPN USERS) TO GET
PRIVILEGE TO INTERNAL NETWORK

SOURCE: ISSAF


PENETRATION TESTING

MAINTAINING ACCESS: OFTEN NOT PERFORM

COVERING TRACKS: OFTEN NOT PERFORM

SOURCE: ISSAF


PENETRATION TESTING

VALUE IS ON THE REPORT

PENETRATION TESTING SERVICE LEVEL AGREEMENT

NON DISCLOSURE AGREEMENT

THERE ARE ALWAYS A RISK, E.G : SYSTEM DOWN/
CRASH DURING PENTEST, SLOWDOWN NETWORK


Penetration testing

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Penetration testing

Similar to Penetration testing (20)

More from Ammar WK

More from Ammar WK (20)

Recently uploaded

Recently uploaded (20)

Penetration testing