n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

Similar documents
Train as you Fight: Are you ready for the Red Team?

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Attackers Process. Compromise the Root of the Domain Network: Active Directory

Indicate whether the statement is true or false.

Introduction to Ethical Hacking. Chapter 1

Bypassing Web Application Firewalls

ICS Penetration Testing

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

hidden vulnerabilities

RiskSense Attack Surface Validation for IoT Systems

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Application Security Approach

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Tiger Scheme QST/CTM Standard

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Understanding the Internet

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

All the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too?

Tools for Security Testing

Protect Your Organization from Cyber Attacks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Penetration Testing! The Nitty Gritty. Jeremy Conway Partner/CTO

Live Adversary Simulation: Red and Blue Team Tactics

RiskSense Attack Surface Validation for Web Applications

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Microsoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018

Chapter 5: Vulnerability Analysis

Trustwave Managed Security Testing

Define information security Define security as process, not point product.

Choosing the Right Security Assessment

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

CyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET

CPTE: Certified Penetration Testing Engineer

Maximum Security with Minimum Impact : Going Beyond Next Gen

CompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Vulnerability Assessments and Penetration Testing

VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID:

MIS Week 9 Host Hardening

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

ANATOMY OF AN ATTACK!

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

An ICS Whitepaper Choosing the Right Security Assessment

CS 356 Operating System Security. Fall 2013

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Executive Summary. Flex Bounty Program Overview. Bugcrowd Inc Page 2 of 7

Web Application Attacks

CYBERSECURITY PENETRATION TESTING - INTRODUCTION

The Rise of the Purple Team

How Breaches Really Happen

SECURITY TESTING. Towards a safer web world

Network Access Control and VoIP. Ben Hostetler Senior Information Security Advisor

Introduction to Threat Deception for Modern Cyber Warfare

Becoming the Adversary

Terms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

A Passage to Penetration Testing!

C1: Define Security Requirements

CASE STUDY. How 16 Penetration Tests Missed A Vulnerability Which Could ve Cost One Company Over $103 Million In PCI Fines

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

A Common Cyber Threat Framework: A Foundation for Communication

TexSaw Penetration Te st in g

Quick Lockdown Guide. Firmware 6.4

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Checklist for Evaluating Deception Platforms

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

align security instill confidence

Part 1: Anatomy of an Insider Threat Attack

IoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution

Machine-Based Penetration Testing

Penetration Testing Scope

KPI Dictionary ABRIDGED SAMPLE. A KPI Reference Guide for Use in Performance Management. Information Technology (IT)

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Pieter Wigleven Windows Technical Specialist

Firewalls, Tunnels, and Network Intrusion Detection

Web Application Penetration Testing

Vulnerability Management

Copyright

Part 2: How to Detect Insider Threats

CyBot Suite. Machine-based Penetration Testing

Curso: Ethical Hacking and Countermeasures

Teradata and Protegrity High-Value Protection for High-Value Data

CYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Segmentation for Security

Automating the Top 20 CIS Critical Security Controls

How AlienVault ICS SIEM Supports Compliance with CFATS

Transcription:

Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration Testing Concepts Active Reconnaissance n A penetration test (or pen test) simulates an attack from a malicious outsider n The goal of a pen test is to determine if an attacker can bypass your security and access your systems n Unlike a vulnerability assessment, which typically just catalogs vulnerabilities, a pen test attempts to exploit vulnerabilities n It focuses on the most commonly employed threat vectors n Reconnaissance is the first step of performing a pen test n The objective of reconnaissance is to obtain an understanding of the system and its components that attackers may want to attack n Active reconnaissance testing involves tools that actually interact with the network and systems n Can provide a lot of useful information, but may alert defenders to the impending attack 3 4 CIS 3500 1

Passive Reconnaissance Active vs. Passive Tools n Passive reconnaissance is the use of tools that do not Active tools modify or send traffic provide information to the network or systems under investigation n Information obtained via search engines such as Shodan n Information gathering without the actual sending of packets to a system n Company announces the upgrade or adoption of a particular software package via a PR release Passive tools receive traffic only 5 6 Pivot Initial Exploitation n Pivoting is a key method used by a pen tester or attacker to move across a network n The first step is the attacker obtaining a presence on a machine n Then remotely examine the network to see sections of networks that were not observable from their previous position n It is not easy to do n Exploiting the vulnerabilities encountered serves two purposes n it demonstrates the level of risk that is actually present n it demonstrates the viability of the mechanism of the attack vector n The initial exploitation is intended to demonstrate only that a vulnerability is present and exploitable n One key element to remember is that all activities on a system occur using a compromised account 7 8 CIS 3500 2

Persistence Escalation of Privilege n Persistence is one of the key elements of a whole class of attacks referred to as advanced persistent threats (APTs) n APTs place two elements at the forefront of all activity: invisibility from defenders and persistence n APT actors tend to be very patient and use techniques that make it very difficult to remove them once they have n Escalation of privilege is the movement from a lower-level account to an account that enables root-level activity n Attacker uses a normal user account to exploit a vulnerability on a process that is operating at root n With root access, things like log changes and other changes are possible gained a foothold 9 10 Black Box White Box n Black box testing is a software-testing technique n Testers using black box techniques typically have no knowledge of the internal workings of the software n They have no visibility into how the data is processed inside the application n Web-based applications are typically subjected to a barrage of valid, invalid, malformed, and malicious input n White box testing is looking at the internal structures and processing within an application for bugs, vulnerabilities n A white box tester will have detailed knowledge of the application n Network assessments where the tester will have detailed knowledge of the network, including but not limited to IP addresses, network routes, valid user credentials etc. n Black box testing can also be applied to networks or systems 11 12 CIS 3500 3

Gray Box Pen Testing vs. Vulnerability Scanning n In gray box testing the testers typically have some knowledge of the software, network, or systems n Vulnerability scanning is the scanning of a system for vulnerabilities, whether they are exploitable or not n Penetration testing is the examination of a system for vulnerabilities that can be exploited n The key is exploitation 13 14 Vulnerability Scanning Concepts Passively Test Security Controls n Vulnerability scanning is the process of examining systems and network devices for holes, weaknesses, and issues and finding them before a potential attacker does n Tools called vulnerability scanners n Most organizations look at vulnerability scanning as an n Passive testing target is the system, not the controls n If the security controls are effective, then the vulnerability scan may not properly identify the vulnerability n If the security control prevents a vulnerability from being attacked, then it may not be exploitable ongoing process 15 16 CIS 3500 4

Identify Vulnerability Identify Lack of Security Controls n If the scanner finds a vulnerability in a system, it makes a log of the fact n In the end, an enumeration of the vulnerabilities that were discovered is part of the vulnerability analysis report n If a vulnerability is exposed then a security control is needed to prevent the vulnerability from being exploited n Part of the function of the vulnerability scan is to learn where controls are missing or are ineffective 17 18 Identify Common Misconfigurations Intrusive vs. Non-intrusive n Common misconfigurations include access control failures and failure to protect configuration parameters n Vulnerability scanners can be programmed to test for these specific conditions and report on them n One method is to perform a test is an intrusive test that changes the state of the system n If the scanner does not directly interact with the specific vulnerability that is a non-intrusive method n It can be significantly less accurate in the actual determination of a vulnerability 19 20 CIS 3500 5

Credentialed vs. Non-credentialed False Positive n Credentialed scans will be more accurate in determining whether the vulnerabilities exist, as they are not encumbered by access controls n Non-credentialed scans demonstrate what the system may be vulnerable to against an outside attacker n A false positive is an incorrect finding the scanner tells you there is a problem when in reality nothing is wrong n A false negative is when the scanner fails to report a vulnerability that actually does exist the scanner simply missed the problem or didn t report it as a problem n Which one is more dangerous? n Why do we not to work on both? 21 22 There is no 100 percent secure system, and there is nothing that is foolproof! Stay Alert! CIS 3500 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback