Sei sulla pagina 1di 20

om

l.c

1@

gm

ai

CODENAME: Samurai Skills


Course

br

y6

89

Module 1: Solid Introduction to


Penetration Testing
Ninja-Sec.com

om

What is a Penetration Test?

89

1@

gm

ai

l.c

A method of evaluating the security of a computer system or


network by simulating an attack from a malicious source that may
involve active exploitation of security vulnerabilities. The process
involves an active analysis of the system for any potential
vulnerabilities that may result from poor or improper system
configuration, known and/or unknown hardware or software flaws,
or operational weaknesses in process or technical
countermeasures.

br

y6

Wow This Is a Nice Big Statement, but how do we define a service


out of it?

om

Penetration Testing Services

br

y6

89

1@

gm

ai

l.c

Finding vulnerabilities in applications and protocols through custom


exploit development
A service where exploits and tools may need to be written on the fly
during the assessment.
Identifying and exploiting code and business logic insecurities in web
applications
Tricking someone into divulging sensitive information
Testing the physical security protections of an organization
Cracking a network perimeter, exfiltration data and demonstrating
impact of successful penetrations.
Attempting to gain access to a system while evading security
monitoring capabilities
Finding as many weaknesses in technical controls as quickly as possible
Simply validating findings identified during a vulnerability assessment

om

One Current Approach to Definitions

br

y6

89

1@

gm

ai

l.c

We sometimes define a penetration tests by


the level of knowledge the tester will have of
the infrastructure to be tested:
White Box: Full prior knowledge
Black Box: No knowledge
Grey Box or Crystal Box: Some variation in
between

om

Another Current Approach to Definitions

ai

l.c

A somewhat better approach is to define a penetration tests


by the technology and/or activity:

br

y6

89

1@

gm

Network Services penetration test


Wireless Security penetration test
Web Application penetration test
Social Engineering penetration test
Physical penetration test
Client Side penetration test
Mobile Application Penetration test
etc.

om

Community Wide Efforts for Improving Competency

gm

ai

l.c

National Board of Information Security


Examiners (NBISE)

y6

89

1@

Council for Registered Ethical Security Testers


(CREST)

br

Penetration Testing Execution Standard (PTES)

y6

l.c
ai
gm
1@

89

Reconnaissance
Scanning
Exploitation
Reporting

br

om

Penetration Testing Overall Process

om

What Are Penetration Testing Goals ?

br

y6

89

1@

gm

ai

l.c

Independently assess a system from the viewpoint of a


malicious attacker, whether a malicious insider or an
uninformed outsider.
determining business impact from a successful attack.
Test information security detection and response
capabilities in ways only an actual cyber-attack can.
Test a system with active exploitation tools and
techniques, validating both technical and non-technical
vulnerabilities.

om

What are Goals of this course?

br

y6

89

1@

gm

ai

l.c

we made our course to provide you with the


ability to conduct an effective hands on penetration
test
we are focusing on medium level penetration test
(NS|PT)
we have another course that focusing on
Advanced level penetration test (NS|APT)
we have a dedicated online penetration testing
labs that mimic REAL WORLD Penetration Testing
Scenarios

l.c

Both Are Different dont Mix!

om

Vulnerability Assessment Vs. Penetration Testing

1@

gm

ai

Vulnerability Assessment : just find and report


Vulnerabilities in a system network with out
trying to exploit these vulnerabilities

br

y6

89

Penetration Testing : Finding and Exploiting these


vulnerabilities and take advantage of them to
going deeper on system or network and gain
more power on system

om

Vulnerability Vs. Exploit

1@

gm

ai

l.c

Vulnerability is a flaw or weakness in a system


that an attacker can exploit it to gain more
power on the system

br

y6

89

Exploit is a piece of code or a technique that


can be used by an attacker to take advantage
of a vulnerability

Exploits Types :
Remote Exploit
Local Exploit
Dos Exploit

l.c

ai

Vulnerabilities types :
Network Service Vulnerabilities
Web Application Vulnerabilities
Mobile Application Vulnerabilities
Local Service Vulnerabilities
System Vulnerabilities
Human Vulnerabilities
Physical Vulnerabilities

br

y6

89

1@

gm

om

Types of Vulnerabilities and Exploits

om

Exploits and tools sources for Penetration Testers

br

y6

89

1@

gm

ai

l.c

http://www.exploit-db.com
http://www.securityfocus.com
http://packetstormsecurity.org

y6

l.c
ai
gm
1@

89

us-cert.gov
cve.mitre.org
secunia.com
vupen.com

br

om

Vulnerability Research Sources for Penetration Testers

y6

89

l.c
ai
gm

1@

Metasploit pro
NeXpose
SAINT
IBM Rational Appscan
Immunity canvas
Core impact
Nessus professional feed
HP Web Inspect
Acunetix WVS
And many others .

br

om

Commercial Tools for Penetration Testers

om

Penetration Testing Methodologies

br

y6

89

1@

gm

ai

l.c

NIST 800-115 (Technical Guide for Information Security


Testing)
OSSTMM (Open Source Security Testing Methodology
Manual)
OWASP Testing Guide
ISSAF (Information Systems Security Assessment
Framework)
Penetration Testing Framework
PTES (Penetration Testing Execution Standard)

om

Penetration Test Report

ai

l.c

This is The most important thing in penetration


testing process

y6

89

1@

gm

We show managers and technical guys at


company what vulnerabilities they have in either
their Network ,systems ,web apps , mobile apps ,
wireless and how they can secure them with
detailed and clear explanation

br

You can download and view a very good


penetration testing reports :

om

Introduction : References -1

l.c

Vulnerability Types

Top Vulnerabilities

1@

http://secunia.com/resources/reports/

gm

ai

http://nvd.nist.gov/cwe.cfm

89

Exploit Availability Repositories

br

y6

http://www.exploit-db.com/
http://packetstormsecurity.org/
http://securityreason.com/

om

Introduction : References -2

br

y6

89

1@

gm

ai

l.c

NIST 800-115: http://csrc.nist.gov/publications/nistpubs/800115/SP800-115.pdf


OSSTM: http://www.isecom.org/osstmm/
OWASP Testing Project:
https://www.owasp.org/index.php/OWASP_Testing_Project
ISSAF: http://www.oissg.org/issaf
Penetration Testing Framework:
http://www.vulnerabilityassessment.co.uk/Penetration%20Tes
t.html
PTES: http://www.pentest-standard.org/index.php/Main_Page
Interesting discussion on the use of standards:
http://resources.infosecinstitute.com/standards-forpenetration-testing/

om

Introduction : References -3

gm

ai

l.c

http://www.vulnerabilityassessment.co.uk/rep
ort%20template.html

89

1@

Penetration test reports

br

y6

http://www.mediafire.com/?wl969qbtptzfp13