mapping the pentester's mind - 0 to root in 60 min
TRANSCRIPT
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
1/84
Mapping The Penetration Testers Mind
0 to Root in 60 Min
#MappingThePenTestersMind
1
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
2/84
1
2
3
4
5
6
Methodology
Introduction
Technical Walkthrough of Testing
Tools
Further Learning
Questions
2
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
3/84
Who is this guy in front of me??
3
GOOD Question
Background: Penetration Tester for 12 years
Network Engineer for 13 years In IT for 15 years
Regulatory Technology Tester 5 years
Specializes in mobile technologies and communications
Social Engineering
Physical Security
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
4/84
4
Who is this guy in front of me??
Talks:
NotACon
Secure360
SecurityBSides
Chicago
Rochester
Dallas-Fort Worth
Los Angeles
Las Vegas
DeepSec
SecTor
ISSA / ISSACA Meetings Hacker Space Invitationals
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
5/84
5
Who is this guy in front of me??
Publications:
Mapping The Penetration Testers Mind: An Auditors Introduction to PenTesting (Book)
Late 2012
Mapping The Penetration Testers Mind: An Auditors Introduction To PenTesting
(Presentation) 2012
Mapping The Penetration Testers Mind: 0 to Root in 60 Min - 2012
Weaponizing The SmartphoneProtecting Against The Perfect WMD 2011
Weaponizing The SmartphoneDeploying The Perfect WMD 2011
Dont Bit The ARM That Feeds You Integrating Mobile Technologies Securely Into
Mature Security Programs 2011
Bond TechI Want More Than Movie Props - 2011
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
6/84
What is a penetration test? A penetration test, occasionally pentest, is a method of
evaluating the security of a computer system or network
by simulating an attack from malicious outsiders (who do
not have an authorized means of accessing the
organization's systems) and malicious insiders (who have
some level of authorized access). The process involves anactive analysis of the system for any potential
vulnerabilities that could result from poor or improper
system configuration, both known and unknown
hardware or software flaws, or operational weaknesses in
process or technical countermeasures. This analysis is
carried out from the position of a potential attacker and
can involve active exploitation of security vulnerabilities.
wikipedia
INTRODUCTION
6
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
7/84
Penetration tests are valuable for several reasons: Determining the feasibility of a particular set of attack vectors
Identifying higher-risk vulnerabilities that result from a combination
of lower-risk vulnerabilities exploited in a particular sequence
Identifying vulnerabilities that may be difficult or impossible to
detect with automated network or application vulnerability scanning
software
Assessing the magnitude of potential business and operational
impacts of successful attacks
Testing the ability of network defenders to successfully detect and
respond to the attacks
Providing evidence to support increased investments in security
personnel and technology
Wikipedia
INTRODUCTION
7
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
8/84
Testing Types
White Box Testing
In penetration testing, white-box testing refers to a
methodology where an ethical hacker has full
knowledge of the system being attacked. The goal of
a white-box penetration test is to simulate a
malicious insider who has some knowledge andpossibly basic credentials to the target system.
Black Box Testing
In penetration testing, black-box testing refers to a
methodology where an ethical hacker has no
knowledge of the system being attacked. The goal of
a black-box penetration test is to simulate an
external hacking or cyber warfare attack.
wikipedia
INTRODUCTION
8
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
9/84
1
2
3
4
5
6
Methodology
Introduction
Mapping The PenTesters Mind
Tools
Further Learning
Questions
99
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
10/84
METHODOLOGY
10
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
11/84
Reconnaissance
Using non-intrusive methods to enumerate
information about the network under test. DNS,
Whois and Web searching are used.
Objective:
To enumerate the target organization's Internet
Footprint, which represents the sum of all active IP
addresses and listening services and to identity potential
vulnerabilities
METHODOLOGY
11
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
12/84
Network Surveying & Vulnerability Scanning
This is the process of refining the target list
produced during the passive reconnaissance phase
by using more intrusive methods such as port
scanning, service and OS fingerprinting, andvulnerability scanning. Nmap, Nexpose and other
scanning tools are used.
Objective:
To obtain visibility in the network; Determining whichdevices are targets and enumerating possible threats to the
network.
METHODOLOGY
12
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
13/84
Vulnerability Research & Verification
In this phase, a vulnerability scanner is run against
the devices gathered in previous phases.
Objective: To take knowledge gathered in previous phases, check for
known vulnerabilities and configuration error.
Objective:
To obtain access to services and devices that are notavailable through configuration error and vulnerability
exploitation.
METHODOLOGY
13
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
14/84
Password Attacks
Services with authenticated logins are tested
against a username and password list created in
previous phases.
Objective:
To verify password policies, best practices, and complexity
requirements are in use and properly enforced.
METHODOLOGY
14
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
15/84
Reporting and Analysis
In this phase, an analysis of the results found during the
automated and manual aspects of the assessment.
Objective:
To build a deliverable containing the greatest risks to
the organization being testing.
METHODOLOGY
15
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
16/84
1
2
3
4
5
6
Methodology
Introduction
Mapping The PenTesters Mind
Tools
Further Learning
Questions
1616
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
17/84
TOOLS
17
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
18/84
1
2
3
4
5
6
Methodology
Introduction
Mapping The PenTesters Mind
Tools
Further Learning
Questions
1818
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
19/84
Who should do thetest?
Mapping The PenTesters Mind
19
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
20/84
20
Mapping The PenTesters Mind
Interview the vendor AND the Tester
Experience Levels of the Tester
Free range
Enterprise class
Know the data retention policy
Create a relationship with your tester they are your guide not only an employee or consultant
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
21/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
22/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
23/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
24/84
DISCOVER TARGETS
Mapping The PenTesters Mind
24
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
25/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
26/84
Metasploit Scanning
26
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
27/84
Metasploit Scanning
27
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
28/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
29/84
Nexpose Scanning
29
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
30/84
Nexpose Scanning
30
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
31/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
32/84
32
EXECUTE ARP POISON
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
33/84
EXPLOITATION
33
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
34/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
35/84
MS08-067
35
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
36/84
MS08-067
36
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
37/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
38/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
39/84
CREDENTIAL
ANDHASH
COLLECTION
39
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
40/84
COLLECTING CREDENTIALS SMB
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
41/84
41
COLLECTING CREDENTIALS - SMB
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
42/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
43/84
43
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
44/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
45/84
PASS-THE-HASH
(NOT THAT KIND)
45
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
46/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
47/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
48/84
48
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
49/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
50/84
PSEXEC WITH A LOCAL ACCOUNT HASH
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
51/84
51
PSEXEC WITH A LOCAL ACCOUNT HASH
CREATE LOCAL ADMINISTRATOR ACCOUNT
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
52/84
52
CREATE LOCAL ADMINISTRATOR ACCOUNT
REMOTE DESKTOP VIA RAPID7 LOCAL ADMIN
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
53/84
53
REMOTE DESKTOP VIA RAPID7 LOCAL ADMIN
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
54/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
55/84
M i Th P T Mi d
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
56/84
56
Mapping The PenTesters Mind
M i Th P T Mi d
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
57/84
57
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
58/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
59/84
M i Th P T t Mi d
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
60/84
60
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
61/84
M i Th P T t Mi d
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
62/84
62
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
63/84
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
64/84
64
Mapping The PenTesters Mind
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
65/84
65
Mapping The PenTester s Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
66/84
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
67/84
67
Mapping The PenTester s Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
68/84
PSEXEC WITH DOMAIN ADMIN ACCOUNT
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
69/84
69
PSEXEC WITH DOMAIN ADMIN ACCOUNT
SESSIONS CREATED WITH CREATED DOMAIN ADMIN
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
70/84
70
SESSIONS CREATED WITH CREATED DOMAIN ADMIN
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
71/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
72/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
73/84
LOCAL ACCESS
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
74/84
I trust ALL of mycontractors
74
LOCAL ACCESS
BOOT FROM USB
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
75/84
75
BOOT FROM USB
BOOT TO UNAUTHORIZED OS
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
76/84
76
BOOT TO UNAUTHORIZED OS
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
77/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
78/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
79/84
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
80/84
1
2
3
4
5
6
Methodology
Introduction
Tools
Mapping The PenTesters Mind
Further Learning
Questions
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
81/84
Mapping The PenTesters Mind
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
82/84
82
Mapping The PenTester s Mind
Taking a step by step approach
makes the expansiveness of a
network becomes very narrow and a
single vulnerability can lead to a
larger problem.
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
83/84
1
2
3
4
5
6
Methodology
Introduction
Tools
Mapping The PenTesters Mind
Further Learning
Questions
8383
-
7/31/2019 Mapping the Pentester's Mind - 0 to Root in 60 Min
84/84