security
DESCRIPTION
penetrationTRANSCRIPT
-
BackTrack Penetration Testing WorkshopMichael Holcomb, CISSPUpstate ISSA Chapter
-
AgendaIntroductionsScheduleWorkshop FormatThe Attacker MethodologyPenetration Testing Execution Standard (PTES)Pentester Job Requirements
-
DisclaimerDo not try this at home without permission!
-
IntroductionsNameCompanyPositionPrevious ExperienceWindows & LinuxPenetration TestingBackTrack
-
ScheduleHours (9:00AM to 4:30PM)10:20 to 10:30 - Break11:00 to 12:30 ISSA Chapter Meeting2:45 to 3:00 - Break
-
Workshop FormatSession MaterialsPractice ExercisesWorkshop Survey
-
The Hacker MethodologyInformation GatheringVulnerability AssessmentExploitationPrivilege EscalationMaintaining Access
-
Penetration Testing Execution Standard (PTES)Pre-engagement InteractionsIntelligence GatheringThreat ModelingVulnerability AnalysisExploitationPost ExploitationReporting
-
Pentester Job RequirementsSystem and application scanning using analysis toolsValidate automated testing resultsConduct manual analysisEvaluate and communicate riskProvide feedback and guidanceCertifications (CEH, CISA, CISSP, OCSP)
-
Physical SecurityMost overlooked area of Information SecurityIf you can touch it, you can p0wn it!
-
www.securitywizardry.com/radar.htm
-
BookmarksVMware (vmware.com)BackTrack 5 R3 (backtrack-linux.org)Metasploitable (offensive-security.com)Web Security Dojo (mavensecurity.com)Pauldotcom (pauldotcom.com)OCSP (offensive-security.com)Katana (hackfromacave.com)