team cymru cymru team
play

Team Cymru Cymru Team Penetration Testing Ryan Connolly, - PowerPoint PPT Presentation

Jul 25, 2023 •49 likes •879 views

Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com <http://www.cymru.com> Penetration Testing Agenda Pentesting Basics Pentesting Defined Vulnerability Scanning vs. Penetration testing Pentesting

  1. Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com <http://www.cymru.com>

  2. Penetration Testing Agenda • Pentesting Basics – Pentesting Defined – Vulnerability Scanning vs. Penetration testing • Pentesting Strategy • Anecdotes from real pentests • Conducting a good vulnerability scan – Footprint, Scan, Enumerate, Gain Access, Escalate, Pilfer, Cover Track, Create Backdoor – Demos • Review

  3. Why Penetration Testing? • Financial institutions must secure their networks in order to maintain the security of the entire financial system • But with no ability to assess risk organizations are flying blind • IT Security assessments are done today with a mixture of Vulnerability Scanning and Penetration Testing

  4. What is Penetration Testing?

  5. Dave’s new job as a Pen Tester wasn’t anything at all like he’d expected

  6. Penetration Testing Attempt to compromise security by using the same techniques of the attacker – If I was an attacker, how far would I be able to go? – How easy is it to compromise this computer | network | application | system ?

  7. Vulnerability Scanning or Penetration Testing?

  8. Vulnerability Scanning Look for evidence of – Vulnerable software versions – Presence or lack of patches – Misconfiguration

  9. The “bad guys” don’t run Nessus

  10. Vulnerability Scanning alone is not sufficient • Does not tell you what an attacker can do to your network today • Does not identify dangerous trust relationships between components • Lots of false-positives are produced – Must be manually verified • Only actionable items are list of missing patches

  11. Organizations should take advantage of both VS and PT • VS provides a baseline from which to start building a risk profile • A Penetration Test illustrates what those vulnerabilities mean to the organization today, and can help verify remediation efforts • The financial system cannot afford for institutions not to perform periodic Penetration Tests

  12. Key elements of a Penetration Test • Discover and exploit vulnerabilities throughout the network • Leverage trust-relationships among components • Access critical information

  13. Example “After exploiting a vulnerability in the Exchange server, we were able to collect a list of valid email users and passwords. We then used this server to attack the database server in the DMZ (which wasn’t visible from the outside). One of the exploits was successful and we gained administrator access to the server, including complete access to all tables in the customers database.”

  14. A good pen-test • Covers all relevant attack vectors • Clearly shows how vulnerable assets can be compromised • Tests the system as a whole, including existing defense mechanisms • Documents all activities performed

  15. Common mistakes organizations make when doing PT • Limit the test to running a vulnerability scanner • Testing components in isolation • Company changes environment while test is being performed • Overlooking critical relationships, such as suppliers, partners and outsourcing/offshoring vendors

  16. Signs that a test wasn’t thorough • Limited to small subset of network • Produced a laundry list of vulnerabilities, with no additional verification • No interpretation of findings, or “hand waving” • No recommendations beyond list of missing vendor patches • Lack of detailed activity logs, and/or problems with clean-up

  17. Pentesting Strategy How much testing is good enough?

  18. Managing Risk Risk Money

  19. It is always possible to hack a network • It just depends on how hard you try • But smart companies – Invest in technology and processes that help them reduce the most risk, with the least amount of resources – Assume they will be hacked eventually and prepare accordingly

  20. How often can we test cost- effectively? • Penetration Testing was traditionally done once or twice a year due to high cost of service • Automated Penetration Testing software is enabling organizations today to test more often – 75% of IMPACT customers doing testing on a monthly and weekly basis, in contrast with 50% doing it once or twice a year in late 2004

  21. Security as an emergent property The security of a system is determined by the security of each of its components individually and of the system as a whole

  22. Organizations are getting better at • Deploying OS updates on high-profile public servers • Hardening network services on public servers • Securing the perimeter with properly configured firewalls and routers

  23. Penetrating a network through its perimeter is much more difficult today than it was 5 years ago

  24. Organizations still have trouble with • Client side security • Custom web applications • Internal security • Dealing with continuous change and an ever- expanding network of partners, customers and suppliers

  25. Attackers are not standing still • Industry data points to significant increase in the prevalence and criticality of client-side vulnerabilities – A “shift” towards finding vulnerabilities in client-side software is occurring (SANS and Symantec security threat reports) – 8 out of 20 categories in latest SANS Top 20 report relate directly to client-side vulnerabilities – High profile incidents taking advantage of vulnerabilities in client- side software • Windows Metafile image exploit in MySpace.com ad deploys trojan on compromised computers (July 06) • Organizations with good perimeter security are still wide open to attacks against client-side vulnerabilities

  26. Client Side Vulnerabilities • Vulnerabilities in client-side software – IE, Firefox, Outlook, Thunderbird, MSN Messenger, AOL IM, ICQ, Media Players, and image and document readers/processors • Examples – IE devenum.dll COM Object vulnerability (MS05-038) – MSN messenger PNG Processing vulnerability (MS05-009) – Windows WMF vulnerability (KB912840) • Remote/Local, High/Medium/Low? – No good fit in current vulnerability taxonomies

  27. The user’s workstation • is less protected & more complex than the publicly available servers • has legitimate access to the network’s critical assets • connects the Internet with the internal network

  28. Internal network still wide open • Security much more relaxed than on public facing servers – Internal computers are not patched correctly even though automated patch mgmt is in place • Less (sometimes non-existent) network segmentation • Plenty of trust relationships that can be leveraged

  29. Random anecdotes from real pen tests

  30. Pen Test #1 • Collected valid email addresses using a badly configured SMTP server and a list of common names in various languages • Spammed targets with email probe – Web bug in <img> to fingerprint targets – UNC web bug to force authentication with a fake SMB server • Exploited Java vulnerability

  31. Pen Test #2 • Collected e-mail addresses by searching MIT’s PGP keys server and internet newsgroups – Some mail archives had complete email headers • Created profile of each user – Workstation details: OS, browser, MUA – Personal details: hobbies, favorites, contacts, level of computer proficiency • Segmented attack and customized emails based on profile

  32. Pen Test #2b • 1 single email produced about 40 different successful compromises in a matter of minutes • Done by hitting an e-mail alias for a mailing list

  33. Pen Test #3 • Target network divided in two different company branches • Launched exploits against both sub-nets. Exploits for the 1 st failed, but for the 2 nd succeeded • Company had network intrusion prevention active on one side of the network but not on the other

  34. Pen Test #4 • Compromised ad-hoc test server with old exploit • Replaced SSH daemon with trojan • Collected usernames and passwords that were valid on other more important servers on the network

  35. Simple attacks still work • Sent trojanized executable as menu for new Pizzeria • Engage in conversation via IM and send a trojan • Fedex “sample CD-ROMs” with active content

  36. A good pen-test • Covers all relevant attack vectors • Clearly shows how vulnerable assets can be compromised • Tests the system as a whole, including existing defense mechanisms • Documents all activities performed

  37. The Pentesting Process Think like the bad guys: use the same process. Consider: 1. Social engineering factor 2. Technical factor 3. Iterative learning

  38. Pentesting Vulnerability Scanning Now that we’ve talked about not just doing vulnerability scans, let’s talk about… Vulnerabilty scaninng!

  39. Network attack process Create Backdoor Cover Tracks Pilfer Escalate Gain Access Enumerate Scan Footprint

  40. Footprinting • Techniques: –Open source search –whois –DNS zone transfers • Tools: –USENet, search engines –networksolutions.com, other registrars – nslookup, dig • Objective: –IP addresses –Domain names

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com &lt;http://www.cymru.com&gt; Network Forensics what does it mean? network forensics is the analysis of network events in order to discover the source of problem

997 views • 43 slides
Dewis Cymru - the national context Dewis Cymru forms part of the local government response to

Dewis Cymru - the national context Dewis Cymru forms part of the local government response to

09/01/18 Dewis Cymru Dewis Cymru Scrutiny Performance Panel Adult Services 16 January 2018 Presentation on DEWIS Cymru Simon Jones Swansea Council Dewis Cymru - the national context Dewis Cymru forms part of the local government

258 views • 8 slides
Hub Cymru Africa Presentation 2018 fit for a purpose The grant from Hub Cymru was for 4,000

Hub Cymru Africa Presentation 2018 fit for a purpose The grant from Hub Cymru was for 4,000

fit for a purpose Hub Cymru Africa Presentation 2018 fit for a purpose The grant from Hub Cymru was for 4,000 2,100 was spent in the first year on the Welsh Three Peaks and November Challenge. Year two - 1,900 for a mail shot to over

464 views • 13 slides
13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff

13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff

13 Things to Consider Before DNSSEC John Kristoff jtk@cymru.com FIRST 2010 John Kristoff Team Cymru 1 Where is the DNSSEC? We make no endorsement of DNSSEC here We offer no repudiation of DNSSEC here The considerations herein

543 views • 31 slides
Wales Circular Economy Fund Deliver Delivered b ed by WRAP Cymru WRAP Cymru on behalf on

Wales Circular Economy Fund Deliver Delivered b ed by WRAP Cymru WRAP Cymru on behalf on

Wales Circular Economy Fund Deliver Delivered b ed by WRAP Cymru WRAP Cymru on behalf on behalf of the of the We Welsh G Government May 2019 May 2019 Cr Croeso oeso Bettina Gilbert Bettina Gilbert Pr Progr ogramme mme Manager

608 views • 58 slides
Neil Ayling President of ADSS Cymru Leading for the future A whole systems approach We are what

Neil Ayling President of ADSS Cymru Leading for the future A whole systems approach We are what

ADSS Cymru &amp; Social Work Scotland Presidents Chaired by Cathy Kerr Neil Ayling President of ADSS Cymru Leading for the future A whole systems approach We are what we repeatedly do. Excellence , then is not an Act , but a habit. Aristotle

468 views • 22 slides
Who, What, Where and How An Insider's View to Participating in the Security Community John

Who, What, Where and How An Insider's View to Participating in the Security Community John

Who, What, Where and How An Insider's View to Participating in the Security Community John Kristoff jtk@cymru.com FIRST 2012 John Kristoff Team Cymru 1 Editorial Note I can't but help reflect on the security community history, present

646 views • 27 slides
Cefnogi teuluoedd Cymru Supporting Wales Families Karen Cornish, Dirprwy Gyfarwyddwr / Deputy

Cefnogi teuluoedd Cymru Supporting Wales Families Karen Cornish, Dirprwy Gyfarwyddwr / Deputy

Cefnogi teuluoedd Cymru Supporting Wales Families Karen Cornish, Dirprwy Gyfarwyddwr / Deputy Director, yr Is-adran Plant a Theuluoedd / Children &amp; Families Division Llywodraeth Cymru / Welsh Government #BilPlantCymru Welsh Government

421 views • 10 slides
UNICEFs Rights Respecting School Award SARAH HOOKE Education Officer, Cymru UNICEF UK

UNICEFs Rights Respecting School Award SARAH HOOKE Education Officer, Cymru UNICEF UK

1 Friday 5 Friday 5 th th March 2010 March 2010 UNICEFs Rights Respecting School Award SARAH HOOKE Education Officer, Cymru UNICEF UK education team education team 2 THE VISION BEHIND THE RIGHTS RESPECTING THE VISION BEHIND THE

329 views • 12 slides
Newydd Hydref 2017 New Inspection Arrangements Autumn 2017 Liz Counsell HMI estyn.llyw.cymru

Newydd Hydref 2017 New Inspection Arrangements Autumn 2017 Liz Counsell HMI estyn.llyw.cymru

Trefniadau Arolygu Newydd Hydref 2017 New Inspection Arrangements Autumn 2017 Liz Counsell HMI estyn.llyw.cymru estyn.gov.wales Egwyddorion arwain Guiding principles estyn.llyw.cymru estyn.gov.wales Yr egwyddorion ar meddylfryd

768 views • 28 slides
WALES MOVING TOWARDS A CONTINUING BAN ON GM CROP CULTIVATION WALES Cymru THE LAND OF MY

WALES MOVING TOWARDS A CONTINUING BAN ON GM CROP CULTIVATION WALES Cymru THE LAND OF MY

WALES MOVING TOWARDS A CONTINUING BAN ON GM CROP CULTIVATION WALES Cymru THE LAND OF MY FATHERS Hen Wlad Fy Nhadau WELSH AGRICULTURE The question the people of Wales have had to answer is: 1.6 million hectares (around 77% of Wales' total

538 views • 16 slides
Public spending in Wales The End of Austerity and Beginning of Brexit: What are the implications

Public spending in Wales The End of Austerity and Beginning of Brexit: What are the implications

Public spending in Wales The End of Austerity and Beginning of Brexit: What are the implications for Wales? Wales Centre for Public Policy Event Caerdydd / Cardiff 05/02/2020 Guto Ifan DadansoddiCyllid Cymru, Canolfan Llywodraethiant Cymru,

398 views • 36 slides
Gofal Cymdeithasol (Cymru) 2016 Regulation and Inspection of Social Care (Wales) Act 2016 Y

Gofal Cymdeithasol (Cymru) 2016 Regulation and Inspection of Social Care (Wales) Act 2016 Y

Deddf Rheoleiddio ac Arolygu Gofal Cymdeithasol (Cymru) 2016 Regulation and Inspection of Social Care (Wales) Act 2016 Y fframwaith deddfwriaethol The legislative framework Egwyddorion a beth mae hyn yn ei olygu ich gwasanaeth Principles and

234 views • 20 slides
Contact a Family Cymru Presentation 2016 Background to Families visiting the Cinema Some of the

Contact a Family Cymru Presentation 2016 Background to Families visiting the Cinema Some of the

Contact a Family Cymru Presentation 2016 Background to Families visiting the Cinema Some of the daily general issues for parents Family life appointments, medical interventions, feeding, washing, sleep, family breakdown etc

120 views • 9 slides
History and Community Marco Gil-Cervantes Chief Executive marco@promo.cymru 07970 662341

History and Community Marco Gil-Cervantes Chief Executive marco@promo.cymru 07970 662341

History and Community Marco Gil-Cervantes Chief Executive marco@promo.cymru 07970 662341 @marcogilcer To work with local communities and beyond, to create a centre of excellence to be proud of, in which people can participate , learn,

384 views • 17 slides
WRAP Cymru 22 nd October 2015 Paul Crewe Head of Sustainability Our Values make us different:

WRAP Cymru 22 nd October 2015 Paul Crewe Head of Sustainability Our Values make us different:

WRAP Cymru 22 nd October 2015 Paul Crewe Head of Sustainability Our Values make us different: Sainsburys 20x20 Sustainability Plan carbon, water, waste &amp; packaging Sainsburys environment timeline : 1993 1996 1999 2001 2003 2005

308 views • 28 slides
Abstract ID: 12 Presenting Author: Saranya Devi K Co-Authors: Anushree Mishra Anita Ganger

Abstract ID: 12 Presenting Author: Saranya Devi K Co-Authors: Anushree Mishra Anita Ganger

Abstract ID: 12 Presenting Author: Saranya Devi K Co-Authors: Anushree Mishra Anita Ganger Rohit Saxena Madhulika Kabra Abstract Title: Evaluation of the effect of secondary mitochondrial DNA mutations in Lebers hereditary optic

317 views • 7 slides
5 minutes: Attendance and Breath of Arrival 50 minutes: Urinary System Punctuality-

5 minutes: Attendance and Breath of Arrival 50 minutes: Urinary System Punctuality-

5 minutes: Attendance and Breath of Arrival 50 minutes: Urinary System Punctuality- everybody's time is precious: Be ready to learn by the start of class, we'll have you out of here on time o Tardiness: arriving late, late return after

651 views • 42 slides
Geriatric Acetabular Fractures Avoid Complications Adam Starr, MD Chief, Orthopaedic Surgery

Geriatric Acetabular Fractures Avoid Complications Adam Starr, MD Chief, Orthopaedic Surgery

Geriatric Acetabular Fractures Avoid Complications Adam Starr, MD Chief, Orthopaedic Surgery Parkland Memorial Hospital Professor and Executive Vice Chair Department of Orthopaedic Surgery UT Southwestern Medical Center Dallas, Texas 69

1.11k views • 37 slides
Evolving Technique: I Have the Diagnosis: Quadrilateral Space Syndrome - Decompress the Nerve!

Evolving Technique: I Have the Diagnosis: Quadrilateral Space Syndrome - Decompress the Nerve!

Evolving Technique: I Have the Diagnosis: Quadrilateral Space Syndrome - Decompress the Nerve! Carl J. Basamania, MD, FACS Orthopedic Physician Associates Swedish Orthopaedic Institute Seattle, Washington Presenter Disclosure Information

523 views • 21 slides
Liver transplant meeting 19th September 2017 Dr Tu Vinh Luong Royal Free Hospital Royal Free

Liver transplant meeting 19th September 2017 Dr Tu Vinh Luong Royal Free Hospital Royal Free

Liver transplant meeting 19th September 2017 Dr Tu Vinh Luong Royal Free Hospital Royal Free Hospital - Case A Female 41 years Liver transplant in Feb 2017 for PBC. Stable at clinical follow-ups until July 2017 when a liver biopsy

377 views • 24 slides
Checkmate? Review of the Epidemiology and our Last Line of Defense for Carbapenem-Resistant

Checkmate? Review of the Epidemiology and our Last Line of Defense for Carbapenem-Resistant

Checkmate? Review of the Epidemiology and our Last Line of Defense for Carbapenem-Resistant Enterobacteriaceae Kieran Shah, Clinical Pharmacy Specialist Critical Care, Surrey Memorial Hospital Presenter disclosure I have no current or past

744 views • 50 slides
Neonatal X-Ray Interpretation Smeeta Sardesai, MD, MS Ed. Associate Professor of Pediatrics Keck

Neonatal X-Ray Interpretation Smeeta Sardesai, MD, MS Ed. Associate Professor of Pediatrics Keck

Neonatal X-Ray Interpretation Smeeta Sardesai, MD, MS Ed. Associate Professor of Pediatrics Keck School of Medicine University of Southern California University of Southern California Los Angeles Why X-Rays are Done? X-rays are ordered:

269 views • 26 slides
UNIVERSIT DI BOLOGNA INTERNATIONAL MASTER DEGREE IN PULMONARY VASCULAR DISEASES 2019 2020

UNIVERSIT DI BOLOGNA INTERNATIONAL MASTER DEGREE IN PULMONARY VASCULAR DISEASES 2019 2020

UNIVERSIT DI BOLOGNA INTERNATIONAL MASTER DEGREE IN PULMONARY VASCULAR DISEASES 2019 2020 EDITION The University of Bologna has established in 2006 the International Master Degree on Pulmonary Vascular Diseases (MPVD) to be held at the

338 views • 4 slides

More recommend