Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is - - PowerPoint PPT Presentation

testing
SMART_READER_LITE
LIVE PREVIEW

Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is - - PowerPoint PPT Presentation

Dec 21, 2022 357 likes •460 views

Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system Legal if

slide-1
SLIDE 1

Introduction to Penetration Testing

  • Dr. Patrick McDaniel

Meghan Riegel Fall 2015

slide-2
SLIDE 2

Page

What is Penetration Testing?

  • Attacking a system to find security vulnerabilities in order to fix them

before a malicious party attacks the system

  • Legal if you get permission, but be careful to not break the law!
  • Tons of online penetration testing sandboxes, vulnerable distributions,

and vulnerable sites available online:

  • Hack This Site!
  • Hack.me
  • Metasploitable
  • OverTheWire.org
  • Captf.com
slide-3
SLIDE 3

Page

I don’t want to do IT… why is this important?

  • In order to be able to develop new security software or do

new security research, you need to understand how systems are vulnerable to attacks

  • Attackers are using these attacks on your computer, your

university’s servers, your bank’s servers, your cloud storage servers, your email service’s servers… everything.

  • Hacking is fun!
slide-4
SLIDE 4

Page

Kali Linux

  • Debian-derived Linux distribution designed for digital

forensics and penetration testing

  • Pre-installed with >600 penetration-testing programs
  • Nmap
  • Wireshark
  • Burp
  • Jack the Ripper
  • Metasploit
slide-5
SLIDE 5

Page

Metasploit

  • Framework designed for developing, exploiting, and

assisting in attacks (over 900 exploits available)

  • Built with research in mind
  • Written in Ruby
slide-6
SLIDE 6

Page

SQL Injection

  • A type of web app security vulnerability in which an

attacker is able ot submit a database SQL command that is executed by a web application, exposing the back-end database.

  • Tools to use: SQLMap, SQLNinja
  • Tutorial
slide-7
SLIDE 7

Page

Cross-Site Scripting (XSS)

  • Enables attackers to inject client-side script into web

pages

  • Used to bypass access controls
  • Account for roughly 84% of all vulnerabilities
  • Tool: BeEF Exploitation Framework
  • Cheat Sheet:

https://www.owasp.org/index.php/XSS_Filter_Evasion_C heat_Sheet

  • https://xss-game.appspot.com/
slide-8
SLIDE 8

Page

Password Cracking

  • Configurations comprised of 3 parts:
  • Wordlists: contain password lists in plaintext
  • Can be downloaded off the internet
  • Rules: modifications to the wordlist
  • Hash Algorithm: used to generate the password

hash

  • Examples: MD5, SHA1
  • Tools: Jack the Ripper, OCLHashCat
slide-9
SLIDE 9

Page

Lab

  • We will utilize the tools learned in this hands-on lecture to

learn some hacking! We will play some Capture The Flag.

  • Hack.lu