SlideShare ist ein Scribd-Unternehmen logo
1 von 85
Introduzione	
  ai	
  Network	
  Penetra1on	
  
Test	
  secondo	
  l’OSSTMM
Linux	
  Day	
  2012
Roma,	
  27	
  o)obre	
  2012
Simone	
  Onofri	
  -­‐	
  simone.onofri@techub.it
Introduzione   NPT	
  e	
  OSSTMM
Introduzione ai network penetration test secondo osstmm
hBp://onofri.org/u/npt2012
Network	
  Penetra1on	
  Test




                     ?
Network	
  Penetra1on	
  Test



Il	
  Network	
  Penetra/on	
  Test	
  
      ha	
  lo	
  scopo	
  verificare	
  la	
  
       sicurezza	
  dei	
  sistemi	
  
            espos/	
  sulla	
  rete.
Network	
  Penetra1on	
  Test

Viene	
  valutata	
  la	
  presenza	
  
          e	
  la	
  correBa	
  
  implementazione	
  dei	
  
controlli	
  che	
  annullano,	
  o	
  
   limitano	
  le	
  minacce	
  
Network	
  Penetra1on	
  Test

       L’a>vità	
  valuta	
  uno	
  
scenario	
  specifico	
  secondo	
  
 il	
  bersaglio,	
  la	
  posizione	
  
        degli	
  aCaccan/	
  e	
  le	
  
 informazioni	
  disponibili
Network	
  Penetra1on	
  Test	
  




              come?
Network	
  Penetra1on	
  Test	
  




                   Open
Network	
  Penetra1on	
  Test	
  




                Source
Network	
  Penetra1on	
  Test	
  




              Security
Network	
  Penetra1on	
  Test	
  




                Tes1ng
Network	
  Penetra1on	
  Test	
  




    Methodology
Network	
  Penetra1on	
  Test	
  




               Manual
Network	
  Penetra1on	
  Test	
  




      OSSTMM
traceroute	
  to	
  isecom.org


 # traceroute -n isecom.org
 traceroute to isecom.org (216.92.116.13), 64 hops
 max, 52 byte packets
 [...]
 16 195.22.192.181 48.888 ms 52.587 ms 49.014 ms
 17 89.221.34.50 40.760 ms 37.027 ms 40.741 ms
 18 64.210.21.150 180.909 ms 170.083 ms 178.578 ms
 19 * * *
 20 * * *
traceroute	
  to	
  isecom.org



 # tcpdump   -Sni en0
 440701 IP   195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36
 493212 IP   195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36
 542222 IP   195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36
 583138 IP   89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36
 620053 IP   89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36
 660844 IP   89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36
 841862 IP   64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36
 011975 IP   64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36
 190596 IP   64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36
breve	
  introduzione	
  alla	
  
Cosa	
  bisogna	
  sapere   metodologia
“security	
  is	
  about	
  
   protec1on”
  Pete	
  Herzog	
  -­‐	
  No	
  More	
  of	
  the	
  Same	
  Bad	
  Security
Operational Security


                            Access
     Visibility
                              Trust

     Exposure!            Vulnerability!


  Authentication        NonRepudiation


  Indemnification        Confidentiality


    Resilience              Privacy


   Subjugation              Integrity


    Continuity               Alarm


    Weakness!              Concern!

Interactive Controls    Process Controls
Cosa	
  bisogna	
  fare   regole	
  di	
  ingaggio	
  e	
  auditor	
  trifecta
Regole	
  di	
  ingaggio	
  (selezione)




     come	
  “regolamentare”	
  
              l’a>vità
Regole	
  di	
  ingaggio	
  (selezione)



                         Paura
                    Incertezza
                      Inganno
Regole	
  di	
  ingaggio	
  (selezione)




                   X
                         Paura
                    Incertezza
                      Inganno
Regole	
  di	
  ingaggio	
  (selezione)




      se	
  non	
  /	
  buco	
  è	
  gra/s
Regole	
  di	
  ingaggio	
  (selezione)




                   X
      se	
  non	
  /	
  buco	
  è	
  gra/s
Regole	
  di	
  ingaggio	
  (selezione)




     fare	
  i	
  test	
  SOLO	
  se	
  
 espressamente	
  autorizza/
Regole	
  di	
  ingaggio	
  (selezione)




 a	
  prescindere	
  da	
  NDA,	
  non	
  
 divulgare	
  mai	
  informazioni	
  
             o	
  risulta/
Regole	
  di	
  ingaggio	
  (selezione)




    conosci	
  i	
  tuoi	
  strumen/
Regole	
  di	
  ingaggio	
  (selezione)




non	
  lasciare	
  lo	
  scope	
  meno	
  
 sicuro	
  di	
  come	
  era	
  prima	
  
          del	
  tuo	
  arrivo
Regole	
  di	
  ingaggio	
  (selezione)
Trifecta	
   	
  




  sono	
  le	
  tre	
  domande	
  da	
  
  farsi	
  durante	
  un’a>vità
Trifecta	
   	
  




               Come	
  funziona?
Trifecta	
   	
  




      Come	
  il	
  management	
  
       pensa	
  che	
  funzioni?
Trifecta	
   	
  




    Di	
  cosa	
  effe>vamente	
  
            c’è	
  bisogno?
Trifecta	
   	
  
Test	
  sulla	
  sicurezza	
      alcuni	
  elemen1	
  secondo	
  l’OSSTMM
  delle	
  Re1	
  di	
  Da1	
  
11.1	
  Posture	
  Review
11.2	
  Logis1cs
11.2.1	
  Framework
# whois isecom.org
[...]
Registrant Organization:Institute for Security and Open Methodologies
[...]
Registrant City:Lake George
Registrant State/Province:NY
Registrant Postal Code:12845
Registrant Country:US
Registrant Phone:+1.5186***********
[...]
Registrant Email:a*******@isecom.org
Admin Name:Peter Herzog
Admin Organization:Institute for Security and Open Methodologies
[...]
Admin City:Lake George
Admin State/Province:NY
Admin Postal Code:12845
Admin Country:US
Admin Phone:+1. 5186***********
Admin FAX Ext.:
Admin Email:a*******@isecom.org
[...]
Name Server:NS222.PAIR.COM
Name Server:NS0000.NS0.COM
# dig isecom.org @NS222.PAIR.COM ANY

; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65151
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;isecom.org.         IN    ANY

;; ANSWER SECTION:
isecom.org.      3600 IN   A   216.92.116.13
isecom.org.      3600 IN   MX 50 mailwash4.pair.com.
isecom.org.      3600 IN   SOA ns222.pair.com. root.pair.com. 2012020511 3600
300 604800 3600
isecom.org.      3600 IN   NS    ns0000.ns0.com.
isecom.org.      3600 IN   NS    ns222.pair.com.

;; Query time: 176 msec
;; SERVER: 209.68.2.67#53(209.68.2.67)
[...]
# whois 216.92.116.13

NetRange:       216.92.0.0 - 216.92.255.255
CIDR:           216.92.0.0/16
OriginAS:
NetName:        PAIRNET-BLK-3
NetHandle:      NET-216-92-0-0-1
Parent:         NET-216-0-0-0-0
NetType:        Direct Allocation
Comment:        ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:        1998-09-25
Updated:        2001-06-14
Ref:            http://whois.arin.net/rest/net/NET-216-92-0-0-1

OrgName:        pair Networks
OrgId:          PAIR
Address:        2403 Sidney St
Address:        Suite 510
City:           Pittsburgh
StateProv:      PA
PostalCode:     15232
Country:        US
RegDate:        1997-01-30
Updated:        2008-10-04
# nmap -PN --traceroute -n -p80 isecom.org

Starting Nmap 6.00 ( http://nmap.org ) at 2012-10-27 09:00 CEST
Nmap scan report for isecom.org (216.92.116.13)
Host is up (0.17s latency).
PORT   STATE SERVICE
80/tcp open http

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
[...]
17 42.97 ms 89.221.34.110
18 166.42 ms 64.210.21.150
19 ...
20 165.39 ms 216.92.116.13

Nmap done: 1 IP address (1 host up) scanned in 3.28 seconds
11.2.2	
  Network	
  
    Quality
# hping2 --icmp -c 100 isecom.org
HPING isecom.org (en0 216.92.116.13): icmp mode set, 28 headers + 0 data bytes
len=46 ip=216.92.116.13 ttl=48 id=16179 icmp_seq=0 rtt=164.9 ms
len=46 ip=216.92.116.13 ttl=48 id=16501 icmp_seq=1 rtt=161.0 ms
len=46 ip=216.92.116.13 ttl=48 id=16733 icmp_seq=2 rtt=165.8 ms
[...]
len=46 ip=216.92.116.13 ttl=48 id=39293 icmp_seq=91 rtt=171.9 ms
len=46 ip=216.92.116.13 ttl=48 id=39386 icmp_seq=92 rtt=161.4 ms
len=46 ip=216.92.116.13 ttl=48 id=39563 icmp_seq=93 rtt=167.6 ms
len=46 ip=216.92.116.13 ttl=48 id=39777 icmp_seq=94 rtt=168.3 ms
len=46 ip=216.92.116.13 ttl=48 id=40557 icmp_seq=95 rtt=164.5 ms
len=46 ip=216.92.116.13 ttl=48 id=41028 icmp_seq=96 rtt=171.0 ms
len=46 ip=216.92.116.13 ttl=48 id=41289 icmp_seq=97 rtt=165.6 ms
len=46 ip=216.92.116.13 ttl=48 id=41378 icmp_seq=98 rtt=167.3 ms
len=46 ip=216.92.116.13 ttl=48 id=41860 icmp_seq=99 rtt=167.4 ms

--- isecom.org hping statistic ---
100 packets tramitted, 97 packets received, 3% packet loss
round-trip min/avg/max = 161.0/167.1/211.4 ms
# hping2 -S -p 80 -c 100 isecom.org
HPING isecom.org (en0 216.92.116.13): S set, 40 headers + 0 data bytes
len=46   ip=216.92.116.13 ttl=50 DF id=25484 sport=80 flags=SA seq=0 win=65535 rtt=181.7 ms
len=46   ip=216.92.116.13 ttl=50 DF id=26974 sport=80 flags=SA seq=1 win=65535 rtt=167.9 ms
len=46   ip=216.92.116.13 ttl=50 DF id=27338 sport=80 flags=SA seq=2 win=65535 rtt=165.3 ms
[...]
len=46   ip=216.92.116.13   ttl=48   DF   id=54788   sport=80   flags=SA   seq=86   win=65535 rtt=201.6 ms
len=46   ip=216.92.116.13   ttl=50   DF   id=55028   sport=80   flags=SA   seq=87   win=65535 rtt=207.3 ms
len=46   ip=216.92.116.13   ttl=50   DF   id=55696   sport=80   flags=SA   seq=94   win=65535 rtt=170.4 ms
len=46   ip=216.92.116.13   ttl=48   DF   id=56158   sport=80   flags=SA   seq=95   win=65535

--- isecom.org hping statistic ---
100 packets tramitted, 99 packets received, 1% packet loss
round-trip min/avg/max = 161.7/171.6/264.2 ms
# hping2 --udp -c 100   isecom.org
HPING isecom.org (en0   216.92.116.13): udp mode set, 28 headers + 0 data bytes
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
ICMP Port Unreachable   from ip=216.92.116.13 name=isecom.org
[...]
ICMP Port Unreachable   from   ip=216.92.116.13   name=isecom.org
ICMP Port Unreachable   from   ip=216.92.116.13   name=isecom.org
ICMP Port Unreachable   from   ip=216.92.116.13   name=isecom.org
ICMP Port Unreachable   from   ip=216.92.116.13   name=isecom.org
ICMP Port Unreachable   from   ip=216.92.116.13   name=isecom.org
ICMP Port Unreachable   from   ip=216.92.116.13   name=isecom.org

--- isecom.org hping statistic ---
100 packets tramitted, 22 packets received, 78% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
11.2.3	
  Time
# curl -kisX HEAD isecom.org
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2012 09:30:00 GMT
Server: Apache/2.2.22
Last-Modified: Fri, 13 Apr 2012 15:48:14 GMT
ETag: "3e3a-4bd916679ab80"
Accept-Ranges: bytes
Content-Length: 15930
Identity: The Institute for Security and Open Methodologies
P3P: Not supported at this time
11.3	
  Ac1ve	
  Detec1on	
  
        Verifica1on
11.3.1	
  Filtering
11.3.2	
  Ac1ve	
  
 Detec1on
# curl -kisX HEAD "http://isecom.org/etc/
passwd?format=%%&xss=">
<script>alert('xss');</
script>&traversal=../../&sql='%20OR%201;"

HTTP/1.1 404 Not Found
Date: Wed, 27 Oct 2012 09:30:00 GMT
Server: Apache/2.2.22
Last-Modified: Fri, 13 Apr 2012 15:48:13 GMT
ETag: "25db-4bd91666a6940"
Accept-Ranges: bytes
Content-Length: 9691
Identity: The Institute for Security and Open
Methodologies
P3P: Not supported at this time
11.4	
  Visibility	
  Audit
11.4.1	
  Network	
  
   Surveying
# dig isecom.org @NS222.PAIR.COM A

; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19360
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;isecom.org.         IN    A

;; ANSWER SECTION:
isecom.org.      3600 IN   A   216.92.116.13

# dig isecom.org @NS222.PAIR.COM AAAA

; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26450
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

# dig isecom.org @NS222.PAIR.COM AXFR

; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM AXFR
;; global options: +cmd
; Transfer failed.
11.4.2	
  Enumera1on
# nmap -sT -Pn -n --top-ports 10 isecom.org

Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:10
CEST
Nmap scan report for isecom.org (216.92.116.13)
Host is up (0.23s latency).
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
23/tcp   closed   telnet
25/tcp   filtered smtp
80/tcp   open     http
110/tcp open      pop3
139/tcp closed    netbios-ssn
443/tcp open      https
445/tcp closed    microsoft-ds
3389/tcp closed   ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
# nmap -sT -Pn -n   --top-ports 10 --reason isecom.org

Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:17
CEST
Nmap scan report for isecom.org (216.92.116.13)
Host is up, received user-set (0.22s latency).
PORT     STATE    SERVICE       REASON
21/tcp   open     ftp           syn-ack
22/tcp   open     ssh           syn-ack
23/tcp   closed   telnet        conn-refused
25/tcp   filtered smtp          no-response
80/tcp   open     http          syn-ack
110/tcp open      pop3          syn-ack
139/tcp closed    netbios-ssn   conn-refused
443/tcp open      https         syn-ack
445/tcp closed    microsoft-ds conn-refused
3389/tcp closed   ms-wbt-server conn-refused
# nmap -sU -Pn -n   --top-ports 10 --reason isecom.org

Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:28
CEST
Nmap scan report for hackerhighschool.org (216.92.116.13)
Host is up, received user-set (0.23s latency).
PORT     STATE         SERVICE      REASON
53/udp   closed        domain       port-unreach
67/udp   open|filtered dhcps        no-response
123/udp closed         ntp          port-unreach
135/udp closed         msrpc        port-unreach
137/udp closed         netbios-ns   port-unreach
138/udp closed         netbios-dgm port-unreach
161/udp closed         snmp         port-unreach
445/udp closed         microsoft-ds port-unreach
631/udp closed         ipp          port-unreach
1434/udp closed        ms-sql-m     port-unreach
# nmap -sU -Pn -n   -p53,67 --reason --packet-trace isecom.org

Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:32    CEST
SENT (0.0508s) UDP 192.168.100.53:54940 > 216.92.116.13:67    ttl=46
id=54177 iplen=28
SENT (0.0509s) UDP 192.168.100.53:54940 > 216.92.116.13:53    ttl=37
id=17751 iplen=40
RCVD (0.3583s) ICMP 216.92.116.13 > 192.168.100.53 Port
unreachable (type=3/code=3) ttl=54 id=1724 iplen=56
SENT (2.5989s) UDP 192.168.100.53:54941 > 216.92.116.13:67    ttl=49
id=33695 iplen=28
Nmap scan report for isecom.org (216.92.116.13)
Host is up, received user-set (0.31s latency).
PORT   STATE         SERVICE REASON
53/udp closed        domain port-unreach
67/udp open|filtered dhcps   no-response

Nmap done: 1 IP address (1 host up) scanned in 4.15 seconds
11.5	
  Access	
  
Verifica1on
11.5.1	
  Network
11.5.2	
  Services
# nmap -sUV -Pn -n   -p53,67 --reason --packet-trace isecom.org


Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:44 CEST
SENT (0.1730s) UDP 192.168.100.53:62664 > 216.92.116.13:53 ttl=48 id=23048
iplen=40
SENT (0.1731s) UDP 192.168.100.53:62664 > 216.92.116.13:67 ttl=48 id=53183
iplen=28
RCVD (0.4227s) ICMP 216.92.116.13 > 192.168.100.53 Port unreachable (type=3/
code=3) ttl=54 id=20172 iplen=56
SENT (2.4252s) UDP 192.168.100.53:62665 > 216.92.116.13:67 ttl=50 id=39909
iplen=28
NSOCK (3.8460s) UDP connection requested to 216.92.116.13:67 (IOD #1) EID 8
NSOCK (3.8460s) Callback: CONNECT SUCCESS for EID 8 [216.92.116.13:67]
Service scan sending probe RPCCheck to 216.92.116.13:67 (udp)
...and more 80 packets...
Nmap scan report for isecom.org (216.92.116.13)
Host is up, received user-set (0.25s latency).
PORT   STATE          SERVICE REASON          VERSION
53/udp closed         domain   port-unreach
67/udp open|filtered dhcps     no-response
# nmap -sTV -Pn isecom.org --top-ports 10 --reason

Starting Nmap 6.00 ( http://nmap.org ) at 2012-10-25 01:41
CEST
Nmap scan report for isecom.org (216.92.116.13)
Host is up, received user-set (0.17s latency).
PORT     STATE    SERVICE       REASON       VERSION
21/tcp   open     ftp           syn-ack      NcFTPd
22/tcp   open     ssh           syn-ack      OpenSSH 6.1
(protocol 2.0)
23/tcp   closed   telnet        conn-refused
25/tcp   filtered smtp          no-response
80/tcp   open     http          syn-ack      Apache httpd
2.2.22
110/tcp open      pop3          syn-ack      Dovecot pop3d
139/tcp filtered netbios-ssn    no-response
443/tcp open      ssl/http      syn-ack      Apache httpd
2.2.22
445/tcp filtered microsoft-ds no-response
3389/tcp closed   ms-wbt-server conn-refused
11.5.3	
  Auten1ca1on
11.6	
  Trust	
  Verifica1on
11.7	
  Controls	
  
 Verifica1on
11.8	
  Process	
  
Verifica1on
11.9	
  Configura1on	
  
   Verifica1on
11.10	
  Property	
  
  Valida1on
11.11	
  Segrega1on	
  
     Review
11.12	
  Exposure	
  
 Verifica1on
11.13	
  Compe11ve	
  
Intelligence	
  Scou1ng
11.14	
  Quaran1ne	
  
   Verifica1on
11.15	
  Privileges	
  Audit
11.16	
  Survivability	
  
   Verifica1on
11.17	
  Alert	
  and	
  Log	
  
         Review
Conclusioni   riferimen1,	
  strumen1
STAR	
  Report	
  e	
  Test	
  OSSTMM
;-­‐)
http://onofri.org/
http://twitter.com/simoneonofri
http://it.linkedin.com/simoneonofri
http://slideshare.net/simoneonofri




GRAZIE!
http://onofri.org/
http://twitter.com/simoneonofri
http://it.linkedin.com/simoneonofri
http://slideshare.net/simoneonofri




DOMANDE
                                      ?

Weitere ähnliche Inhalte

Was ist angesagt?

Fileextraction with suricata
Fileextraction with suricataFileextraction with suricata
Fileextraction with suricataMrArora Arjuna
 
Seven Grades of Perfect Forward Secrecy
Seven Grades of Perfect Forward SecrecySeven Grades of Perfect Forward Secrecy
Seven Grades of Perfect Forward SecrecyOleg Gryb
 
"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł MaziarzPROIDEA
 
Password Security
Password SecurityPassword Security
Password SecurityAlex Hyer
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...CODE BLUE
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)Alexandre Moneger
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W mattersAlexandre Moneger
 
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]RootedCON
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Password Security
Password SecurityPassword Security
Password SecurityCSCJournals
 
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
System Hacking Tutorial #3 - Buffer Overflow - Egg HuntingSystem Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
System Hacking Tutorial #3 - Buffer Overflow - Egg Huntingsanghwan ahn
 
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR mattersAlexandre Moneger
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?Alexandre Moneger
 
Design and implementation_of_shellcodes
Design and implementation_of_shellcodesDesign and implementation_of_shellcodes
Design and implementation_of_shellcodesAmr Ali
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.SecuRing
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bwjktjpc
 

Was ist angesagt? (20)

Fileextraction with suricata
Fileextraction with suricataFileextraction with suricata
Fileextraction with suricata
 
Seven Grades of Perfect Forward Secrecy
Seven Grades of Perfect Forward SecrecySeven Grades of Perfect Forward Secrecy
Seven Grades of Perfect Forward Secrecy
 
"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz
 
Password Security
Password SecurityPassword Security
Password Security
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
 
04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)04 - I love my OS, he protects me (sometimes, in specific circumstances)
04 - I love my OS, he protects me (sometimes, in specific circumstances)
 
Passwords presentation
Passwords presentationPasswords presentation
Passwords presentation
 
07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters07 - Bypassing ASLR, or why X^W matters
07 - Bypassing ASLR, or why X^W matters
 
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filter
 
Password Security
Password SecurityPassword Security
Password Security
 
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
System Hacking Tutorial #3 - Buffer Overflow - Egg HuntingSystem Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
System Hacking Tutorial #3 - Buffer Overflow - Egg Hunting
 
05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters05 - Bypassing DEP, or why ASLR matters
05 - Bypassing DEP, or why ASLR matters
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?09 - ROP countermeasures, can we fix this?
09 - ROP countermeasures, can we fix this?
 
Design and implementation_of_shellcodes
Design and implementation_of_shellcodesDesign and implementation_of_shellcodes
Design and implementation_of_shellcodes
 
Kamailio and VoIP Wild World
Kamailio and VoIP Wild WorldKamailio and VoIP Wild World
Kamailio and VoIP Wild World
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bw
 

Andere mochten auch

Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Simone Onofri
 
Meetmagento 2014 hackers_onofri
Meetmagento 2014 hackers_onofriMeetmagento 2014 hackers_onofri
Meetmagento 2014 hackers_onofriSimone Onofri
 
Hackers vs Developers - Cross Site Scripting (XSS) Attacco e difesa
Hackers vs Developers - Cross Site Scripting (XSS) Attacco e difesaHackers vs Developers - Cross Site Scripting (XSS) Attacco e difesa
Hackers vs Developers - Cross Site Scripting (XSS) Attacco e difesaSimone Onofri
 
Security Project Management: Esperienze nella gestione di Vulnerability Asses...
Security Project Management: Esperienze nella gestione di Vulnerability Asses...Security Project Management: Esperienze nella gestione di Vulnerability Asses...
Security Project Management: Esperienze nella gestione di Vulnerability Asses...Simone Onofri
 
IPMA 2014 World Congress - Stakeholder Engagement between Traditional and Ag...
IPMA 2014 World Congress -  Stakeholder Engagement between Traditional and Ag...IPMA 2014 World Congress -  Stakeholder Engagement between Traditional and Ag...
IPMA 2014 World Congress - Stakeholder Engagement between Traditional and Ag...Simone Onofri
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management -  How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management -  How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...Simone Onofri
 
Agile lean conference - Agile, Lean & Business
Agile lean conference - Agile, Lean & BusinessAgile lean conference - Agile, Lean & Business
Agile lean conference - Agile, Lean & BusinessSimone Onofri
 
ISACA - Gestire progetti di Ethical Hacking secondo le best practices
ISACA - Gestire progetti di Ethical Hacking secondo le best practicesISACA - Gestire progetti di Ethical Hacking secondo le best practices
ISACA - Gestire progetti di Ethical Hacking secondo le best practicesSimone Onofri
 
Nuove minacce nella Cyber Security, come proteggersi
Nuove minacce nella Cyber Security, come proteggersiNuove minacce nella Cyber Security, come proteggersi
Nuove minacce nella Cyber Security, come proteggersiSimone Onofri
 
Hackers vs Developers: vulnerabilità e soluzioni nello sviluppo di applicazio...
Hackers vs Developers: vulnerabilità e soluzioni nello sviluppo di applicazio...Hackers vs Developers: vulnerabilità e soluzioni nello sviluppo di applicazio...
Hackers vs Developers: vulnerabilità e soluzioni nello sviluppo di applicazio...Simone Onofri
 
Mamma, da grande voglio essere un Penetration Tester HackInBo 2016 Winter
Mamma, da grande voglio essere un Penetration Tester HackInBo  2016 WinterMamma, da grande voglio essere un Penetration Tester HackInBo  2016 Winter
Mamma, da grande voglio essere un Penetration Tester HackInBo 2016 WinterSimone Onofri
 
Hackers vs Developers - SQL Injection - Attacco e Difesa
Hackers vs Developers - SQL Injection - Attacco e DifesaHackers vs Developers - SQL Injection - Attacco e Difesa
Hackers vs Developers - SQL Injection - Attacco e DifesaSimone Onofri
 
Hackers vs Developers - Nuove e vecchie vulnerabilità con la OWASP TOP 10 2013
Hackers vs Developers - Nuove e vecchie vulnerabilità con la OWASP TOP 10 2013Hackers vs Developers - Nuove e vecchie vulnerabilità con la OWASP TOP 10 2013
Hackers vs Developers - Nuove e vecchie vulnerabilità con la OWASP TOP 10 2013Simone Onofri
 
Project management: Gestire progetto web con Agilità (con DSDM, Agile Project...
Project management: Gestire progetto web con Agilità (con DSDM, Agile Project...Project management: Gestire progetto web con Agilità (con DSDM, Agile Project...
Project management: Gestire progetto web con Agilità (con DSDM, Agile Project...Simone Onofri
 
Agile Lean Management - MoSCoW, Timeboxing e Kanban
Agile Lean Management - MoSCoW, Timeboxing e KanbanAgile Lean Management - MoSCoW, Timeboxing e Kanban
Agile Lean Management - MoSCoW, Timeboxing e KanbanSimone Onofri
 
TEDX TorVergataU - Intuition, Hacking e Nuove Tecnologie
TEDX TorVergataU -  Intuition, Hacking e Nuove TecnologieTEDX TorVergataU -  Intuition, Hacking e Nuove Tecnologie
TEDX TorVergataU - Intuition, Hacking e Nuove TecnologieSimone Onofri
 
Creative Commons
Creative CommonsCreative Commons
Creative CommonsPia Hanslep
 
Il Web del futuro: dati strutturati e semantici in XHTML con un click - RDFa
Il Web del futuro: dati strutturati e semantici in XHTML con un click - RDFaIl Web del futuro: dati strutturati e semantici in XHTML con un click - RDFa
Il Web del futuro: dati strutturati e semantici in XHTML con un click - RDFaSimone Onofri
 
Teenagers and Blogs
Teenagers and BlogsTeenagers and Blogs
Teenagers and Blogssbooth
 

Andere mochten auch (20)

Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
Gli HTTP Security Header e altri elementi da sapere su HTTP in un Web Applica...
 
Meetmagento 2014 hackers_onofri
Meetmagento 2014 hackers_onofriMeetmagento 2014 hackers_onofri
Meetmagento 2014 hackers_onofri
 
Hackers vs Developers - Cross Site Scripting (XSS) Attacco e difesa
Hackers vs Developers - Cross Site Scripting (XSS) Attacco e difesaHackers vs Developers - Cross Site Scripting (XSS) Attacco e difesa
Hackers vs Developers - Cross Site Scripting (XSS) Attacco e difesa
 
Security Project Management: Esperienze nella gestione di Vulnerability Asses...
Security Project Management: Esperienze nella gestione di Vulnerability Asses...Security Project Management: Esperienze nella gestione di Vulnerability Asses...
Security Project Management: Esperienze nella gestione di Vulnerability Asses...
 
IPMA 2014 World Congress - Stakeholder Engagement between Traditional and Ag...
IPMA 2014 World Congress -  Stakeholder Engagement between Traditional and Ag...IPMA 2014 World Congress -  Stakeholder Engagement between Traditional and Ag...
IPMA 2014 World Congress - Stakeholder Engagement between Traditional and Ag...
 
ORM Injection
ORM InjectionORM Injection
ORM Injection
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management -  How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management -  How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
 
Agile lean conference - Agile, Lean & Business
Agile lean conference - Agile, Lean & BusinessAgile lean conference - Agile, Lean & Business
Agile lean conference - Agile, Lean & Business
 
ISACA - Gestire progetti di Ethical Hacking secondo le best practices
ISACA - Gestire progetti di Ethical Hacking secondo le best practicesISACA - Gestire progetti di Ethical Hacking secondo le best practices
ISACA - Gestire progetti di Ethical Hacking secondo le best practices
 
Nuove minacce nella Cyber Security, come proteggersi
Nuove minacce nella Cyber Security, come proteggersiNuove minacce nella Cyber Security, come proteggersi
Nuove minacce nella Cyber Security, come proteggersi
 
Hackers vs Developers: vulnerabilità e soluzioni nello sviluppo di applicazio...
Hackers vs Developers: vulnerabilità e soluzioni nello sviluppo di applicazio...Hackers vs Developers: vulnerabilità e soluzioni nello sviluppo di applicazio...
Hackers vs Developers: vulnerabilità e soluzioni nello sviluppo di applicazio...
 
Mamma, da grande voglio essere un Penetration Tester HackInBo 2016 Winter
Mamma, da grande voglio essere un Penetration Tester HackInBo  2016 WinterMamma, da grande voglio essere un Penetration Tester HackInBo  2016 Winter
Mamma, da grande voglio essere un Penetration Tester HackInBo 2016 Winter
 
Hackers vs Developers - SQL Injection - Attacco e Difesa
Hackers vs Developers - SQL Injection - Attacco e DifesaHackers vs Developers - SQL Injection - Attacco e Difesa
Hackers vs Developers - SQL Injection - Attacco e Difesa
 
Hackers vs Developers - Nuove e vecchie vulnerabilità con la OWASP TOP 10 2013
Hackers vs Developers - Nuove e vecchie vulnerabilità con la OWASP TOP 10 2013Hackers vs Developers - Nuove e vecchie vulnerabilità con la OWASP TOP 10 2013
Hackers vs Developers - Nuove e vecchie vulnerabilità con la OWASP TOP 10 2013
 
Project management: Gestire progetto web con Agilità (con DSDM, Agile Project...
Project management: Gestire progetto web con Agilità (con DSDM, Agile Project...Project management: Gestire progetto web con Agilità (con DSDM, Agile Project...
Project management: Gestire progetto web con Agilità (con DSDM, Agile Project...
 
Agile Lean Management - MoSCoW, Timeboxing e Kanban
Agile Lean Management - MoSCoW, Timeboxing e KanbanAgile Lean Management - MoSCoW, Timeboxing e Kanban
Agile Lean Management - MoSCoW, Timeboxing e Kanban
 
TEDX TorVergataU - Intuition, Hacking e Nuove Tecnologie
TEDX TorVergataU -  Intuition, Hacking e Nuove TecnologieTEDX TorVergataU -  Intuition, Hacking e Nuove Tecnologie
TEDX TorVergataU - Intuition, Hacking e Nuove Tecnologie
 
Creative Commons
Creative CommonsCreative Commons
Creative Commons
 
Il Web del futuro: dati strutturati e semantici in XHTML con un click - RDFa
Il Web del futuro: dati strutturati e semantici in XHTML con un click - RDFaIl Web del futuro: dati strutturati e semantici in XHTML con un click - RDFa
Il Web del futuro: dati strutturati e semantici in XHTML con un click - RDFa
 
Teenagers and Blogs
Teenagers and BlogsTeenagers and Blogs
Teenagers and Blogs
 

Ähnlich wie Introduzione ai network penetration test secondo osstmm

SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis AlienVault
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemSneha Inguva
 
A New Framework for Detection
A New Framework for DetectionA New Framework for Detection
A New Framework for DetectionSourcefire VRT
 
Making Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalMaking Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalPriyanka Aash
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Nagios Conference 2014 - Anna-Sofia Lejman - The Experience of Inheriting a N...
Nagios Conference 2014 - Anna-Sofia Lejman - The Experience of Inheriting a N...Nagios Conference 2014 - Anna-Sofia Lejman - The Experience of Inheriting a N...
Nagios Conference 2014 - Anna-Sofia Lejman - The Experience of Inheriting a N...Nagios
 
Engineering Challenges Doing Intrusion Detection in the Cloud
Engineering Challenges Doing Intrusion Detection in the CloudEngineering Challenges Doing Intrusion Detection in the Cloud
Engineering Challenges Doing Intrusion Detection in the Cloudrandomuserid
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Alexander Reelsen - Seccomp for Developers
Alexander Reelsen - Seccomp for DevelopersAlexander Reelsen - Seccomp for Developers
Alexander Reelsen - Seccomp for DevelopersDevDay Dresden
 
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Cisco Russia
 
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Jim Clausing
 
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFVelocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFBrendan Gregg
 
Uvm presentation dac2011_final
Uvm presentation dac2011_finalUvm presentation dac2011_final
Uvm presentation dac2011_finalsean chen
 
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFUSENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFBrendan Gregg
 

Ähnlich wie Introduzione ai network penetration test secondo osstmm (20)

SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
 
A New Framework for Detection
A New Framework for DetectionA New Framework for Detection
A New Framework for Detection
 
Making Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalMaking Threat Intelligence Actionable Final
Making Threat Intelligence Actionable Final
 
Inside Winnyp
Inside WinnypInside Winnyp
Inside Winnyp
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 
Nagios Conference 2014 - Anna-Sofia Lejman - The Experience of Inheriting a N...
Nagios Conference 2014 - Anna-Sofia Lejman - The Experience of Inheriting a N...Nagios Conference 2014 - Anna-Sofia Lejman - The Experience of Inheriting a N...
Nagios Conference 2014 - Anna-Sofia Lejman - The Experience of Inheriting a N...
 
Engineering Challenges Doing Intrusion Detection in the Cloud
Engineering Challenges Doing Intrusion Detection in the CloudEngineering Challenges Doing Intrusion Detection in the Cloud
Engineering Challenges Doing Intrusion Detection in the Cloud
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Alexander Reelsen - Seccomp for Developers
Alexander Reelsen - Seccomp for DevelopersAlexander Reelsen - Seccomp for Developers
Alexander Reelsen - Seccomp for Developers
 
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
 
Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...Building an Automated Behavioral Malware Analysis Environment using Free and ...
Building an Automated Behavioral Malware Analysis Environment using Free and ...
 
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
 
SIEM
SIEMSIEM
SIEM
 
Incident Response: SIEM
Incident Response: SIEMIncident Response: SIEM
Incident Response: SIEM
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
 
Velocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPFVelocity 2017 Performance analysis superpowers with Linux eBPF
Velocity 2017 Performance analysis superpowers with Linux eBPF
 
Uvm presentation dac2011_final
Uvm presentation dac2011_finalUvm presentation dac2011_final
Uvm presentation dac2011_final
 
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFUSENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
 

Mehr von Simone Onofri

Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101Simone Onofri
 
Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day Simone Onofri
 
Attacking Ethereum Smart Contracts a deep dive after ~9 years of deployment
Attacking Ethereum Smart Contracts  a deep dive after ~9 years of deploymentAttacking Ethereum Smart Contracts  a deep dive after ~9 years of deployment
Attacking Ethereum Smart Contracts a deep dive after ~9 years of deploymentSimone Onofri
 
Linux Day 2018 Roma - Web Application Penetration Test (WAPT) con Linux
Linux Day 2018 Roma - Web Application Penetration Test (WAPT) con LinuxLinux Day 2018 Roma - Web Application Penetration Test (WAPT) con Linux
Linux Day 2018 Roma - Web Application Penetration Test (WAPT) con LinuxSimone Onofri
 
Agile Lean Conference 2017 - Leadership e facilitazione
Agile Lean Conference 2017 - Leadership e facilitazioneAgile Lean Conference 2017 - Leadership e facilitazione
Agile Lean Conference 2017 - Leadership e facilitazioneSimone Onofri
 
Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...
Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...
Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...Simone Onofri
 
Agile Project Framework
Agile Project FrameworkAgile Project Framework
Agile Project FrameworkSimone Onofri
 
Agile nei servizi di cyber security (Security Summit Edition)
Agile nei servizi di cyber security (Security Summit Edition)Agile nei servizi di cyber security (Security Summit Edition)
Agile nei servizi di cyber security (Security Summit Edition)Simone Onofri
 
Security Project Management - Agile nei servizi di Cyber Security
Security Project Management - Agile nei servizi di Cyber SecuritySecurity Project Management - Agile nei servizi di Cyber Security
Security Project Management - Agile nei servizi di Cyber SecuritySimone Onofri
 
Cyber Defense - How to find and manage zero-days
Cyber Defense - How to find and manage zero-days Cyber Defense - How to find and manage zero-days
Cyber Defense - How to find and manage zero-days Simone Onofri
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Penetration Testing con Python - Network Sniffer
Penetration Testing con Python - Network SnifferPenetration Testing con Python - Network Sniffer
Penetration Testing con Python - Network SnifferSimone Onofri
 
Agile e Lean Management
 Agile e Lean Management Agile e Lean Management
Agile e Lean ManagementSimone Onofri
 
Lean Startup Machine - Rome - Agile e Lean Project Management
Lean Startup Machine - Rome - Agile e Lean Project ManagementLean Startup Machine - Rome - Agile e Lean Project Management
Lean Startup Machine - Rome - Agile e Lean Project ManagementSimone Onofri
 
ITSMF Conferenza 2014 - L'officina Agile per innovare l'IT Service Management
ITSMF Conferenza 2014 - L'officina Agile per innovare l'IT Service ManagementITSMF Conferenza 2014 - L'officina Agile per innovare l'IT Service Management
ITSMF Conferenza 2014 - L'officina Agile per innovare l'IT Service ManagementSimone Onofri
 

Mehr von Simone Onofri (15)

Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
 
Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day
 
Attacking Ethereum Smart Contracts a deep dive after ~9 years of deployment
Attacking Ethereum Smart Contracts  a deep dive after ~9 years of deploymentAttacking Ethereum Smart Contracts  a deep dive after ~9 years of deployment
Attacking Ethereum Smart Contracts a deep dive after ~9 years of deployment
 
Linux Day 2018 Roma - Web Application Penetration Test (WAPT) con Linux
Linux Day 2018 Roma - Web Application Penetration Test (WAPT) con LinuxLinux Day 2018 Roma - Web Application Penetration Test (WAPT) con Linux
Linux Day 2018 Roma - Web Application Penetration Test (WAPT) con Linux
 
Agile Lean Conference 2017 - Leadership e facilitazione
Agile Lean Conference 2017 - Leadership e facilitazioneAgile Lean Conference 2017 - Leadership e facilitazione
Agile Lean Conference 2017 - Leadership e facilitazione
 
Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...
Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...
Agile Business Consortium - LEGO SERIOUS PLAY e i Principi di Agile Project M...
 
Agile Project Framework
Agile Project FrameworkAgile Project Framework
Agile Project Framework
 
Agile nei servizi di cyber security (Security Summit Edition)
Agile nei servizi di cyber security (Security Summit Edition)Agile nei servizi di cyber security (Security Summit Edition)
Agile nei servizi di cyber security (Security Summit Edition)
 
Security Project Management - Agile nei servizi di Cyber Security
Security Project Management - Agile nei servizi di Cyber SecuritySecurity Project Management - Agile nei servizi di Cyber Security
Security Project Management - Agile nei servizi di Cyber Security
 
Cyber Defense - How to find and manage zero-days
Cyber Defense - How to find and manage zero-days Cyber Defense - How to find and manage zero-days
Cyber Defense - How to find and manage zero-days
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Penetration Testing con Python - Network Sniffer
Penetration Testing con Python - Network SnifferPenetration Testing con Python - Network Sniffer
Penetration Testing con Python - Network Sniffer
 
Agile e Lean Management
 Agile e Lean Management Agile e Lean Management
Agile e Lean Management
 
Lean Startup Machine - Rome - Agile e Lean Project Management
Lean Startup Machine - Rome - Agile e Lean Project ManagementLean Startup Machine - Rome - Agile e Lean Project Management
Lean Startup Machine - Rome - Agile e Lean Project Management
 
ITSMF Conferenza 2014 - L'officina Agile per innovare l'IT Service Management
ITSMF Conferenza 2014 - L'officina Agile per innovare l'IT Service ManagementITSMF Conferenza 2014 - L'officina Agile per innovare l'IT Service Management
ITSMF Conferenza 2014 - L'officina Agile per innovare l'IT Service Management
 

Kürzlich hochgeladen

UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 

Kürzlich hochgeladen (20)

UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 

Introduzione ai network penetration test secondo osstmm

  • 1. Introduzione  ai  Network  Penetra1on   Test  secondo  l’OSSTMM Linux  Day  2012 Roma,  27  o)obre  2012 Simone  Onofri  -­‐  simone.onofri@techub.it
  • 2. Introduzione NPT  e  OSSTMM
  • 6. Network  Penetra1on  Test Il  Network  Penetra/on  Test   ha  lo  scopo  verificare  la   sicurezza  dei  sistemi   espos/  sulla  rete.
  • 7. Network  Penetra1on  Test Viene  valutata  la  presenza   e  la  correBa   implementazione  dei   controlli  che  annullano,  o   limitano  le  minacce  
  • 8. Network  Penetra1on  Test L’a>vità  valuta  uno   scenario  specifico  secondo   il  bersaglio,  la  posizione   degli  aCaccan/  e  le   informazioni  disponibili
  • 14. Network  Penetra1on  Test   Methodology
  • 17. traceroute  to  isecom.org # traceroute -n isecom.org traceroute to isecom.org (216.92.116.13), 64 hops max, 52 byte packets [...] 16 195.22.192.181 48.888 ms 52.587 ms 49.014 ms 17 89.221.34.50 40.760 ms 37.027 ms 40.741 ms 18 64.210.21.150 180.909 ms 170.083 ms 178.578 ms 19 * * * 20 * * *
  • 18. traceroute  to  isecom.org # tcpdump -Sni en0 440701 IP 195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36 493212 IP 195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36 542222 IP 195.22.192.181 > 10.10.10.10: ICMP time exceeded in-transit, length 36 583138 IP 89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36 620053 IP 89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36 660844 IP 89.221.34.50 > 10.10.10.10: ICMP time exceeded in-transit, length 36 841862 IP 64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36 011975 IP 64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36 190596 IP 64.210.21.150 > 10.10.10.10: ICMP time exceeded in-transit, length 36
  • 19. breve  introduzione  alla   Cosa  bisogna  sapere metodologia
  • 20. “security  is  about   protec1on” Pete  Herzog  -­‐  No  More  of  the  Same  Bad  Security
  • 21. Operational Security Access Visibility Trust Exposure! Vulnerability! Authentication NonRepudiation Indemnification Confidentiality Resilience Privacy Subjugation Integrity Continuity Alarm Weakness! Concern! Interactive Controls Process Controls
  • 22. Cosa  bisogna  fare regole  di  ingaggio  e  auditor  trifecta
  • 23. Regole  di  ingaggio  (selezione) come  “regolamentare”   l’a>vità
  • 24. Regole  di  ingaggio  (selezione) Paura Incertezza Inganno
  • 25. Regole  di  ingaggio  (selezione) X Paura Incertezza Inganno
  • 26. Regole  di  ingaggio  (selezione) se  non  /  buco  è  gra/s
  • 27. Regole  di  ingaggio  (selezione) X se  non  /  buco  è  gra/s
  • 28. Regole  di  ingaggio  (selezione) fare  i  test  SOLO  se   espressamente  autorizza/
  • 29. Regole  di  ingaggio  (selezione) a  prescindere  da  NDA,  non   divulgare  mai  informazioni   o  risulta/
  • 30. Regole  di  ingaggio  (selezione) conosci  i  tuoi  strumen/
  • 31. Regole  di  ingaggio  (selezione) non  lasciare  lo  scope  meno   sicuro  di  come  era  prima   del  tuo  arrivo
  • 32. Regole  di  ingaggio  (selezione)
  • 33. Trifecta     sono  le  tre  domande  da   farsi  durante  un’a>vità
  • 34. Trifecta     Come  funziona?
  • 35. Trifecta     Come  il  management   pensa  che  funzioni?
  • 36. Trifecta     Di  cosa  effe>vamente   c’è  bisogno?
  • 38. Test  sulla  sicurezza   alcuni  elemen1  secondo  l’OSSTMM delle  Re1  di  Da1  
  • 42. # whois isecom.org [...] Registrant Organization:Institute for Security and Open Methodologies [...] Registrant City:Lake George Registrant State/Province:NY Registrant Postal Code:12845 Registrant Country:US Registrant Phone:+1.5186*********** [...] Registrant Email:a*******@isecom.org Admin Name:Peter Herzog Admin Organization:Institute for Security and Open Methodologies [...] Admin City:Lake George Admin State/Province:NY Admin Postal Code:12845 Admin Country:US Admin Phone:+1. 5186*********** Admin FAX Ext.: Admin Email:a*******@isecom.org [...] Name Server:NS222.PAIR.COM Name Server:NS0000.NS0.COM
  • 43. # dig isecom.org @NS222.PAIR.COM ANY ; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM ANY ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65151 ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;isecom.org. IN ANY ;; ANSWER SECTION: isecom.org. 3600 IN A 216.92.116.13 isecom.org. 3600 IN MX 50 mailwash4.pair.com. isecom.org. 3600 IN SOA ns222.pair.com. root.pair.com. 2012020511 3600 300 604800 3600 isecom.org. 3600 IN NS ns0000.ns0.com. isecom.org. 3600 IN NS ns222.pair.com. ;; Query time: 176 msec ;; SERVER: 209.68.2.67#53(209.68.2.67) [...]
  • 44. # whois 216.92.116.13 NetRange: 216.92.0.0 - 216.92.255.255 CIDR: 216.92.0.0/16 OriginAS: NetName: PAIRNET-BLK-3 NetHandle: NET-216-92-0-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1998-09-25 Updated: 2001-06-14 Ref: http://whois.arin.net/rest/net/NET-216-92-0-0-1 OrgName: pair Networks OrgId: PAIR Address: 2403 Sidney St Address: Suite 510 City: Pittsburgh StateProv: PA PostalCode: 15232 Country: US RegDate: 1997-01-30 Updated: 2008-10-04
  • 45. # nmap -PN --traceroute -n -p80 isecom.org Starting Nmap 6.00 ( http://nmap.org ) at 2012-10-27 09:00 CEST Nmap scan report for isecom.org (216.92.116.13) Host is up (0.17s latency). PORT STATE SERVICE 80/tcp open http TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS [...] 17 42.97 ms 89.221.34.110 18 166.42 ms 64.210.21.150 19 ... 20 165.39 ms 216.92.116.13 Nmap done: 1 IP address (1 host up) scanned in 3.28 seconds
  • 47. # hping2 --icmp -c 100 isecom.org HPING isecom.org (en0 216.92.116.13): icmp mode set, 28 headers + 0 data bytes len=46 ip=216.92.116.13 ttl=48 id=16179 icmp_seq=0 rtt=164.9 ms len=46 ip=216.92.116.13 ttl=48 id=16501 icmp_seq=1 rtt=161.0 ms len=46 ip=216.92.116.13 ttl=48 id=16733 icmp_seq=2 rtt=165.8 ms [...] len=46 ip=216.92.116.13 ttl=48 id=39293 icmp_seq=91 rtt=171.9 ms len=46 ip=216.92.116.13 ttl=48 id=39386 icmp_seq=92 rtt=161.4 ms len=46 ip=216.92.116.13 ttl=48 id=39563 icmp_seq=93 rtt=167.6 ms len=46 ip=216.92.116.13 ttl=48 id=39777 icmp_seq=94 rtt=168.3 ms len=46 ip=216.92.116.13 ttl=48 id=40557 icmp_seq=95 rtt=164.5 ms len=46 ip=216.92.116.13 ttl=48 id=41028 icmp_seq=96 rtt=171.0 ms len=46 ip=216.92.116.13 ttl=48 id=41289 icmp_seq=97 rtt=165.6 ms len=46 ip=216.92.116.13 ttl=48 id=41378 icmp_seq=98 rtt=167.3 ms len=46 ip=216.92.116.13 ttl=48 id=41860 icmp_seq=99 rtt=167.4 ms --- isecom.org hping statistic --- 100 packets tramitted, 97 packets received, 3% packet loss round-trip min/avg/max = 161.0/167.1/211.4 ms
  • 48. # hping2 -S -p 80 -c 100 isecom.org HPING isecom.org (en0 216.92.116.13): S set, 40 headers + 0 data bytes len=46 ip=216.92.116.13 ttl=50 DF id=25484 sport=80 flags=SA seq=0 win=65535 rtt=181.7 ms len=46 ip=216.92.116.13 ttl=50 DF id=26974 sport=80 flags=SA seq=1 win=65535 rtt=167.9 ms len=46 ip=216.92.116.13 ttl=50 DF id=27338 sport=80 flags=SA seq=2 win=65535 rtt=165.3 ms [...] len=46 ip=216.92.116.13 ttl=48 DF id=54788 sport=80 flags=SA seq=86 win=65535 rtt=201.6 ms len=46 ip=216.92.116.13 ttl=50 DF id=55028 sport=80 flags=SA seq=87 win=65535 rtt=207.3 ms len=46 ip=216.92.116.13 ttl=50 DF id=55696 sport=80 flags=SA seq=94 win=65535 rtt=170.4 ms len=46 ip=216.92.116.13 ttl=48 DF id=56158 sport=80 flags=SA seq=95 win=65535 --- isecom.org hping statistic --- 100 packets tramitted, 99 packets received, 1% packet loss round-trip min/avg/max = 161.7/171.6/264.2 ms
  • 49. # hping2 --udp -c 100 isecom.org HPING isecom.org (en0 216.92.116.13): udp mode set, 28 headers + 0 data bytes ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org [...] ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org ICMP Port Unreachable from ip=216.92.116.13 name=isecom.org --- isecom.org hping statistic --- 100 packets tramitted, 22 packets received, 78% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms
  • 51. # curl -kisX HEAD isecom.org HTTP/1.1 200 OK Date: Wed, 26 Oct 2012 09:30:00 GMT Server: Apache/2.2.22 Last-Modified: Fri, 13 Apr 2012 15:48:14 GMT ETag: "3e3a-4bd916679ab80" Accept-Ranges: bytes Content-Length: 15930 Identity: The Institute for Security and Open Methodologies P3P: Not supported at this time
  • 52. 11.3  Ac1ve  Detec1on   Verifica1on
  • 54. 11.3.2  Ac1ve   Detec1on
  • 55. # curl -kisX HEAD "http://isecom.org/etc/ passwd?format=%%&xss="> <script>alert('xss');</ script>&traversal=../../&sql='%20OR%201;" HTTP/1.1 404 Not Found Date: Wed, 27 Oct 2012 09:30:00 GMT Server: Apache/2.2.22 Last-Modified: Fri, 13 Apr 2012 15:48:13 GMT ETag: "25db-4bd91666a6940" Accept-Ranges: bytes Content-Length: 9691 Identity: The Institute for Security and Open Methodologies P3P: Not supported at this time
  • 57. 11.4.1  Network   Surveying
  • 58. # dig isecom.org @NS222.PAIR.COM A ; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM A ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19360 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;isecom.org. IN A ;; ANSWER SECTION: isecom.org. 3600 IN A 216.92.116.13 # dig isecom.org @NS222.PAIR.COM AAAA ; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM AAAA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26450 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 # dig isecom.org @NS222.PAIR.COM AXFR ; <<>> DiG 9.8.3-P1 <<>> isecom.org @NS222.PAIR.COM AXFR ;; global options: +cmd ; Transfer failed.
  • 60. # nmap -sT -Pn -n --top-ports 10 isecom.org Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:10 CEST Nmap scan report for isecom.org (216.92.116.13) Host is up (0.23s latency). PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp closed telnet 25/tcp filtered smtp 80/tcp open http 110/tcp open pop3 139/tcp closed netbios-ssn 443/tcp open https 445/tcp closed microsoft-ds 3389/tcp closed ms-wbt-server Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
  • 61. # nmap -sT -Pn -n --top-ports 10 --reason isecom.org Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:17 CEST Nmap scan report for isecom.org (216.92.116.13) Host is up, received user-set (0.22s latency). PORT STATE SERVICE REASON 21/tcp open ftp syn-ack 22/tcp open ssh syn-ack 23/tcp closed telnet conn-refused 25/tcp filtered smtp no-response 80/tcp open http syn-ack 110/tcp open pop3 syn-ack 139/tcp closed netbios-ssn conn-refused 443/tcp open https syn-ack 445/tcp closed microsoft-ds conn-refused 3389/tcp closed ms-wbt-server conn-refused
  • 62. # nmap -sU -Pn -n --top-ports 10 --reason isecom.org Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:28 CEST Nmap scan report for hackerhighschool.org (216.92.116.13) Host is up, received user-set (0.23s latency). PORT STATE SERVICE REASON 53/udp closed domain port-unreach 67/udp open|filtered dhcps no-response 123/udp closed ntp port-unreach 135/udp closed msrpc port-unreach 137/udp closed netbios-ns port-unreach 138/udp closed netbios-dgm port-unreach 161/udp closed snmp port-unreach 445/udp closed microsoft-ds port-unreach 631/udp closed ipp port-unreach 1434/udp closed ms-sql-m port-unreach
  • 63. # nmap -sU -Pn -n -p53,67 --reason --packet-trace isecom.org Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:32 CEST SENT (0.0508s) UDP 192.168.100.53:54940 > 216.92.116.13:67 ttl=46 id=54177 iplen=28 SENT (0.0509s) UDP 192.168.100.53:54940 > 216.92.116.13:53 ttl=37 id=17751 iplen=40 RCVD (0.3583s) ICMP 216.92.116.13 > 192.168.100.53 Port unreachable (type=3/code=3) ttl=54 id=1724 iplen=56 SENT (2.5989s) UDP 192.168.100.53:54941 > 216.92.116.13:67 ttl=49 id=33695 iplen=28 Nmap scan report for isecom.org (216.92.116.13) Host is up, received user-set (0.31s latency). PORT STATE SERVICE REASON 53/udp closed domain port-unreach 67/udp open|filtered dhcps no-response Nmap done: 1 IP address (1 host up) scanned in 4.15 seconds
  • 67. # nmap -sUV -Pn -n -p53,67 --reason --packet-trace isecom.org Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-23 04:44 CEST SENT (0.1730s) UDP 192.168.100.53:62664 > 216.92.116.13:53 ttl=48 id=23048 iplen=40 SENT (0.1731s) UDP 192.168.100.53:62664 > 216.92.116.13:67 ttl=48 id=53183 iplen=28 RCVD (0.4227s) ICMP 216.92.116.13 > 192.168.100.53 Port unreachable (type=3/ code=3) ttl=54 id=20172 iplen=56 SENT (2.4252s) UDP 192.168.100.53:62665 > 216.92.116.13:67 ttl=50 id=39909 iplen=28 NSOCK (3.8460s) UDP connection requested to 216.92.116.13:67 (IOD #1) EID 8 NSOCK (3.8460s) Callback: CONNECT SUCCESS for EID 8 [216.92.116.13:67] Service scan sending probe RPCCheck to 216.92.116.13:67 (udp) ...and more 80 packets... Nmap scan report for isecom.org (216.92.116.13) Host is up, received user-set (0.25s latency). PORT STATE SERVICE REASON VERSION 53/udp closed domain port-unreach 67/udp open|filtered dhcps no-response
  • 68. # nmap -sTV -Pn isecom.org --top-ports 10 --reason Starting Nmap 6.00 ( http://nmap.org ) at 2012-10-25 01:41 CEST Nmap scan report for isecom.org (216.92.116.13) Host is up, received user-set (0.17s latency). PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack NcFTPd 22/tcp open ssh syn-ack OpenSSH 6.1 (protocol 2.0) 23/tcp closed telnet conn-refused 25/tcp filtered smtp no-response 80/tcp open http syn-ack Apache httpd 2.2.22 110/tcp open pop3 syn-ack Dovecot pop3d 139/tcp filtered netbios-ssn no-response 443/tcp open ssl/http syn-ack Apache httpd 2.2.22 445/tcp filtered microsoft-ds no-response 3389/tcp closed ms-wbt-server conn-refused
  • 71. 11.7  Controls   Verifica1on
  • 73. 11.9  Configura1on   Verifica1on
  • 74. 11.10  Property   Valida1on
  • 76. 11.12  Exposure   Verifica1on
  • 78. 11.14  Quaran1ne   Verifica1on
  • 80. 11.16  Survivability   Verifica1on
  • 81. 11.17  Alert  and  Log   Review
  • 82. Conclusioni riferimen1,  strumen1
  • 83. STAR  Report  e  Test  OSSTMM