SlideShare ist ein Scribd-Unternehmen logo

Itis pentest slides hyd

Rama krishna
Rama krishna

Sample Pentest Slides

Technologie
1 von 23
Penetration Testing Akhil, CEH,CCSP ITIS Solutions Pvt Ltd, India
Before We Start  My Introduction.  Audience Type.  Expectations from this presentation.  Disclaimer.  Not a professional Tester  Based on my learning, Understanding.
Agenda  Background.  What is Penetration Testing.  Need for Penetration Testing.  Methods and Techniques of Pen Test.  Demo.  Tiger tools.  MetaSploit.  ExploitTree  Whopix.  ERD Commander(local Password Craking).  Questions.  Resources.
Background What is Penetration Testing  A form of stress testing, which exposes weaknesses or flaws in a computer system.  Art of finding an open door.  A valued assurance assessment tool.  PT can be used to find Flaws in  Policies  Specifications  Architecture,  Implementation,  Software,  Hardware,  And many more………………
Background Need for Penetration Testing  To find poorly configured machines.  Verify that security mechanisms are working.  Help organizations to tighten the Security system. FACT!!!! 99.9% secure = 100%vulnerable!
Methods and Techniques of Pen Test.  Black Box  zero-knowledge testing  Tester need to acquire the knowledge and penetrate.  Acquire knowledge using tools or Social Engineering techniques  Publicly available information may be given to the penetration tester, Benefits: Black box testing is intended to closely replicate the attack made by an outsider without any information of the system. This kind of testing will give an insight of the robustness of the security when under attack by script kiddies
Methods and Techniques of Pen Test. White Box  complete-knowledge testing  Testers are given full information about the target system they are supposed to attack .  Information includes ,  Technology overviews,  Data flow diagrams  Code snippets  More….. Benefits:  reveals more vulnerabilities and may be faster.  compared to replicate an attack from a criminal hacker that knows the company infrastructure very well. This hacker may be an employee of the company itself, doing an internal attack
Methods and Techniques of Pen Test. Gray-box or crystal-box test The tester simulates an inside employee. The tester is given an account on the internal network and standard access to the network. This test assesses internal threats from employees within the company.
Methodology of Penetration Testing. There are NO formal methods of Penetration testing!!!!!!!!  Typically has Seven Stages  Scope/Goal Definition  Information Gathering  Vulnerability Detection  Information Analysis and Planning.  Attack& Penetration/Privilege Escalation.  Result Analysis & Reporting.  Cleanup. REPEAT
Methodology of Penetration Testing. STAGE 1: Scope/Goal Definition  Which attacker profile the tester will use  Hacker with no knowledge about the target.  Hacker with knowledge about the target.  Internal user with access.  Which systems or networks the test will be conducted.  How long will the test last.
Methodology of Penetration Testing. STAGE 2: Information Gathering.  Information about the Targets.  Publicly available information( WWW.Arin.net, nslookup)  Technical Information provided by organisation.
Methodology of Penetration Testing. STAGE 3: Vulnerability Detection.  Manual Detection  manually probe the target host for common misconfigurations or flaws because a vulnerability scanner can fail to identify certain vulnerabilities.  Ex: database configurations etc….  Using Software.  Use of commercial or Freeware Scanners to enumerate known flaws or vulnerabilities , Ex: Retina ,Hfnectcheck, GFI Languard, Nikito, nmap so on. PLENTY TOOLS available in Market/Internet.
Methodology of Penetration Testing. STAGE 4: Information Analysis and Planning.  Collating the information gathered in previous stages.  Preparation of High level attack planning  Overall Approach  Target identification.
Methodology of Penetration Testing. STAGE 5: Attack & Penetration/Privilege Escalation. Has Two Sub Stages  I. Attack & Penetration  Known/available exploit selection  Tester acquires publicly available s/w for exploiting.  Exploit customization  Customize exploit s/w program to work as desired.  Exploit development  Develop own exploit if no exploit program available.  Exploit testing  Exploit must be tested before formal Test to avoid damage.  Attack.  Use of exploit to again unauthorized access to target
Methodology of Penetration Testing. STAGE 5: Attack & Penetration/Privilege Escalation.  II. Privilege Escalation  What can be done with acquired access/privileges.  Alter.  Damage.  What not …… Repeat the Stages (2 to 5)
Methodology of Penetration Testing. STAGE 6:Result Analysis & Reporting Organize Data/related results for Management Reporting.  Consolidation of Information gathered.  Analysis and Extraction of General conclusions.  Recommendations.
Methodology of Penetration Testing. STAGE 7:Cleanup Cleaning of all that has been done during the testing  Any System alterations  Exploits
Resources.  Guidelines  OSSTMM :The Open Source Security Testing Methodology Manual.  OWASP :Open Web Application Security Project.  Tools  NMAP,Nikito,John,CAIN&able and many more………….  Whopix  Tigertools (Commercial Tool)  Metasploit.  ExploitTree.  Core Impact (Commercial Tool)
Metasploit Framework
ExploitTree Framework
MilWorm
Demos  DCOM vulnerability using ExploitTree.  Password Cracker –Tiger Tools.  WHOPIX.  Security Auditor.  Pasword Craking (Raptor Chown-Recorded Demo).  ExploitTree.  MetaSploit.
Questions Questions?.

Empfohlen

Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing services
Alisha Henderson
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Nameen Singh
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
Cyber 51 LLC
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 

Empfohlen

Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing services
Alisha Henderson
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Nameen Singh
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
Cyber 51 LLC
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
OWASP Foundation
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)
FFRI, Inc.
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
EC-Council
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Engineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and ResponseEngineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and Response
Jinnah University for Women
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
shaabani-Final-NC
shaabani-Final-NCshaabani-Final-NC
shaabani-Final-NC
Mahdi Shabani
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
tahreemsaleem
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
Chema Alonso
 
Vulnerability
VulnerabilityVulnerability
Vulnerability
Mohit Dholakiya
 
Software security testing
Software security testingSoftware security testing
Software security testing
nehabsairam
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
Mohit Dholakiya
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
Chong-Kuan Chen
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
Ashwini Almad
 
Approach AI assurance
Approach AI assuranceApproach AI assurance
Approach AI assurance
Aviral Srivastava
 
Tablet pc by jangid
Tablet pc by jangidTablet pc by jangid
Tablet pc by jangid
JANGID_ML
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
Đàm Tư
 

Weitere ähnliche Inhalte

Was ist angesagt?

Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)
FFRI, Inc.
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 

Was ist angesagt? (20)

Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Web application Testing
Web application TestingWeb application Testing
Web application Testing
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Engineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and ResponseEngineering Security Vulnerability Prevention, Detection, and Response
Engineering Security Vulnerability Prevention, Detection, and Response
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
shaabani-Final-NC
shaabani-Final-NCshaabani-Final-NC
shaabani-Final-NC
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
 
Vulnerability
VulnerabilityVulnerability
Vulnerability
 
Software security testing
Software security testingSoftware security testing
Software security testing
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
 
Approach AI assurance
Approach AI assuranceApproach AI assurance
Approach AI assurance
 

Andere mochten auch

Tablet pc by jangid
Tablet pc by jangidTablet pc by jangid
Tablet pc by jangid
JANGID_ML
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
Đàm Tư
 
Munduko lantegiak ausoko tailerrak slideshare
Munduko lantegiak ausoko tailerrak slideshareMunduko lantegiak ausoko tailerrak slideshare
Munduko lantegiak ausoko tailerrak slideshare
lauroteknologia
 
Nola marraztu seinale bat geometria
Nola marraztu seinale bat geometriaNola marraztu seinale bat geometria
Nola marraztu seinale bat geometria
lauroteknologia
 
Computer basics
Computer basicsComputer basics
Computer basics
JANGID_ML
 
Computer virus
Computer virusComputer virus
Computer virus
JANGID_ML
 
Max Muscle Sports Nutrition Supplement Guide for 2013
Max Muscle Sports Nutrition Supplement Guide for 2013Max Muscle Sports Nutrition Supplement Guide for 2013
Max Muscle Sports Nutrition Supplement Guide for 2013
Rich Carr
 
Computer basics
Computer basicsComputer basics
Computer basics
JANGID_ML
 
Computer basics for all . jangid ml
Computer basics for all . jangid mlComputer basics for all . jangid ml
Computer basics for all . jangid ml
JANGID_ML
 
Enginemanagementsystemfinal 141115224136-conversion-gate01
Enginemanagementsystemfinal 141115224136-conversion-gate01Enginemanagementsystemfinal 141115224136-conversion-gate01
Enginemanagementsystemfinal 141115224136-conversion-gate01
Axu Batax
 
Softwares . jangid ml
Softwares . jangid mlSoftwares . jangid ml
Softwares . jangid ml
JANGID_ML
 
Apple and sugar feeding in adult codling moths
Apple and sugar feeding in adult codling mothsApple and sugar feeding in adult codling moths
Apple and sugar feeding in adult codling moths
Dith Jose
 
E learning ..jangid ml
E learning ..jangid mlE learning ..jangid ml
E learning ..jangid ml
JANGID_ML
 

Andere mochten auch (20)

Tablet pc by jangid
Tablet pc by jangidTablet pc by jangid
Tablet pc by jangid
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
 
Munduko lantegiak ausoko tailerrak slideshare
Munduko lantegiak ausoko tailerrak slideshareMunduko lantegiak ausoko tailerrak slideshare
Munduko lantegiak ausoko tailerrak slideshare
 
Nola marraztu seinale bat geometria
Nola marraztu seinale bat geometriaNola marraztu seinale bat geometria
Nola marraztu seinale bat geometria
 
Computer basics
Computer basicsComputer basics
Computer basics
 
Scs5export
Scs5exportScs5export
Scs5export
 
Computer virus
Computer virusComputer virus
Computer virus
 
Max Muscle Sports Nutrition Supplement Guide for 2013
Max Muscle Sports Nutrition Supplement Guide for 2013Max Muscle Sports Nutrition Supplement Guide for 2013
Max Muscle Sports Nutrition Supplement Guide for 2013
 
Computer basics
Computer basicsComputer basics
Computer basics
 
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
Does This Theme Make My Website Look Fat? (Wordcamp SLC 2013)
 
Computer basics for all . jangid ml
Computer basics for all . jangid mlComputer basics for all . jangid ml
Computer basics for all . jangid ml
 
Kat.ppt
Kat.pptKat.ppt
Kat.ppt
 
Enginemanagementsystemfinal 141115224136-conversion-gate01
Enginemanagementsystemfinal 141115224136-conversion-gate01Enginemanagementsystemfinal 141115224136-conversion-gate01
Enginemanagementsystemfinal 141115224136-conversion-gate01
 
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
Improving Your Website's Usability for Happier Visitors & Stickier User Exper...
 
Softwares . jangid ml
Softwares . jangid mlSoftwares . jangid ml
Softwares . jangid ml
 
Html tags
Html tagsHtml tags
Html tags
 
Apple and sugar feeding in adult codling moths
Apple and sugar feeding in adult codling mothsApple and sugar feeding in adult codling moths
Apple and sugar feeding in adult codling moths
 
2011 Reclame Presentatie V5 2011
2011 Reclame Presentatie V5 20112011 Reclame Presentatie V5 2011
2011 Reclame Presentatie V5 2011
 
E learning ..jangid ml
E learning ..jangid mlE learning ..jangid ml
E learning ..jangid ml
 
The rajasthan educatonal service rules 1970
The rajasthan educatonal service rules 1970The rajasthan educatonal service rules 1970
The rajasthan educatonal service rules 1970
 

Ähnlich wie Itis pentest slides hyd

Network Penetration Testing Service
Network Penetration Testing ServiceNetwork Penetration Testing Service
Network Penetration Testing Service
Sense Learner Technologies Pvt Ltd
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
Sense Learner Technologies Pvt Ltd
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
Chris Nickerson
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
cscpconf
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
 

Ähnlich wie Itis pentest slides hyd (20)

Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
What are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdfWhat are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdf
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testing
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Network Penetration Testing Service
Network Penetration Testing ServiceNetwork Penetration Testing Service
Network Penetration Testing Service
 
smpef
smpefsmpef
smpef
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
J1803067477
J1803067477J1803067477
J1803067477
 
What are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration TestingWhat are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration Testing
 
What are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdfWhat are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdf
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Itis pentest slides hyd

  • 1. Penetration Testing Akhil, CEH,CCSP ITIS Solutions Pvt Ltd, India
  • 2. Before We Start  My Introduction.  Audience Type.  Expectations from this presentation.  Disclaimer.  Not a professional Tester  Based on my learning, Understanding.
  • 3. Agenda  Background.  What is Penetration Testing.  Need for Penetration Testing.  Methods and Techniques of Pen Test.  Demo.  Tiger tools.  MetaSploit.  ExploitTree  Whopix.  ERD Commander(local Password Craking).  Questions.  Resources.
  • 4. Background What is Penetration Testing  A form of stress testing, which exposes weaknesses or flaws in a computer system.  Art of finding an open door.  A valued assurance assessment tool.  PT can be used to find Flaws in  Policies  Specifications  Architecture,  Implementation,  Software,  Hardware,  And many more………………
  • 5. Background Need for Penetration Testing  To find poorly configured machines.  Verify that security mechanisms are working.  Help organizations to tighten the Security system. FACT!!!! 99.9% secure = 100%vulnerable!
  • 6. Methods and Techniques of Pen Test.  Black Box  zero-knowledge testing  Tester need to acquire the knowledge and penetrate.  Acquire knowledge using tools or Social Engineering techniques  Publicly available information may be given to the penetration tester, Benefits: Black box testing is intended to closely replicate the attack made by an outsider without any information of the system. This kind of testing will give an insight of the robustness of the security when under attack by script kiddies
  • 7. Methods and Techniques of Pen Test. White Box  complete-knowledge testing  Testers are given full information about the target system they are supposed to attack .  Information includes ,  Technology overviews,  Data flow diagrams  Code snippets  More….. Benefits:  reveals more vulnerabilities and may be faster.  compared to replicate an attack from a criminal hacker that knows the company infrastructure very well. This hacker may be an employee of the company itself, doing an internal attack
  • 8. Methods and Techniques of Pen Test. Gray-box or crystal-box test The tester simulates an inside employee. The tester is given an account on the internal network and standard access to the network. This test assesses internal threats from employees within the company.
  • 9. Methodology of Penetration Testing. There are NO formal methods of Penetration testing!!!!!!!!  Typically has Seven Stages  Scope/Goal Definition  Information Gathering  Vulnerability Detection  Information Analysis and Planning.  Attack& Penetration/Privilege Escalation.  Result Analysis & Reporting.  Cleanup. REPEAT
  • 10. Methodology of Penetration Testing. STAGE 1: Scope/Goal Definition  Which attacker profile the tester will use  Hacker with no knowledge about the target.  Hacker with knowledge about the target.  Internal user with access.  Which systems or networks the test will be conducted.  How long will the test last.
  • 11. Methodology of Penetration Testing. STAGE 2: Information Gathering.  Information about the Targets.  Publicly available information( WWW.Arin.net, nslookup)  Technical Information provided by organisation.
  • 12. Methodology of Penetration Testing. STAGE 3: Vulnerability Detection.  Manual Detection  manually probe the target host for common misconfigurations or flaws because a vulnerability scanner can fail to identify certain vulnerabilities.  Ex: database configurations etc….  Using Software.  Use of commercial or Freeware Scanners to enumerate known flaws or vulnerabilities , Ex: Retina ,Hfnectcheck, GFI Languard, Nikito, nmap so on. PLENTY TOOLS available in Market/Internet.
  • 13. Methodology of Penetration Testing. STAGE 4: Information Analysis and Planning.  Collating the information gathered in previous stages.  Preparation of High level attack planning  Overall Approach  Target identification.
  • 14. Methodology of Penetration Testing. STAGE 5: Attack & Penetration/Privilege Escalation. Has Two Sub Stages  I. Attack & Penetration  Known/available exploit selection  Tester acquires publicly available s/w for exploiting.  Exploit customization  Customize exploit s/w program to work as desired.  Exploit development  Develop own exploit if no exploit program available.  Exploit testing  Exploit must be tested before formal Test to avoid damage.  Attack.  Use of exploit to again unauthorized access to target
  • 15. Methodology of Penetration Testing. STAGE 5: Attack & Penetration/Privilege Escalation.  II. Privilege Escalation  What can be done with acquired access/privileges.  Alter.  Damage.  What not …… Repeat the Stages (2 to 5)
  • 16. Methodology of Penetration Testing. STAGE 6:Result Analysis & Reporting Organize Data/related results for Management Reporting.  Consolidation of Information gathered.  Analysis and Extraction of General conclusions.  Recommendations.
  • 17. Methodology of Penetration Testing. STAGE 7:Cleanup Cleaning of all that has been done during the testing  Any System alterations  Exploits
  • 18. Resources.  Guidelines  OSSTMM :The Open Source Security Testing Methodology Manual.  OWASP :Open Web Application Security Project.  Tools  NMAP,Nikito,John,CAIN&able and many more………….  Whopix  Tigertools (Commercial Tool)  Metasploit.  ExploitTree.  Core Impact (Commercial Tool)
  • 22. Demos  DCOM vulnerability using ExploitTree.  Password Cracker –Tiger Tools.  WHOPIX.  Security Auditor.  Pasword Craking (Raptor Chown-Recorded Demo).  ExploitTree.  MetaSploit.