Pen test methodology

PENETRATION
TESTING
METHODOLOGY
Ver. 1.0
Cahyo Darujati, MT.
Open Information Systems Security Group

REQUEST A
PENETRATION TEST
QUOTE
● Find Holes Now Before Somebody Else
Does :-p
● FREE Consultation.
● +62-8123-594969 (SMS ONLY)

Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 2

Quote
● Security is a process not a product
(Bruce Schneier)


CONTENTS

What is Pen-Testing?
Why perfoms Pen-testing?
PHASE – I: PLANNING AND PREPARATION
PHASE – II: ASSESSMENT
PHASE – III: REPORTING, CLEAN UP &
DESTROY ARTIFACTS


What is Pen-Testing?
● Penetration testing is the process of
attempting to gain access to resources
without knowledge of usernames,
passwords and other normal means of
access. If the focus is on computer
resources, then examples of a
successful penetration would be
obtaining or subverting confidential
documents, pricelists, databases and
other protected information.

Why perfoms Pen-testing?
● There are a variety of reasons for
performing a penetration test. One of the
main reasons is to find vulnerabilities
and fix them before an attacker does.
Sometimes, the IT department is aware
of reported vulnerabilities but they need
an outside expert to officially report them
so that management will approve the
resources necessary to fix them.


PHASE – I

PLANNING AND PREPARATION


PLANNING AND
PREPARATION

(a) Identification of contact individuals from
both side,
(b) Opening meting to confirm the scope,
approach and methodology, and
(c) Agree to specific test cases and
escalation paths


PHASE – II

ASSESSMENT


ASSESSMENT

1.Information Gathering
2.Network Mapping
3.Vulnerability Identification
4.Penetration
5.Gaining Access & Privilege Escalation
6.Enumerating Further
7.Compromise Remote Users/Sites
8.Maintaining Access
9.Covering Tracks


1.Information Gathering

Essentially using the Internet to find all the
information you can about the target (company
and/or person) using both technical
(DNS/WHOIS) and non-technical (search
engines, news groups, mailing lists etc)
methods.


2.Network Mapping

Many tools and applications can be used in this stage to aid the
discovery of technical information about the hosts and networks
involved in the test.
·Find live hosts
·Port and service scanning
·Perimeter network mapping (router, firewalls)
·Identifying critical services
·Operating System fingerprinting
·Identifying routes using Management Information Base (MIB)
·Service fingerprinting

3.Vulnerability
Identification
The assessor will perform several activities to detect exploitable
weak points. These activities include:
1. Identify vulnerable services using service banners
2. Perform vulnerability scan to search for known
vulnerabilities.
3. Perform false positive and false negative verification
4. Enumerate discovered vulnerabilities
5. Estimate probable impact (classify vulnerabilities found)
6. Identify attack paths and scenarios for exploitation


4.Penetration
1.Find proof of concept code/tool
2.Develop tools/scripts
3.Test proof of concept code/tool
4.Customize proof of concept code/tool
5.Test proof of concept code/tool in an isolated environment
6.Use proof of concept code against target
7.The proof of concept code/tool is used against the target to
gain as many points of unauthorized access as possible.
8.Verify or disprove the existence of vulnerabilities


5.Gaining Access &
Privilege Escalation

5.1 Gaining Access
5.1.1 Gain Least Privilege
5.1.2 Compromise
5.1.3 Final Compromise on Target
5.2 Privilege Escalation


6.Enumerating Further
1.Obtain encrypted passwords for offline cracking
2.Obtain password (plaintext or encrypted) by using sniffing or
other techniques
3.Sniff traffic and analyze it
4.Gather cookies and use them to exploit sessions and for
password attacks
5.E-mail address gathering
6.Identifying routes and networks
7.Mapping internal networks


7.Compromise Remote
Users/Sites
A single hole is sufficient to expose an entire network,
regardless of how secure the perimeter network may be. Any
system is as strong (in this case, as secure) as the weakest of
its parts.
Communications between remote users/sites and enterprise
networks may be provided with authentication and encryption
by using technologies such as VPN, to ensure that the data in
transit over the network cannot be faked nor eavesdropped.
In such scenarios the assessor should try to compromise
remote users, telecommuter and/or remote sites of an
enterprise. Those can give privileged access to internal
network.

8.Maintaining Access

8.1 Covert Channels
8.2 Backdoors
8.3 Root-kits


9.Covering Tracks

9.1 Hide Files
9.2 Clear Logs
9.3 Defeat integrity checking
9.4 Defeat Anti-virus
9.5 Implement Root-kits


PHASE – III

REPORTING, CLEAN UP &
DESTROY ARTIFACTS


REPORTING, CLEAN UP &
DESTROY ARTIFACTS

3.1 Reporting
3.1.1 Verbal Reporting
3.1.2 Final Reporting
3.2 Clean Up and Destroy Artifacts


REQUEST A
PENETRATION TEST
QUOTE
● Find Holes Now Before Somebody Else
Does :-p
● FREE Consultation.
● +62-8123-594969 (SMS ONLY)


References

http://www.oissg.org/
http://www.schneier.com/
http://www.sans.org/


History

Ver 1.0 : Nov 13, 2012.


Pen test methodology

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Pen test methodology

Ähnlich wie Pen test methodology (20)

Mehr von Cahyo Darujati

Mehr von Cahyo Darujati (12)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Pen test methodology