SlideShare uma empresa Scribd logo

BackTrack 5 r3 Penetration Testing Distribution Review

Transferir como PPTX, PDF
G
Gianna Passarelli
Tecnologia
1 de 12
BackTrack 5 r3 Penetration Testing Distribution By: Hackaholics Vincent Dao, Michael Elenterio, Jaclyn Franklin, GiannaPassarelli
Agenda What is Backtrack? Alternative Analysis Backtrack on VMWare Backtrack tools Employed Conclusion
What is Backtrack? • Originated as a security distribution based on the Linux distribution, first released in 2006 • Born as a merger of WHAX and Auditor Security Collection • Advantages include variation, mobility, and it’s design is very user-friendly • Used mainly for white hat use and mostly testing networks • Best features is that it contains a large amount of tools which are grouped into 12 different categories
Alternative Analysis Backtrack Helix Pentoo Main focus is forensic and penetration testing Focusing on system investigation, analysis, recovery, & security auditing Main focus is penetration testing Runs on a live CD, live USB, or Virtual Machine Runs on a live CD based on Ubuntu Runs on a live CD and live USB tool Intended for beginners and experts with a very user-friendly design Intended for experienced users & system administrators Include tools for packet injection patched wifi drivers, GPGPU cracking software, penetration testing & security assessment
Backtrack on VMWare • Chosen method since it’s easier for the purpose of demonstration and any changes are automatically saved • The user does not have to continually log into Backtrack every time and documents downloaded are all saved • VMWare allows users to switch back and forth from Backtrack to Windows • A new virtual machine was created in VMWare and then Backtrack was installed into that machine • The program was easily booted and accessible
Tools Presented: Macchanger • Manipulates the MAC address for network interfaces • The MAC address is an important element of computer networking • May want to change MAC address when network card stops working, to access a certain network, or for privacy concerns • Can be changed for good or bad reasons, in terms of hacking
Tools Presented: URLCrazy • Generates and tests mistyped domain names and variations of websites • Detects typo squatting, URL hijacking, phishing, and corporate espionage • Produces 15 types of typos, such as character omission and repeat, misspellings, and bit flipping • Knows over 8,000 common misspellings, and knows over 450 homophones • Also supports multiple keyboard layouts • Use tools to check popularity and validity of typo domains • Can control by buying typo domains and checking websites for malicious activities
Tools Presented: Exiftool • Allows users to extract metadata from files from a large realm of formats • Information includes file size, bit information, binary data information • Can use this to see if a document has been tampered with • Ways to prevent hackers from extracting data: • Authentication for access • Encryption of data
Tools Presented: Hexedit • Used to look at both hexadecimal and ASCII strings within a file • Can be used on both text and picture files • Allows for editing of both hexadecimal and ASCII strings • Contains a search function to find specific hexadecimal and ASCII strings • Can be used for good to find malware in a file by searching for common strings used by hackers • Can be used for bad to find hidden information within a file such as passwords and usernames
Tools Presented: Social Engineering Toolkit • Employs and simulates social engineering attacks • Useful for penetration testing and learning how to perpetrate such attacks • Variety of methods • Java Applet • Website Cloner
Conclusion • Backtrack’s uses • Defensive – URLCrazy, Hexedit, Exiftool • Offensive – Social Engineering Toolkit, MacChanger • Learning experience from tools • Perfect for beginner users and up to date
Questions?

Recomendados

TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber SecuritySatria Ady Pradana
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierBasis Technology
 
Autopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceAutopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceBasis Technology
 
Meetup code security
Meetup code securityMeetup code security
Meetup code securityUttamParmar7
 
Bsides
BsidesBsides
BsidesRoberto Sponchioni
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industryRoberto Sponchioni
 

Recomendados

TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber SecuritySatria Ady Pradana
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierOSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian Carrier
OSDF 2013 - Autopsy 3: Extensible Desktop Forensics by Brian CarrierBasis Technology
 
Autopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceAutopsy 3.0 - Open Source Digital Forensics Conference
Autopsy 3.0 - Open Source Digital Forensics ConferenceBasis Technology
 
Meetup code security
Meetup code securityMeetup code security
Meetup code securityUttamParmar7
 
Bsides
BsidesBsides
BsidesRoberto Sponchioni
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industryRoberto Sponchioni
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformJason Letourneau
 
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksHow to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksAlienVault
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware AnalysisRamin Farajpour Cami
 
Another Side of Hacking
Another Side of HackingAnother Side of Hacking
Another Side of HackingSatria Ady Pradana
 
ETHICAL HACKING BY HRITIK JAGE
ETHICAL HACKING BY HRITIK JAGEETHICAL HACKING BY HRITIK JAGE
ETHICAL HACKING BY HRITIK JAGEHritik Jage
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheapAnjum Ahuja
 
Footprinting
FootprintingFootprinting
Footprintingprashant3535
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingshahhardik27
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attackYadnyawalkya Tale
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iamgocybersec
 
Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module ankit sarode
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseAshwini Almad
 
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...Veriato
 
What is Ethical Hacking?
What is Ethical Hacking? What is Ethical Hacking?
What is Ethical Hacking? Dignitas Digital Pvt. Ltd.
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Latest Software
Latest SoftwareLatest Software
Latest SoftwareNasiruddin Rahman
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5Ayush Goyal
 
Backtrack
BacktrackBacktrack
BacktrackOne97 Communications Limited
 

Mais conteúdo relacionado

Mais procurados

Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformJason Letourneau
 
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksHow to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksAlienVault
 
ETHICAL HACKING BY HRITIK JAGE
ETHICAL HACKING BY HRITIK JAGEETHICAL HACKING BY HRITIK JAGE
ETHICAL HACKING BY HRITIK JAGEHritik Jage
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheapAnjum Ahuja
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attackYadnyawalkya Tale
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iamgocybersec
 
Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module ankit sarode
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseAshwini Almad
 
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...Veriato
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 

Mais procurados (19)

Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
 
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksHow to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
Another Side of Hacking
Another Side of HackingAnother Side of Hacking
Another Side of Hacking
 
ETHICAL HACKING BY HRITIK JAGE
ETHICAL HACKING BY HRITIK JAGEETHICAL HACKING BY HRITIK JAGE
ETHICAL HACKING BY HRITIK JAGE
 
Hunting on the cheap
Hunting on the cheapHunting on the cheap
Hunting on the cheap
 
Footprinting
FootprintingFootprinting
Footprinting
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
 
Rise of software supply chain attack
Rise of software supply chain attackRise of software supply chain attack
Rise of software supply chain attack
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iam
 
Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module
 
Extracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet NoiseExtracting the Malware Signal from Internet Noise
Extracting the Malware Signal from Internet Noise
 
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
Veriato Counterforensics Webinar: How Insiders Evade Forensics and How to Rev...
 
What is Ethical Hacking?
What is Ethical Hacking? What is Ethical Hacking?
What is Ethical Hacking?
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 

Destaque

Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 

Destaque (6)

Latest Software
Latest SoftwareLatest Software
Latest Software
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5
 
Backtrack
BacktrackBacktrack
Backtrack
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 

Semelhante a BackTrack 5 r3 Penetration Testing Distribution Review

Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static AnalysisHossein Yavari
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
Useful Shareware for Technical Communicators - STC New England Interchange co...
Useful Shareware for Technical Communicators - STC New England Interchange co...Useful Shareware for Technical Communicators - STC New England Interchange co...
Useful Shareware for Technical Communicators - STC New England Interchange co...Ed Marshall
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...Aditya K Sood
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunk
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHostway|HOSTING
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Introducing Perforce Helix
Introducing Perforce HelixIntroducing Perforce Helix
Introducing Perforce HelixPerforce
 
[CB19] tknk_scanner v2:community-based integrated malware identification syst...
[CB19] tknk_scanner v2:community-based integrated malware identification syst...[CB19] tknk_scanner v2:community-based integrated malware identification syst...
[CB19] tknk_scanner v2:community-based integrated malware identification syst...CODE BLUE
 
Making pentesting sexy ossams - BSidesQuebec2013
Making pentesting sexy ossams - BSidesQuebec2013Making pentesting sexy ossams - BSidesQuebec2013
Making pentesting sexy ossams - BSidesQuebec2013BSidesQuebec2013
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdfBeratAkit
 

Semelhante a BackTrack 5 r3 Penetration Testing Distribution Review (20)

Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static Analysis
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Useful Shareware for Technical Communicators - STC New England Interchange co...
Useful Shareware for Technical Communicators - STC New England Interchange co...Useful Shareware for Technical Communicators - STC New England Interchange co...
Useful Shareware for Technical Communicators - STC New England Interchange co...
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Powering up on power shell avengercon - 2018
Powering up on power shell avengercon - 2018Powering up on power shell avengercon - 2018
Powering up on power shell avengercon - 2018
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
Introducing Perforce Helix
Introducing Perforce HelixIntroducing Perforce Helix
Introducing Perforce Helix
 
[CB19] tknk_scanner v2:community-based integrated malware identification syst...
[CB19] tknk_scanner v2:community-based integrated malware identification syst...[CB19] tknk_scanner v2:community-based integrated malware identification syst...
[CB19] tknk_scanner v2:community-based integrated malware identification syst...
 
Making pentesting sexy ossams - BSidesQuebec2013
Making pentesting sexy ossams - BSidesQuebec2013Making pentesting sexy ossams - BSidesQuebec2013
Making pentesting sexy ossams - BSidesQuebec2013
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdf
 

Último

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Último (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

BackTrack 5 r3 Penetration Testing Distribution Review

  • 1. BackTrack 5 r3 Penetration Testing Distribution By: Hackaholics Vincent Dao, Michael Elenterio, Jaclyn Franklin, GiannaPassarelli
  • 3. What is Backtrack? • Originated as a security distribution based on the Linux distribution, first released in 2006 • Born as a merger of WHAX and Auditor Security Collection • Advantages include variation, mobility, and it’s design is very user-friendly • Used mainly for white hat use and mostly testing networks • Best features is that it contains a large amount of tools which are grouped into 12 different categories
  • 4. Alternative Analysis Backtrack Helix Pentoo Main focus is forensic and penetration testing Focusing on system investigation, analysis, recovery, & security auditing Main focus is penetration testing Runs on a live CD, live USB, or Virtual Machine Runs on a live CD based on Ubuntu Runs on a live CD and live USB tool Intended for beginners and experts with a very user-friendly design Intended for experienced users & system administrators Include tools for packet injection patched wifi drivers, GPGPU cracking software, penetration testing & security assessment
  • 5. Backtrack on VMWare • Chosen method since it’s easier for the purpose of demonstration and any changes are automatically saved • The user does not have to continually log into Backtrack every time and documents downloaded are all saved • VMWare allows users to switch back and forth from Backtrack to Windows • A new virtual machine was created in VMWare and then Backtrack was installed into that machine • The program was easily booted and accessible
  • 6. Tools Presented: Macchanger • Manipulates the MAC address for network interfaces • The MAC address is an important element of computer networking • May want to change MAC address when network card stops working, to access a certain network, or for privacy concerns • Can be changed for good or bad reasons, in terms of hacking
  • 7. Tools Presented: URLCrazy • Generates and tests mistyped domain names and variations of websites • Detects typo squatting, URL hijacking, phishing, and corporate espionage • Produces 15 types of typos, such as character omission and repeat, misspellings, and bit flipping • Knows over 8,000 common misspellings, and knows over 450 homophones • Also supports multiple keyboard layouts • Use tools to check popularity and validity of typo domains • Can control by buying typo domains and checking websites for malicious activities
  • 8. Tools Presented: Exiftool • Allows users to extract metadata from files from a large realm of formats • Information includes file size, bit information, binary data information • Can use this to see if a document has been tampered with • Ways to prevent hackers from extracting data: • Authentication for access • Encryption of data
  • 9. Tools Presented: Hexedit • Used to look at both hexadecimal and ASCII strings within a file • Can be used on both text and picture files • Allows for editing of both hexadecimal and ASCII strings • Contains a search function to find specific hexadecimal and ASCII strings • Can be used for good to find malware in a file by searching for common strings used by hackers • Can be used for bad to find hidden information within a file such as passwords and usernames
  • 10. Tools Presented: Social Engineering Toolkit • Employs and simulates social engineering attacks • Useful for penetration testing and learning how to perpetrate such attacks • Variety of methods • Java Applet • Website Cloner
  • 11. Conclusion • Backtrack’s uses • Defensive – URLCrazy, Hexedit, Exiftool • Offensive – Social Engineering Toolkit, MacChanger • Learning experience from tools • Perfect for beginner users and up to date