SlideShare uma empresa Scribd logo

Managing Your Pentest Data with Kvasir: Toorcon 15

Transferir como PPTX, PDF
G
grutz

We’ve all done it a few times. Lost that nmap scan, can’t recall what file had that account and password combination, sat in front of a screen for a few days while your co-worker gathered tons of data and didn’t share because he’s a big fat jerk. Kvasir is a centralized, penetration tester-focused data homogenizing application to help collect, unify and make sense of the important data gathered during tests. It’s a small footprint application designed for quick deployment. It integrates directly with NeXpose and Metasploit (for now). This application is used daily by Cisco Systems engineers on customer penetration tests. It hasn’t solved the big fat jerk problem but it has helped us work better as a team. Presented at Toorcon 15, October 20, 2013

Tecnologia
1 de 41
Managing Penetration Testing Data with Kvasir Toorcon 15 (San Diego) @grutz
BACKGROUND Toorcon 15 -- @grutz Managing PT Data with Kvasir 2
$ whois grutz Corporate penetration tester for ~15 years ~10 years internal with Federal Reserve and Pacific Gas & Electric 5 years consulting to customers for Developed Squirtle, the NTLM Attack tool Smashed up some Huawei/H3C/HP gear Toorcon 15 -- @grutz Managing PT Data with Kvasir 3
DEFINING THE PROBLEM Toorcon 15 -- @grutz Managing PT Data with Kvasir 4
Testing is all about collecting data… Toorcon 15 -- @grutz Managing PT Data with Kvasir 5
As pentesters we collect a TON of data… Toorcon 15 -- @grutz Managing PT Data with Kvasir 6
So you sort them into directories… …which can be difficult to manage… Toorcon 15 -- @grutz Managing PT Data with Kvasir 7
Sharing data across your team …can have its challenges Toorcon 15 -- @grutz Managing PT Data with Kvasir 8
Did you get everything you need? Great! Now write a report, monkey! Toorcon 15 -- @grutz Managing PT Data with Kvasir 9
CURRENT OPTIONS? Toorcon 15 -- @grutz Managing PT Data with Kvasir 10
Currently… • • • • • • • Metasploit Pro, Cobalt Strike, STRATEGIC, CORE, etc Nexpose, Nessus, QualysGuard, Saint, Fortigate, etc ThreadFix, Archer, RiskIO, Secunia VIM, etc Issue / Bug tracking tools (and their wikis) • TRAC, Redmine, Bugzilla, etc Wikis! Spreadsheets! Roll your own! Toorcon 15 -- @grutz Managing PT Data with Kvasir 11
Issues with these tools • • • • • Not designed to manage PT data • You have to conform your data to the tool • Vulnerability Management != Penetration Test Data! Requires enhancements / add-ons • Develop your own add-ons • Maintain support and training Changes are difficult to implement • No access to source code for when things break • High complexity, vendor demands, delays “In the cloud” or “vendor hosted” solutions Spreadsheets??? Really?!?! Toorcon 15 -- @grutz Managing PT Data with Kvasir 12
ENTER KVASIR Toorcon 15 -- @grutz Managing PT Data with Kvasir 13
0118 999 881 999 119 725 3 Toorcon 15 -- @grutz Managing PT Data with Kvasir 14
ACHTUNG! I am an ADHD coder. Large bits of Kvasir were thought of after working at a customer’s site and developed with little sleep and lots of caffeine and/or alcohol. I am also not a really good UI coder. Toorcon 15 -- @grutz Managing PT Data with Kvasir 15
Kvasir’s Cisco Pedigree • • • • Recognized long ago that managing disparate data is essential to effective testing results Began from our acquisition of “The Wheel Group” back in 1999 Multiple iterations: • AttackAll, AutoSPA, Halo/Banshee, AutoSPAng Close source / proprietary Toorcon 15 -- @grutz Managing PT Data with Kvasir 16
Design Philosophy • • • • • • Take disparate data and cram it into a (mostly) consistent relational database format. Focus on PENETRATION TEST tools and data Be quick Be adaptable Try not to get in the way of the hacking No cross-contamination of customer data Toorcon 15 -- @grutz Managing PT Data with Kvasir 17
Benefits to using Kvasir • • • Alcohol infused coding practices Designed by and for Penetration Testers OPEN SOURCE! FREE!!! Data access through web2py shell == awesome! http://web2py.com/books/default/chapter/29/06/the-databaseabstraction-layer Toorcon 15 -- @grutz Managing PT Data with Kvasir 18
High-level Database Design Hosts Accounts Operating Systems CPE Data SNMP Services NetBIOS VulnDB Exploits Toorcon 15 -- @grutz Evidence References Managing PT Data with Kvasir 19
Data Directory Structure All script output is stored under “data” Local to the web server Session-logs/ contain ‘script’ file output from launched terminals Toorcon 15 -- @grutz Managing PT Data with Kvasir 20
Supported Host/Vulnerability Scanners Right Now Nexpose Nmap Nessus Metasploit (hosts only) ShodanHQ Horizon QualysGuard Metasploit Pro (Webscan) BurpSuite Pro (Report XML) Others? Toorcon 15 -- @grutz Managing PT Data with Kvasir 21
Metasploit Pro API Integration • • Kvasir utilizes some MSF Pro-only API functions: • Bruteforce / Exploit • Import XML, PWDUMP, Screenshots • Sending Accounts / Scan data results TODO: • Sending exploits to Framework API • Direct MSF DB access (who uses ‘pass’ as a field name? MSF!) Toorcon 15 -- @grutz Managing PT Data with Kvasir 22
THE KVASIR WORKFLOW Toorcon 15 -- @grutz Managing PT Data with Kvasir 23
Installation and setup https://github.com/KvasirSecurity/Kvasir/wiki/Installation • • Kvasir begins life as a completely blank slate • You must add users, CPE, Vulndata, Exploits, etc • Mostly automated through parts of the UI For multiple team members on a test: • One central person runs the SQL database • All team members have their own Kvasir instance and point to the SQL DB in settings.database_uri Toorcon 15 -- @grutz Managing PT Data with Kvasir 24
Importing Support Data • • • Vulnerability data can be: • Imported prior to engagement start • Imported as part of a Vulnerability Scan results Exploits XML data imported: • Nexpose’s exploits.xml file • ImmunitySec CANVAS download / file CPE OS Data • Downloaded and parsed from MITRE Toorcon 15 -- @grutz Managing PT Data with Kvasir 25
Populating Engagement Data • • • Vulnerability Scanner Imports • Import direct from scanners or files Nmap Scanning Imports • Import XML output file (-oX) • Kick-off a scan and import the results Bruteforce/Account Tools • THC Hydra • Medusa • Metasploit creds.csv output • PW recovery tool output (John POT, user:password, etc) Toorcon 15 -- @grutz Managing PT Data with Kvasir 26
Valkyries Tasks who results feed back to Kvasir Not designed to replace Metasploit / CANVAS / CORE, etc. WebShot: Grab images of HTTP instance using phantomjs VNCShot: Grab images of open VNC Servers using vncdotool Others planned, just not completed Toorcon 15 -- @grutz Managing PT Data with Kvasir 27
SCREENSHOTS! Toorcon 15 -- @grutz Managing PT Data with Kvasir 28
Main Index Toorcon 15 -- @grutz Managing PT Data with Kvasir 29
Host List Toorcon 15 -- @grutz Managing PT Data with Kvasir 30
Host Detail Terminal launch – click or hot-key L Notes submit after enter Flags are hot-keyed: C, D, F Hot-key: ^N Tabs switch with hot-keys: a, s, v, e, o, t, m, b Toorcon 15 -- @grutz Managing PT Data with Kvasir 31
Services Toorcon 15 -- @grutz Managing PT Data with Kvasir 32
Accounts Toorcon 15 -- @grutz Managing PT Data with Kvasir 33
Windows Domain Memberships Toorcon 15 -- @grutz Managing PT Data with Kvasir 34
Evidence (Screenshots, Docs, etc) Toorcon 15 -- @grutz Managing PT Data with Kvasir 35
Password Statistics Toorcon 15 -- @grutz Managing PT Data with Kvasir 36
Vulnerability Statistics Toorcon 15 -- @grutz Managing PT Data with Kvasir 37
Vulnerability Circles “In progress” Diameter calculated by service counts, CVSS details, accounts, severity, etc Toorcon 15 -- @grutz Managing PT Data with Kvasir 38
ON THE HORIZON Toorcon 15 -- @grutz Managing PT Data with Kvasir 39
Lots to still do… • • • • • • Consistent vulnerability database (VulnDB?) that maps to vendor tags (QID, NessusID, Nexpose ID) Additional vulnerability scanner support Metasploit to release their new MDM structure Maltego Integration Probably an overhaul of the user interface Whatever is in TODO.md that I thought of while sleepless on a 10hr flight back home Toorcon 15 -- @grutz Managing PT Data with Kvasir 40
http://github.com/KvasirSecurity/Kvasir http://kvasirsecurity.github.io/assets/presentations/toorcon-15-kvasir.pdf THANK YOU! Toorcon 15 -- @grutz Managing PT Data with Kvasir 41

Recomendados

Softshake 2013: Introduction to NoSQL with Couchbase
Softshake 2013: Introduction to NoSQL with CouchbaseSoftshake 2013: Introduction to NoSQL with Couchbase
Softshake 2013: Introduction to NoSQL with CouchbaseTugdual Grall
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Linux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebLinux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebAll Things Open
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoOSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoNETWAYS
 
The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]Mahmoud Hatem
 
Debugging Distributed Systems - Velocity Santa Clara 2016
Debugging Distributed Systems - Velocity Santa Clara 2016Debugging Distributed Systems - Velocity Santa Clara 2016
Debugging Distributed Systems - Velocity Santa Clara 2016Donny Nadolny
 
Les défis des architectures cloud sur OpenStack
Les défis des architectures cloud sur OpenStackLes défis des architectures cloud sur OpenStack
Les défis des architectures cloud sur OpenStackOsones
 

Recomendados

Softshake 2013: Introduction to NoSQL with Couchbase
Softshake 2013: Introduction to NoSQL with CouchbaseSoftshake 2013: Introduction to NoSQL with Couchbase
Softshake 2013: Introduction to NoSQL with CouchbaseTugdual Grall
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Linux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebLinux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebAll Things Open
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoOSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoNETWAYS
 
The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]Mahmoud Hatem
 
Debugging Distributed Systems - Velocity Santa Clara 2016
Debugging Distributed Systems - Velocity Santa Clara 2016Debugging Distributed Systems - Velocity Santa Clara 2016
Debugging Distributed Systems - Velocity Santa Clara 2016Donny Nadolny
 
Les défis des architectures cloud sur OpenStack
Les défis des architectures cloud sur OpenStackLes défis des architectures cloud sur OpenStack
Les défis des architectures cloud sur OpenStackOsones
 
Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]Mahmoud Hatem
 
Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Mahmoud Hatem
 
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC
 
ClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howAltinity Ltd
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
In Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneIn Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneEnkitec
 
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC
 
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...HostedbyConfluent
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder
 
Understanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationUnderstanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationKenna
 
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...☁️Seyfallah Tagrerout☁ [MVP]
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Clientgrutz
 
Who Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyWho Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyKenna
 
A CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesA CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesgrutz
 
Retour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureRetour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureMaxime Rastello
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Fuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceFuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceVinicius Teles
 
PartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionPartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionTimothy Spann
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and RoadmapImply
 

Mais conteúdo relacionado

Mais procurados

Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]Mahmoud Hatem
 
Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Mahmoud Hatem
 
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC
 
ClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howAltinity Ltd
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
In Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneIn Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneEnkitec
 
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC
 
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...HostedbyConfluent
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder
 

Mais procurados (12)

Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]
 
Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Oracle events hunting [POUG19]
Oracle events hunting [POUG19]
 
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
 
ClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and how
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
In Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneIn Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry Osborne
 
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
 
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
 

Destaque

Understanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationUnderstanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationKenna
 
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...☁️Seyfallah Tagrerout☁ [MVP]
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Clientgrutz
 
Who Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyWho Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyKenna
 
A CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesA CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesgrutz
 
Retour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureRetour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureMaxime Rastello
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Fuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceFuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceVinicius Teles
 

Destaque (8)

Understanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationUnderstanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability Prioritization
 
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Client
 
Who Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyWho Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security Strategy
 
A CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesA CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCes
 
Retour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureRetour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités Azure
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
 
Fuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceFuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcance
 

Semelhante a Managing Your Pentest Data with Kvasir: Toorcon 15

PartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionPartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionTimothy Spann
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and RoadmapImply
 
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...SGS
 
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-hEnd-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-hPrecisely
 
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...StreamNative
 
30 Minutes to the Analytics Platform with Infrastructure as Code
30 Minutes to the Analytics Platform with Infrastructure as Code30 Minutes to the Analytics Platform with Infrastructure as Code
30 Minutes to the Analytics Platform with Infrastructure as CodeGuido Schmutz
 
インフラ野郎Azureチーム Night
インフラ野郎Azureチーム Nightインフラ野郎Azureチーム Night
インフラ野郎Azureチーム NightToru Makabe
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...Daniel Bryant
 
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...Daniel Cohen
 
From big data to AI, power your data with OVHcloud solutions
From big data to AI, power your data with OVHcloud solutionsFrom big data to AI, power your data with OVHcloud solutions
From big data to AI, power your data with OVHcloud solutionsOVHcloud
 
Inside the PostgreSQL Project Infrastructure
Inside the PostgreSQL Project InfrastructureInside the PostgreSQL Project Infrastructure
Inside the PostgreSQL Project InfrastructureCommand Prompt., Inc
 
Bogdan Kecman INIT Presentation
Bogdan Kecman INIT PresentationBogdan Kecman INIT Presentation
Bogdan Kecman INIT Presentationarhismece
 
Interactive Analytics with the Starburst Presto + Alluxio stack for the Cloud
Interactive Analytics with the Starburst Presto + Alluxio stack for the CloudInteractive Analytics with the Starburst Presto + Alluxio stack for the Cloud
Interactive Analytics with the Starburst Presto + Alluxio stack for the CloudAlluxio, Inc.
 
Mastering the move
Mastering the moveMastering the move
Mastering the moveTrivadis
 
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021StreamNative
 
Warsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataWarsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataPatryk Bandurski
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...Daniel Bryant
 
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...InfluxData
 
Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Hortonworks
 
Reliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesReliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesDatabricks
 

Semelhante a Managing Your Pentest Data with Kvasir: Toorcon 15 (20)

PartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionPartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC Solution
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and Roadmap
 
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
 
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-hEnd-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
 
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
 
30 Minutes to the Analytics Platform with Infrastructure as Code
30 Minutes to the Analytics Platform with Infrastructure as Code30 Minutes to the Analytics Platform with Infrastructure as Code
30 Minutes to the Analytics Platform with Infrastructure as Code
 
インフラ野郎Azureチーム Night
インフラ野郎Azureチーム Nightインフラ野郎Azureチーム Night
インフラ野郎Azureチーム Night
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
 
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
 
From big data to AI, power your data with OVHcloud solutions
From big data to AI, power your data with OVHcloud solutionsFrom big data to AI, power your data with OVHcloud solutions
From big data to AI, power your data with OVHcloud solutions
 
Inside the PostgreSQL Project Infrastructure
Inside the PostgreSQL Project InfrastructureInside the PostgreSQL Project Infrastructure
Inside the PostgreSQL Project Infrastructure
 
Bogdan Kecman INIT Presentation
Bogdan Kecman INIT PresentationBogdan Kecman INIT Presentation
Bogdan Kecman INIT Presentation
 
Interactive Analytics with the Starburst Presto + Alluxio stack for the Cloud
Interactive Analytics with the Starburst Presto + Alluxio stack for the CloudInteractive Analytics with the Starburst Presto + Alluxio stack for the Cloud
Interactive Analytics with the Starburst Presto + Alluxio stack for the Cloud
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
 
Warsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataWarsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft OData
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
 
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
 
Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications
 
Reliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesReliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on Kubernetes
 

Último

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Último (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

Managing Your Pentest Data with Kvasir: Toorcon 15

  • 1. Managing Penetration Testing Data with Kvasir Toorcon 15 (San Diego) @grutz
  • 2. BACKGROUND Toorcon 15 -- @grutz Managing PT Data with Kvasir 2
  • 3. $ whois grutz Corporate penetration tester for ~15 years ~10 years internal with Federal Reserve and Pacific Gas & Electric 5 years consulting to customers for Developed Squirtle, the NTLM Attack tool Smashed up some Huawei/H3C/HP gear Toorcon 15 -- @grutz Managing PT Data with Kvasir 3
  • 4. DEFINING THE PROBLEM Toorcon 15 -- @grutz Managing PT Data with Kvasir 4
  • 5. Testing is all about collecting data… Toorcon 15 -- @grutz Managing PT Data with Kvasir 5
  • 6. As pentesters we collect a TON of data… Toorcon 15 -- @grutz Managing PT Data with Kvasir 6
  • 7. So you sort them into directories… …which can be difficult to manage… Toorcon 15 -- @grutz Managing PT Data with Kvasir 7
  • 8. Sharing data across your team …can have its challenges Toorcon 15 -- @grutz Managing PT Data with Kvasir 8
  • 9. Did you get everything you need? Great! Now write a report, monkey! Toorcon 15 -- @grutz Managing PT Data with Kvasir 9
  • 10. CURRENT OPTIONS? Toorcon 15 -- @grutz Managing PT Data with Kvasir 10
  • 11. Currently… • • • • • • • Metasploit Pro, Cobalt Strike, STRATEGIC, CORE, etc Nexpose, Nessus, QualysGuard, Saint, Fortigate, etc ThreadFix, Archer, RiskIO, Secunia VIM, etc Issue / Bug tracking tools (and their wikis) • TRAC, Redmine, Bugzilla, etc Wikis! Spreadsheets! Roll your own! Toorcon 15 -- @grutz Managing PT Data with Kvasir 11
  • 12. Issues with these tools • • • • • Not designed to manage PT data • You have to conform your data to the tool • Vulnerability Management != Penetration Test Data! Requires enhancements / add-ons • Develop your own add-ons • Maintain support and training Changes are difficult to implement • No access to source code for when things break • High complexity, vendor demands, delays “In the cloud” or “vendor hosted” solutions Spreadsheets??? Really?!?! Toorcon 15 -- @grutz Managing PT Data with Kvasir 12
  • 13. ENTER KVASIR Toorcon 15 -- @grutz Managing PT Data with Kvasir 13
  • 14. 0118 999 881 999 119 725 3 Toorcon 15 -- @grutz Managing PT Data with Kvasir 14
  • 15. ACHTUNG! I am an ADHD coder. Large bits of Kvasir were thought of after working at a customer’s site and developed with little sleep and lots of caffeine and/or alcohol. I am also not a really good UI coder. Toorcon 15 -- @grutz Managing PT Data with Kvasir 15
  • 16. Kvasir’s Cisco Pedigree • • • • Recognized long ago that managing disparate data is essential to effective testing results Began from our acquisition of “The Wheel Group” back in 1999 Multiple iterations: • AttackAll, AutoSPA, Halo/Banshee, AutoSPAng Close source / proprietary Toorcon 15 -- @grutz Managing PT Data with Kvasir 16
  • 17. Design Philosophy • • • • • • Take disparate data and cram it into a (mostly) consistent relational database format. Focus on PENETRATION TEST tools and data Be quick Be adaptable Try not to get in the way of the hacking No cross-contamination of customer data Toorcon 15 -- @grutz Managing PT Data with Kvasir 17
  • 18. Benefits to using Kvasir • • • Alcohol infused coding practices Designed by and for Penetration Testers OPEN SOURCE! FREE!!! Data access through web2py shell == awesome! http://web2py.com/books/default/chapter/29/06/the-databaseabstraction-layer Toorcon 15 -- @grutz Managing PT Data with Kvasir 18
  • 19. High-level Database Design Hosts Accounts Operating Systems CPE Data SNMP Services NetBIOS VulnDB Exploits Toorcon 15 -- @grutz Evidence References Managing PT Data with Kvasir 19
  • 20. Data Directory Structure All script output is stored under “data” Local to the web server Session-logs/ contain ‘script’ file output from launched terminals Toorcon 15 -- @grutz Managing PT Data with Kvasir 20
  • 21. Supported Host/Vulnerability Scanners Right Now Nexpose Nmap Nessus Metasploit (hosts only) ShodanHQ Horizon QualysGuard Metasploit Pro (Webscan) BurpSuite Pro (Report XML) Others? Toorcon 15 -- @grutz Managing PT Data with Kvasir 21
  • 22. Metasploit Pro API Integration • • Kvasir utilizes some MSF Pro-only API functions: • Bruteforce / Exploit • Import XML, PWDUMP, Screenshots • Sending Accounts / Scan data results TODO: • Sending exploits to Framework API • Direct MSF DB access (who uses ‘pass’ as a field name? MSF!) Toorcon 15 -- @grutz Managing PT Data with Kvasir 22
  • 23. THE KVASIR WORKFLOW Toorcon 15 -- @grutz Managing PT Data with Kvasir 23
  • 24. Installation and setup https://github.com/KvasirSecurity/Kvasir/wiki/Installation • • Kvasir begins life as a completely blank slate • You must add users, CPE, Vulndata, Exploits, etc • Mostly automated through parts of the UI For multiple team members on a test: • One central person runs the SQL database • All team members have their own Kvasir instance and point to the SQL DB in settings.database_uri Toorcon 15 -- @grutz Managing PT Data with Kvasir 24
  • 25. Importing Support Data • • • Vulnerability data can be: • Imported prior to engagement start • Imported as part of a Vulnerability Scan results Exploits XML data imported: • Nexpose’s exploits.xml file • ImmunitySec CANVAS download / file CPE OS Data • Downloaded and parsed from MITRE Toorcon 15 -- @grutz Managing PT Data with Kvasir 25
  • 26. Populating Engagement Data • • • Vulnerability Scanner Imports • Import direct from scanners or files Nmap Scanning Imports • Import XML output file (-oX) • Kick-off a scan and import the results Bruteforce/Account Tools • THC Hydra • Medusa • Metasploit creds.csv output • PW recovery tool output (John POT, user:password, etc) Toorcon 15 -- @grutz Managing PT Data with Kvasir 26
  • 27. Valkyries Tasks who results feed back to Kvasir Not designed to replace Metasploit / CANVAS / CORE, etc. WebShot: Grab images of HTTP instance using phantomjs VNCShot: Grab images of open VNC Servers using vncdotool Others planned, just not completed Toorcon 15 -- @grutz Managing PT Data with Kvasir 27
  • 28. SCREENSHOTS! Toorcon 15 -- @grutz Managing PT Data with Kvasir 28
  • 29. Main Index Toorcon 15 -- @grutz Managing PT Data with Kvasir 29
  • 30. Host List Toorcon 15 -- @grutz Managing PT Data with Kvasir 30
  • 31. Host Detail Terminal launch – click or hot-key L Notes submit after enter Flags are hot-keyed: C, D, F Hot-key: ^N Tabs switch with hot-keys: a, s, v, e, o, t, m, b Toorcon 15 -- @grutz Managing PT Data with Kvasir 31
  • 32. Services Toorcon 15 -- @grutz Managing PT Data with Kvasir 32
  • 33. Accounts Toorcon 15 -- @grutz Managing PT Data with Kvasir 33
  • 34. Windows Domain Memberships Toorcon 15 -- @grutz Managing PT Data with Kvasir 34
  • 35. Evidence (Screenshots, Docs, etc) Toorcon 15 -- @grutz Managing PT Data with Kvasir 35
  • 36. Password Statistics Toorcon 15 -- @grutz Managing PT Data with Kvasir 36
  • 37. Vulnerability Statistics Toorcon 15 -- @grutz Managing PT Data with Kvasir 37
  • 38. Vulnerability Circles “In progress” Diameter calculated by service counts, CVSS details, accounts, severity, etc Toorcon 15 -- @grutz Managing PT Data with Kvasir 38
  • 39. ON THE HORIZON Toorcon 15 -- @grutz Managing PT Data with Kvasir 39
  • 40. Lots to still do… • • • • • • Consistent vulnerability database (VulnDB?) that maps to vendor tags (QID, NessusID, Nexpose ID) Additional vulnerability scanner support Metasploit to release their new MDM structure Maltego Integration Probably an overhaul of the user interface Whatever is in TODO.md that I thought of while sleepless on a 10hr flight back home Toorcon 15 -- @grutz Managing PT Data with Kvasir 40