SlideShare uma empresa Scribd logo

Pentest and Security Discussion

Transferir como PPTX, PDF
A
Amie Claire Pimentel

Please click here for other references. https://bit.ly/3tTqSW6

Tecnologia
1 de 29
Pentest and Security Discussion Presented by Pimentel, Amie Claire
1st Penetration Test Proxy configuration using Zap
Web App Pen Testing with Zap - Configuring Proxy Setting Proxy manually using host 127.0.0.1 and port 8088
Web App Pen Testing with Zap - Configuring Proxy Won’t save the this because an add-on will be installed for more systematic proxy change.
Web App Pen Testing with Zap - Configuring Proxy This foxproxy will act as a tool for a quick configuration of the proxy. This just needs to be enabled and disabled and will act as if like we are setting up a manual proxy .
Web App Pen Testing with Zap - Configuring Proxy What this will do is to block your access to the website.
Web App Pen Testing with Zap - Configuring Proxy This will be when Zap will be used to gather information of the request we send to the server
Web App Pen Testing with Zap - Configuring Proxy This will be when Zap will be used to gather information of the request we send to the server
Web App Pen Testing with Zap - Configuring Proxy Shown here are the data that we could gather using the zap tool since this acts as the intermediary for the proxy and the server we are requesting the web[ages from.
2nd Penetration Test File directory discovery using DirBuster
Web App Pen Testing with DirBuster - File Directory Discovery dirBuster can be used for file directory discovery. It is a multithreaded java application designed to brute force directories and files from a web server.
Web App Pen Testing with DirBuster - File Directory Discovery Using the web crawler like the dirbuster, a target url is set to be tested. There is a Wordlist we can choose from to select folders, files and directories.
Web App Pen Testing with DirBuster - File Directory Discovery Here after starting the attack , the dirBuster was able to go to all the files and that few known that is actually existing from the web server.
Web App Pen Testing with DirBuster - File Directory Discovery Tried to access and open the admin folder from the browser to see if there is any important information we could gather as we could freely navigate to all of the directories of the website we set as target.
Web App Pen Testing with DirBuster - File Directory Discovery Since the website that i have searched is specifically catering those who are practicing penetration, we are prompt that the admin information are in other directories.
3rd Penetration Test Scanning for Web Vulnerability using Nikto and Metasploitable VM
Web Vulnerability using Nikto and printing out Data in an output Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.
Web Vulnerability using Nikto and printing out Data in an output Nikto is a pre-installed tool for pentesting in Kali linux. Upon launching it , the terminal will show up and you just need to do and command other data you want.
Web Vulnerability using Nikto and printing out Data in an output What is important is we know the target IP taht we are going to attack to test for vulnerability. Here I installed a Metasploitable VM which is intentionally build for server vulnerability tests.
Web Vulnerability using Nikto and printing out Data in an output After running the command “nikto -h 192.168.2.109 , which is the IP assigned to the web server in the metasploitable vm, we can see some details that will give us hint of the vulnerability.
Web Vulnerability using Nikto and printing out Data in an output The nmap command will help us confirm open ports that are open and can be tested for vulnerability.
Web Vulnerability using Nikto and printing out Data in an output The cat command will simplify the output to the IP with open ports.
Web Vulnerability using Nikto and printing out Data in an output The information collected from the target host server can be printed to an output and can be put to wherever directory you decide to put it in.
Security Discussion
How to change Mac addresses using MACCHANGER command in Kali Linux Macchanger will let you assign new Mac Address atleast important if hacker were able to access your IP address
How to change Mac addresses using MACCHANGER command in Kali Linux To change the MAC address, you can first check on the assigned MAC address to the machine using ifconfig
How to change Mac addresses using MACCHANGER command in Kali Linux With sudo macchanger -eth0,the command changes the MAC of the machine in an instance.
How to change Mac addresses using MACCHANGER command in Kali Linux The command ip a will confirm that the MAC address was already set to the newly assigned address.
CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, infographics & images by Freepik THANKS

Recomendados

Cocoapods and Most common used library in Swift
Cocoapods and Most common used library in SwiftCocoapods and Most common used library in Swift
Cocoapods and Most common used library in Swift
Wan Muzaffar Wan Hashim
 
Hadoop presentation
Hadoop presentationHadoop presentation
Hadoop presentation
MaggieZhang61
 
Hadoop presentation
Hadoop presentationHadoop presentation
Hadoop presentation
MaggieZhang61
 
Learn REST API with Python
Learn REST API with PythonLearn REST API with Python
Learn REST API with Python
Larry Cai
 
Presentation on Japanese doc sprint
Presentation on Japanese doc sprintPresentation on Japanese doc sprint
Presentation on Japanese doc sprint
Go Chiba
 
Caffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In ToorconCaffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In Toorcon
Md Sohail Ahmad
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
Amazon Web Services
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 

Recomendados

Cocoapods and Most common used library in Swift
Cocoapods and Most common used library in SwiftCocoapods and Most common used library in Swift
Cocoapods and Most common used library in Swift
Wan Muzaffar Wan Hashim
 
Hadoop presentation
Hadoop presentationHadoop presentation
Hadoop presentation
MaggieZhang61
 
Hadoop presentation
Hadoop presentationHadoop presentation
Hadoop presentation
MaggieZhang61
 
Learn REST API with Python
Learn REST API with PythonLearn REST API with Python
Learn REST API with Python
Larry Cai
 
Presentation on Japanese doc sprint
Presentation on Japanese doc sprintPresentation on Japanese doc sprint
Presentation on Japanese doc sprint
Go Chiba
 
Caffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In ToorconCaffe Latte Attack Presented In Toorcon
Caffe Latte Attack Presented In Toorcon
Md Sohail Ahmad
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
Amazon Web Services
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 
Capistrano - Deployment Tool
Capistrano - Deployment ToolCapistrano - Deployment Tool
Capistrano - Deployment Tool
Nyros Technologies
 
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
vsoshnikov
 
Making the most out of kubernetes audit logs
Making the most out of kubernetes audit logsMaking the most out of kubernetes audit logs
Making the most out of kubernetes audit logs
Laurent Bernaille
 
Cafe Latte
Cafe LatteCafe Latte
Cafe Latte
AirTight Networks
 
Ansible-for-openstack
Ansible-for-openstackAnsible-for-openstack
Ansible-for-openstack
Udayendu Kar
 
Controlling multiple VMs with the power of Python
Controlling multiple VMs with the power of PythonControlling multiple VMs with the power of Python
Controlling multiple VMs with the power of Python
Yurii Vasylenko
 
A Customized Approach to HTTP Proxy Caching in Ruby
A Customized Approach to HTTP Proxy Caching in RubyA Customized Approach to HTTP Proxy Caching in Ruby
A Customized Approach to HTTP Proxy Caching in Ruby
Perry Carbone
 
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Docker, Inc.
 
Deploying your rails application to a clean ubuntu 10
Deploying your rails application to a clean ubuntu 10Deploying your rails application to a clean ubuntu 10
Deploying your rails application to a clean ubuntu 10
Maurício Linhares
 
Deployment with capistrano
Deployment with capistranoDeployment with capistrano
Deployment with capistrano
sagar junnarkar
 
Server Locality Using Razor and LLDP - PuppetConf 2014
Server Locality Using Razor and LLDP - PuppetConf 2014Server Locality Using Razor and LLDP - PuppetConf 2014
Server Locality Using Razor and LLDP - PuppetConf 2014
Puppet
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...
vsoshnikov
 
Capistrano
CapistranoCapistrano
Capistrano
Jason Noble
 
Kubernetes DNS Horror Stories
Kubernetes DNS Horror StoriesKubernetes DNS Horror Stories
Kubernetes DNS Horror Stories
Laurent Bernaille
 
Automated Deployment with Fabric
Automated Deployment with FabricAutomated Deployment with Fabric
Automated Deployment with Fabric
tanihito
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonDEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
Cisco DevNet
 
Monitoring kubernetes with prometheus
Monitoring kubernetes with prometheusMonitoring kubernetes with prometheus
Monitoring kubernetes with prometheus
Brice Fernandes
 
Build your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web ServicesBuild your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web Services
ponukumatla joel nishanth
 
Investigation of testing with ansible
Investigation of testing with ansibleInvestigation of testing with ansible
Investigation of testing with ansible
Dennis Rowe
 
Pentesting Cloud Environment
Pentesting Cloud EnvironmentPentesting Cloud Environment
Pentesting Cloud Environment
Vengatesh Nagarajan
 
RSA APJ Velociraptor Lab
RSA APJ Velociraptor LabRSA APJ Velociraptor Lab
RSA APJ Velociraptor Lab
Velocidex Enterprises
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-server
HARRY CHAN PUTRA
 

Mais conteúdo relacionado

Mais procurados

How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
vsoshnikov
 
Making the most out of kubernetes audit logs
Making the most out of kubernetes audit logsMaking the most out of kubernetes audit logs
Making the most out of kubernetes audit logs
Laurent Bernaille
 
Kubernetes DNS Horror Stories
Kubernetes DNS Horror StoriesKubernetes DNS Horror Stories
Kubernetes DNS Horror Stories
Laurent Bernaille
 
Automated Deployment with Fabric
Automated Deployment with FabricAutomated Deployment with Fabric
Automated Deployment with Fabric
tanihito
 
Build your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web ServicesBuild your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web Services
ponukumatla joel nishanth
 
Investigation of testing with ansible
Investigation of testing with ansibleInvestigation of testing with ansible
Investigation of testing with ansible
Dennis Rowe
 

Mais procurados (20)

Capistrano - Deployment Tool
Capistrano - Deployment ToolCapistrano - Deployment Tool
Capistrano - Deployment Tool
 
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
 
Making the most out of kubernetes audit logs
Making the most out of kubernetes audit logsMaking the most out of kubernetes audit logs
Making the most out of kubernetes audit logs
 
Cafe Latte
Cafe LatteCafe Latte
Cafe Latte
 
Ansible-for-openstack
Ansible-for-openstackAnsible-for-openstack
Ansible-for-openstack
 
Controlling multiple VMs with the power of Python
Controlling multiple VMs with the power of PythonControlling multiple VMs with the power of Python
Controlling multiple VMs with the power of Python
 
A Customized Approach to HTTP Proxy Caching in Ruby
A Customized Approach to HTTP Proxy Caching in RubyA Customized Approach to HTTP Proxy Caching in Ruby
A Customized Approach to HTTP Proxy Caching in Ruby
 
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
 
Deploying your rails application to a clean ubuntu 10
Deploying your rails application to a clean ubuntu 10Deploying your rails application to a clean ubuntu 10
Deploying your rails application to a clean ubuntu 10
 
Deployment with capistrano
Deployment with capistranoDeployment with capistrano
Deployment with capistrano
 
Server Locality Using Razor and LLDP - PuppetConf 2014
Server Locality Using Razor and LLDP - PuppetConf 2014Server Locality Using Razor and LLDP - PuppetConf 2014
Server Locality Using Razor and LLDP - PuppetConf 2014
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...
 
Capistrano
CapistranoCapistrano
Capistrano
 
Kubernetes DNS Horror Stories
Kubernetes DNS Horror StoriesKubernetes DNS Horror Stories
Kubernetes DNS Horror Stories
 
Automated Deployment with Fabric
Automated Deployment with FabricAutomated Deployment with Fabric
Automated Deployment with Fabric
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonDEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
 
Monitoring kubernetes with prometheus
Monitoring kubernetes with prometheusMonitoring kubernetes with prometheus
Monitoring kubernetes with prometheus
 
Build your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web ServicesBuild your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web Services
 
Investigation of testing with ansible
Investigation of testing with ansibleInvestigation of testing with ansible
Investigation of testing with ansible
 
Pentesting Cloud Environment
Pentesting Cloud EnvironmentPentesting Cloud Environment
Pentesting Cloud Environment
 

Semelhante a Pentest and Security Discussion

Database Security Explained
Database Security ExplainedDatabase Security Explained
Database Security Explained
wensheng wei
 
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Nicolas Brousse
 
Assessment itemManaging Services and SecurityValue 15Due D.docx
Assessment itemManaging Services and SecurityValue 15Due D.docxAssessment itemManaging Services and SecurityValue 15Due D.docx
Assessment itemManaging Services and SecurityValue 15Due D.docx
galerussel59292
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
jasembo
 
Backend Server Validation
Backend Server ValidationBackend Server Validation
Backend Server Validation
Yu Tao Zhang
 
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
Krisman Tarigan
 
Tutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingTutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk Webhosting
Beni Krisbiantoro
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Nathen Harvey
 
Virtualize and automate your development environment for fun and profit
Virtualize and automate your development environment for fun and profitVirtualize and automate your development environment for fun and profit
Virtualize and automate your development environment for fun and profit
Andreas Heim
 

Semelhante a Pentest and Security Discussion (20)

RSA APJ Velociraptor Lab
RSA APJ Velociraptor LabRSA APJ Velociraptor Lab
RSA APJ Velociraptor Lab
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-server
 
Database Security Explained
Database Security ExplainedDatabase Security Explained
Database Security Explained
 
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
Scaling on EC2 in a fast-paced environment (LISA'11 - Full Paper)
 
Assessment itemManaging Services and SecurityValue 15Due D.docx
Assessment itemManaging Services and SecurityValue 15Due D.docxAssessment itemManaging Services and SecurityValue 15Due D.docx
Assessment itemManaging Services and SecurityValue 15Due D.docx
 
Linux11 Proxy Server
Linux11 Proxy ServerLinux11 Proxy Server
Linux11 Proxy Server
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
 
Deep Dive into AWS Fargate - CON333 - re:Invent 2017
Deep Dive into AWS Fargate - CON333 - re:Invent 2017Deep Dive into AWS Fargate - CON333 - re:Invent 2017
Deep Dive into AWS Fargate - CON333 - re:Invent 2017
 
A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy System
 
zLAMP
zLAMPzLAMP
zLAMP
 
Backend Server Validation
Backend Server ValidationBackend Server Validation
Backend Server Validation
 
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
 
Tutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingTutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk Webhosting
 
WordPress Development Environments
WordPress Development Environments WordPress Development Environments
WordPress Development Environments
 
Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysis
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
 
Dns rebinding
Dns rebindingDns rebinding
Dns rebinding
 
Virtualize and automate your development environment for fun and profit
Virtualize and automate your development environment for fun and profitVirtualize and automate your development environment for fun and profit
Virtualize and automate your development environment for fun and profit
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Pentest and Security Discussion

  • 2. 1st Penetration Test Proxy configuration using Zap
  • 3. Web App Pen Testing with Zap - Configuring Proxy Setting Proxy manually using host 127.0.0.1 and port 8088
  • 4. Web App Pen Testing with Zap - Configuring Proxy Won’t save the this because an add-on will be installed for more systematic proxy change.
  • 5. Web App Pen Testing with Zap - Configuring Proxy This foxproxy will act as a tool for a quick configuration of the proxy. This just needs to be enabled and disabled and will act as if like we are setting up a manual proxy .
  • 6. Web App Pen Testing with Zap - Configuring Proxy What this will do is to block your access to the website.
  • 7. Web App Pen Testing with Zap - Configuring Proxy This will be when Zap will be used to gather information of the request we send to the server
  • 8. Web App Pen Testing with Zap - Configuring Proxy This will be when Zap will be used to gather information of the request we send to the server
  • 9. Web App Pen Testing with Zap - Configuring Proxy Shown here are the data that we could gather using the zap tool since this acts as the intermediary for the proxy and the server we are requesting the web[ages from.
  • 10. 2nd Penetration Test File directory discovery using DirBuster
  • 11. Web App Pen Testing with DirBuster - File Directory Discovery dirBuster can be used for file directory discovery. It is a multithreaded java application designed to brute force directories and files from a web server.
  • 12. Web App Pen Testing with DirBuster - File Directory Discovery Using the web crawler like the dirbuster, a target url is set to be tested. There is a Wordlist we can choose from to select folders, files and directories.
  • 13. Web App Pen Testing with DirBuster - File Directory Discovery Here after starting the attack , the dirBuster was able to go to all the files and that few known that is actually existing from the web server.
  • 14. Web App Pen Testing with DirBuster - File Directory Discovery Tried to access and open the admin folder from the browser to see if there is any important information we could gather as we could freely navigate to all of the directories of the website we set as target.
  • 15. Web App Pen Testing with DirBuster - File Directory Discovery Since the website that i have searched is specifically catering those who are practicing penetration, we are prompt that the admin information are in other directories.
  • 16. 3rd Penetration Test Scanning for Web Vulnerability using Nikto and Metasploitable VM
  • 17. Web Vulnerability using Nikto and printing out Data in an output Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.
  • 18. Web Vulnerability using Nikto and printing out Data in an output Nikto is a pre-installed tool for pentesting in Kali linux. Upon launching it , the terminal will show up and you just need to do and command other data you want.
  • 19. Web Vulnerability using Nikto and printing out Data in an output What is important is we know the target IP taht we are going to attack to test for vulnerability. Here I installed a Metasploitable VM which is intentionally build for server vulnerability tests.
  • 20. Web Vulnerability using Nikto and printing out Data in an output After running the command “nikto -h 192.168.2.109 , which is the IP assigned to the web server in the metasploitable vm, we can see some details that will give us hint of the vulnerability.
  • 21. Web Vulnerability using Nikto and printing out Data in an output The nmap command will help us confirm open ports that are open and can be tested for vulnerability.
  • 22. Web Vulnerability using Nikto and printing out Data in an output The cat command will simplify the output to the IP with open ports.
  • 23. Web Vulnerability using Nikto and printing out Data in an output The information collected from the target host server can be printed to an output and can be put to wherever directory you decide to put it in.
  • 25. How to change Mac addresses using MACCHANGER command in Kali Linux Macchanger will let you assign new Mac Address atleast important if hacker were able to access your IP address
  • 26. How to change Mac addresses using MACCHANGER command in Kali Linux To change the MAC address, you can first check on the assigned MAC address to the machine using ifconfig
  • 27. How to change Mac addresses using MACCHANGER command in Kali Linux With sudo macchanger -eth0,the command changes the MAC of the machine in an instance.
  • 28. How to change Mac addresses using MACCHANGER command in Kali Linux The command ip a will confirm that the MAC address was already set to the newly assigned address.
  • 29. CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, infographics & images by Freepik THANKS