SlideShare uma empresa Scribd logo

3-Tier Approach for a True Penetration Test

J
JoAnna Cheshire

Presented at InnoTech Oklahoma 2016. All rights reserved.

Tecnologia
1 de 7
Baixar para ler offline
WHY HAVE A PENETRATION TEST? • Get a Baseline for Security? • Discovery of a Vulnerability? • Secure your Environment? • 3rd Party Perspective? • Make the Auditors Leave you ALONE!? • Want to Get More?
DISCOVERY, RECOVERY AND INTELLIGENCE • LINKEDIN • CISO’S BACKGROUND, CEO BACKGROUND, SECURITY PERSONAL AND THEIR TALENT SKILLS • GOOGLE • FIND IP RANGES, NET WORTH, BUSINESS PARTNERS, KNOWN VULNERABILITIES • PASTE SITES • LEAKED USERNAMES AND PASSWORDS, VULNERABILITY CODE, LEAKED INTERNAL NETWORK INFORMATION • DARKWEB • RAT FOR SALE, LEAKED USERNAME AND PASSWORDS, BLACKMAIL MATERIAL, DARKWEB INTEL OF COMPANY • FORUM / LISTERV • DISCOVER / PURCHASE DATA TO SEE WHAT IS KNOWN ABOUT A COMPANY WITH SOCK PUPPET TECHNOLOGY TIER-1
SCANNING AND VULNERABILITIES Bad 58% Good 23% Okay 10% EH? 9% Awesome Pie Chart Bad Good Okay EH? • Why do We Scan the Environment? • Is one Scanner Good Enough? • Vulnerability is Found. Now What? • Not Practical. Single Scan Next Steps? • 30 Day - Return of the Hack. TIER-2
GETTING EXPOSED, EDUCATED WITH A TOUCH OF INICIDENT RESPONSE • Live Scenario! • We have Identified the Vulnerabilities. • How does a Vulnerability Translate into a Breach? • Does Your Team even known what the Breach would look like? • How do we Stop the Breach!? TIER-3
TAKEAWAYS • Why have a Penetration Test? • Discovery, Recovery and Intelligence. • Scanning and Vulnerabilities. • Exposed, Educate and Incident Response. • Get More from a Penetration Test.
THANK YOU Presented By: Donovan Farrow

Recomendados

Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Chema Alonso
 
Avoid Rolling a Critical Fail
Avoid Rolling a Critical FailAvoid Rolling a Critical Fail
Avoid Rolling a Critical Fail
DomainTools
 
Going LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Going LIVE at #ACPA16 | Streaming Mobile Apps TutorialGoing LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Going LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Dr. Josie Ahlquist
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
Mats Björe
 
Security is sim
Security is simSecurity is sim
Security is sim
Tim Krabec
 
Beyond MDM: The Desktop/Mobility Convergence
Beyond MDM: The Desktop/Mobility ConvergenceBeyond MDM: The Desktop/Mobility Convergence
Beyond MDM: The Desktop/Mobility Convergence
Mike Reed
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
Indonesia Network Operators Group
 

Recomendados

Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Chema Alonso
 
Avoid Rolling a Critical Fail
Avoid Rolling a Critical FailAvoid Rolling a Critical Fail
Avoid Rolling a Critical Fail
DomainTools
 
Going LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Going LIVE at #ACPA16 | Streaming Mobile Apps TutorialGoing LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Going LIVE at #ACPA16 | Streaming Mobile Apps Tutorial
Dr. Josie Ahlquist
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
Mats Björe
 
Security is sim
Security is simSecurity is sim
Security is sim
Tim Krabec
 
Beyond MDM: The Desktop/Mobility Convergence
Beyond MDM: The Desktop/Mobility ConvergenceBeyond MDM: The Desktop/Mobility Convergence
Beyond MDM: The Desktop/Mobility Convergence
Mike Reed
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
33 - IDNOG03 - Guy Rosefelt (NSFOCUS) - Threat Intelligence
Indonesia Network Operators Group
 
tempat tidur termahal
tempat tidur termahaltempat tidur termahal
tempat tidur termahal
surabaya spring
 
Bibliografia
Bibliografia Bibliografia
Bibliografia
rkemer_8
 
tempat tidur 2 in 1
tempat tidur 2 in 1tempat tidur 2 in 1
tempat tidur 2 in 1
surabaya spring
 
EL SUEÑO
EL SUEÑOEL SUEÑO
EL SUEÑO
rkemer_8
 
tempat tidur 5 kaki
tempat tidur 5 kakitempat tidur 5 kaki
tempat tidur 5 kaki
surabaya spring
 
tempat tidur simple
tempat tidur simpletempat tidur simple
tempat tidur simple
surabaya spring
 
Integris speech telepractice november 2016
Integris speech telepractice november 2016Integris speech telepractice november 2016
Integris speech telepractice november 2016
JoAnna Cheshire
 
realidad universitaria
realidad universitariarealidad universitaria
realidad universitaria
rkemer_8
 
tempat tidur quantum
tempat tidur quantumtempat tidur quantum
tempat tidur quantum
surabaya spring
 
Hemisferios cerebrales
Hemisferios cerebralesHemisferios cerebrales
Hemisferios cerebrales
rkemer_8
 
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
rkemer_8
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitarya
rkemer_8
 
Realidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejonRealidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejon
rkemer_8
 
Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
Christopher Beiring
 
2020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 92020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 9
FRSecure
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessments
Jim Kaplan CIA CFE
 
Security audit
Security auditSecurity audit
Security audit
Nicholas Davis
 
Security Audit
Security AuditSecurity Audit
Security Audit
Nicholas Davis
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
👀 Joe Gray
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
bugcrowd
 
Big 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingBig 4 W's of Big Threat Hunting
Big 4 W's of Big Threat Hunting
Eguardian Global Services
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
 

Mais conteúdo relacionado

Destaque

Bibliografia
Bibliografia Bibliografia
Bibliografia
rkemer_8
 
realidad universitaria
realidad universitariarealidad universitaria
realidad universitaria
rkemer_8
 
Hemisferios cerebrales
Hemisferios cerebralesHemisferios cerebrales
Hemisferios cerebrales
rkemer_8
 
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
rkemer_8
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitarya
rkemer_8
 
Realidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejonRealidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejon
rkemer_8
 

Destaque (13)

tempat tidur termahal
tempat tidur termahaltempat tidur termahal
tempat tidur termahal
 
Bibliografia
Bibliografia Bibliografia
Bibliografia
 
tempat tidur 2 in 1
tempat tidur 2 in 1tempat tidur 2 in 1
tempat tidur 2 in 1
 
EL SUEÑO
EL SUEÑOEL SUEÑO
EL SUEÑO
 
tempat tidur 5 kaki
tempat tidur 5 kakitempat tidur 5 kaki
tempat tidur 5 kaki
 
tempat tidur simple
tempat tidur simpletempat tidur simple
tempat tidur simple
 
Integris speech telepractice november 2016
Integris speech telepractice november 2016Integris speech telepractice november 2016
Integris speech telepractice november 2016
 
realidad universitaria
realidad universitariarealidad universitaria
realidad universitaria
 
tempat tidur quantum
tempat tidur quantumtempat tidur quantum
tempat tidur quantum
 
Hemisferios cerebrales
Hemisferios cerebralesHemisferios cerebrales
Hemisferios cerebrales
 
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitarya
 
Realidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejonRealidad universitaria yuri vanessa chavez torrejon
Realidad universitaria yuri vanessa chavez torrejon
 

Semelhante a 3-Tier Approach for a True Penetration Test

Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
Christopher Beiring
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessments
Jim Kaplan CIA CFE
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
👀 Joe Gray
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea con
Innismir
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Techsylvania
 
Security is not a feature
Security is not a featureSecurity is not a feature
Security is not a feature
Elizabeth Smith
 

Semelhante a 3-Tier Approach for a True Penetration Test (20)

Utilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident ResponseUtilizing OSINT in Threat Analytics and Incident Response
Utilizing OSINT in Threat Analytics and Incident Response
 
2020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 92020 FRSecure CISSP Mentor Program - Class 9
2020 FRSecure CISSP Mentor Program - Class 9
 
Cyber security series vulnerability assessments
Cyber security series vulnerability assessmentsCyber security series vulnerability assessments
Cyber security series vulnerability assessments
 
Security audit
Security auditSecurity audit
Security audit
 
Security Audit
Security AuditSecurity Audit
Security Audit
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
 
Big 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingBig 4 W's of Big Threat Hunting
Big 4 W's of Big Threat Hunting
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profit
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence community
 
Global CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy PartnershipGlobal CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy Partnership
 
Beyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveBeyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspective
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security Testing
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea con
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for Government
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
 
Security is not a feature
Security is not a featureSecurity is not a feature
Security is not a feature
 

Mais de JoAnna Cheshire

Mais de JoAnna Cheshire (20)

The Future of Work
The Future of WorkThe Future of Work
The Future of Work
 
Catching the Next Train
Catching the Next TrainCatching the Next Train
Catching the Next Train
 
The SharePoint Migration Playbook
The SharePoint Migration PlaybookThe SharePoint Migration Playbook
The SharePoint Migration Playbook
 
Introduction to SharePoint Framework
Introduction to SharePoint FrameworkIntroduction to SharePoint Framework
Introduction to SharePoint Framework
 
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's GuidePowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's Guide
 
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs PerspectiveArtificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs Perspective
 
Modernizing Data Management
Modernizing Data Management Modernizing Data Management
Modernizing Data Management
 
Microsoft and Enterprise Search
Microsoft and Enterprise Search Microsoft and Enterprise Search
Microsoft and Enterprise Search
 
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groupsIntroduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groups
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
Accelerate your business with flow
Accelerate your business with flowAccelerate your business with flow
Accelerate your business with flow
 
Building applications for your business using power apps and flow
Building applications for your business using power apps and flowBuilding applications for your business using power apps and flow
Building applications for your business using power apps and flow
 
The Decomposition Dilemma
The Decomposition DilemmaThe Decomposition Dilemma
The Decomposition Dilemma
 
Not "If" but "When"
Not "If" but "When"Not "If" but "When"
Not "If" but "When"
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
 
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business AdvantageThe New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business Advantage
 
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStoreHealthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStore
 
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
 
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's BrandDefine Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's Brand
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

3-Tier Approach for a True Penetration Test

  • 1.
  • 2. WHY HAVE A PENETRATION TEST? • Get a Baseline for Security? • Discovery of a Vulnerability? • Secure your Environment? • 3rd Party Perspective? • Make the Auditors Leave you ALONE!? • Want to Get More?
  • 3. DISCOVERY, RECOVERY AND INTELLIGENCE • LINKEDIN • CISO’S BACKGROUND, CEO BACKGROUND, SECURITY PERSONAL AND THEIR TALENT SKILLS • GOOGLE • FIND IP RANGES, NET WORTH, BUSINESS PARTNERS, KNOWN VULNERABILITIES • PASTE SITES • LEAKED USERNAMES AND PASSWORDS, VULNERABILITY CODE, LEAKED INTERNAL NETWORK INFORMATION • DARKWEB • RAT FOR SALE, LEAKED USERNAME AND PASSWORDS, BLACKMAIL MATERIAL, DARKWEB INTEL OF COMPANY • FORUM / LISTERV • DISCOVER / PURCHASE DATA TO SEE WHAT IS KNOWN ABOUT A COMPANY WITH SOCK PUPPET TECHNOLOGY TIER-1
  • 4. SCANNING AND VULNERABILITIES Bad 58% Good 23% Okay 10% EH? 9% Awesome Pie Chart Bad Good Okay EH? • Why do We Scan the Environment? • Is one Scanner Good Enough? • Vulnerability is Found. Now What? • Not Practical. Single Scan Next Steps? • 30 Day - Return of the Hack. TIER-2
  • 5. GETTING EXPOSED, EDUCATED WITH A TOUCH OF INICIDENT RESPONSE • Live Scenario! • We have Identified the Vulnerabilities. • How does a Vulnerability Translate into a Breach? • Does Your Team even known what the Breach would look like? • How do we Stop the Breach!? TIER-3
  • 6. TAKEAWAYS • Why have a Penetration Test? • Discovery, Recovery and Intelligence. • Scanning and Vulnerabilities. • Exposed, Educate and Incident Response. • Get More from a Penetration Test.