O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

DTS Solution - Penetration Testing Services v1.0

Security Penetration Testing Services from DTS Solution and our methodology....

  • Entre para ver os comentários

DTS Solution - Penetration Testing Services v1.0

  1. 1. Penetration Testing Services www.dts-solution.com Shah H Sheikh – Sr. Security Solutions Consultant MEng CISSP CISA CISM CRISC CCSK shah@dts-solution.com Mohamed Bedewi – Penetration Testing Consultant Network + CCNA MCSE Linux + RHCE Security + CEH PWB mohamed@dts-solution.com
  2. 2. Introduction Penetration Testing is the process of assessing the security of a computer system by attacking it with the intention of finding security weaknesses, potentially gaining access to it, it's functionality and data There's several available methodologies to conduct a successful penetration testing and there's no such thing called the right methodology but if a team choose to improvise and not choosing any then that might lead to: (Incomplete Testing, Time Consumption, Waste of Efforts, Ineffective Testing) There's no 100% secured system, a human made the system and a human will break it! Early in 1970's, Department of Defense (DOD) used penetration testing to demonstrate the security weaknesses in computer systems and to initiate the development of programs to create more secure systems.
  3. 3. Methodology DTS - Methodology to Conduct a Successful Penetration Testing Information Team Tools WhiteBox BlackBox Roles Responsibilities Information Gathering
  4. 4. Give me six hours to chop down a tree and I will spend the first four sharpening the axe Abraham Lincoln
  5. 5. Information The most important element of any successful penetration testing, without the proper knowledge of your target you'll be just a skiddie who's firing random attacks which will probably trigger all kinds of red-flags more than doing any penetration! White Box Penetration Testing: is a penetration testing approach that uses the knowledge of the internals of the target system to elaborate the test cases, it's non realistic attack but it maximizes testing time and enable penetration testers to conduct deep testing. Black Box Penetration Testing: is a penetration testing approach that requires no previous information and usually takes the approach of an uninformed attacker, it simulates a very realistic scenario but testing time can't be maximized in certain scenarios and some area of the infrastructure might remain untested.
  6. 6. Initial Gathering Information Gathering Search Engines Location Information Employees Search Financial Services Job Postings DNS Information Network Range Google Hacking Whois Lookup
  7. 7. Deep Gathering Information Gathering Network Survey You're blind and this is your first phase which is opening your eyes to the system to be tested, you will have a network map that you'll use to find reachable systems to be tested Objectives Domain Names Server Names IP Addresses Network Map ISP Information Systems Owner Services Owner OS Identification Every OS has special characteristics and if a comparison of variations in OS TCP/IP stack implementation behavior is made, a remote OS can be identified (TCP/IP Fingerprinting) Objectives OS Type System Type Example NMAP Port Scanning Each internet enabled system has 65536 TCP and UDP ports, the first 1023 ports are called the well- known ports, probing ports on the transport and network level can reveal the running services on A computer system Objectives Open Ports Closed Ports Filtered Ports Attack Surface Depending on the last three phases you can perform banner grabbing to identify the installed services, name and version along with their patch level Objectives Services Type Application Type Patch Level Attack Vector Example Nessus
  8. 8. Only two things are infinite, the universe and human stupidity, and I'm not sure about the former Albert Einstein
  9. 9. Local Gathering Information Gathering Dumpster Diving Social Engineering Tailgating Old Hardware Piggybacking Company Tour Reverse SE Job Applying
  10. 10. Responsibilities: A team of penetration testers is most effective and efficient when it's crew members are elites and everyone knows exactly his role and responsibility during a pen-testing process otherwise a distraction, waste of time and resources will arise. Tools: Every penetration tester has his own tools which he feels comfortable with and can get the best out of during a pen-testing process, most penetration testers use tools to automate the work, make their work most effective and to save time that's why a good penetration tester doesn't know all the tools but he can make use of the one he knows best! Team
  12. 12. NOOOOOO STOP! Even if you had the perfect payload to compromise a remote vulnerable system there's a huge chances that your attack will be filtered and detected because it's not the 90's anymore and there's probably IDS's, IPS's, Firewalls, UTM's, Anti-Viruses, Anti-Malware, Anti-Rootkits, WAF's, Honeybots and zillion of traps so if you did your information gathering phase right, you already know about their presence and now it's time for you to bypass them to deliver your payload and compromise the remote system! I am not going through bypassing security mechanisms for the sake of time but you can always revert to our session on Evasion of Infrastructure Security for a couple of hints!
  13. 13. Some Famous Attacks Brute Forcing Sniffing MITM Hash Injection DHCP Starvation Rogue DHCP ARP Poisoning DNS Poisoning Spoofing Phishing Amplified DDOS Session Hijacking XSS Session Fixation Directory Traversal Unvalidated Input Parameter Tampering SQL Injection LDAP Injection File Injection CSRF Buffer Overflow Cookie Poisoning Rogue AP Routing Attacks VOIP Sniffing DOS Open Relay Replay Attacks HTML Injection SNMP Attacks SMB Attacks Evil Twin Worm Attacks Trojan Attacks Virus Attacks Zeroday Attacks Malware Attacks Cryptanalysis NTP Attacks
  14. 14. Documentation and Patching After performing the penetration testing with successful exploitation, compiling the results in an understandable format is the key element for selling your hard work which no one will understand specially if it came as pure technical (decision makers in any company are mostly non-technical and if they couldn't understand your report then all your hard work is wasted) that's why including Executive Summary and Management Summary inside your report is a very good idea also in my opinion stating a deep technical information about the security risk is not advisable since the target in question is probably a high hack value and it probably invested in his engineers good, if they knew too much about the vulnerabilities they will probably patch them and they'll not use you in patching phase, which mean in business terms Loss of Potential Business!
  15. 15. DTS Solution – Assessment Services Security Assessment Services  Penetration Testing and Vulnerability Assessment  Black Box Ethical Testing  Vulnerability Management  Unified Communications Audit  VoIP / UC / Tele-presence security  SCADA Security Evaluation Toolkit  Industrial Control Systems Security Readiness  Mobile Network Security  UMTS / LTE – GTP Scan / Spoofed TEID / SCTP Scan / APN bruteforce  Fixed Mobile Convergence – SeGW and IMS Security  Endpoint IP Discovery and Network Leakage Detection  Rogue and Unknown Network Detection  Backdoor connections (3G / xDSL / Rogue WiFi and leaking endpoints discovery and classification)  Availability Assessment  DDoS Protection – Botnet / Zombie Detection  Web Portal Availability / DNS Server Protection – Protocol Fuzzing, DDoS attack simulation  Core Network Security  MPLS – MP-BGP and VRF Security (RT import and export analysis) / PE-CE security and label insertion  VPLS – Spanning Tree, ARP poisoning, MAC spoofing
  16. 16. Thanks and Have a Good Day
  17. 17. Shah H Sheikh – Sr. Security Solutions Consultant MEng CISSP CISA CISM CRISC CCSK shah@dts-solution.com