SlideShare uma empresa Scribd logo

Managing Your Pentest Data with Kvasir: Toorcon 15

Transferir como PPTX, PDF
G
grutz

We’ve all done it a few times. Lost that nmap scan, can’t recall what file had that account and password combination, sat in front of a screen for a few days while your co-worker gathered tons of data and didn’t share because he’s a big fat jerk. Kvasir is a centralized, penetration tester-focused data homogenizing application to help collect, unify and make sense of the important data gathered during tests. It’s a small footprint application designed for quick deployment. It integrates directly with NeXpose and Metasploit (for now). This application is used daily by Cisco Systems engineers on customer penetration tests. It hasn’t solved the big fat jerk problem but it has helped us work better as a team. Presented at Toorcon 15, October 20, 2013

Tecnologia
1 de 41
Managing Penetration Testing Data with Kvasir Toorcon 15 (San Diego) @grutz
BACKGROUND Toorcon 15 -- @grutz Managing PT Data with Kvasir 2
$ whois grutz Corporate penetration tester for ~15 years ~10 years internal with Federal Reserve and Pacific Gas & Electric 5 years consulting to customers for Developed Squirtle, the NTLM Attack tool Smashed up some Huawei/H3C/HP gear Toorcon 15 -- @grutz Managing PT Data with Kvasir 3
DEFINING THE PROBLEM Toorcon 15 -- @grutz Managing PT Data with Kvasir 4
Testing is all about collecting data… Toorcon 15 -- @grutz Managing PT Data with Kvasir 5
As pentesters we collect a TON of data… Toorcon 15 -- @grutz Managing PT Data with Kvasir 6
So you sort them into directories… …which can be difficult to manage… Toorcon 15 -- @grutz Managing PT Data with Kvasir 7
Sharing data across your team …can have its challenges Toorcon 15 -- @grutz Managing PT Data with Kvasir 8
Did you get everything you need? Great! Now write a report, monkey! Toorcon 15 -- @grutz Managing PT Data with Kvasir 9
CURRENT OPTIONS? Toorcon 15 -- @grutz Managing PT Data with Kvasir 10
Currently… • • • • • • • Metasploit Pro, Cobalt Strike, STRATEGIC, CORE, etc Nexpose, Nessus, QualysGuard, Saint, Fortigate, etc ThreadFix, Archer, RiskIO, Secunia VIM, etc Issue / Bug tracking tools (and their wikis) • TRAC, Redmine, Bugzilla, etc Wikis! Spreadsheets! Roll your own! Toorcon 15 -- @grutz Managing PT Data with Kvasir 11
Issues with these tools • • • • • Not designed to manage PT data • You have to conform your data to the tool • Vulnerability Management != Penetration Test Data! Requires enhancements / add-ons • Develop your own add-ons • Maintain support and training Changes are difficult to implement • No access to source code for when things break • High complexity, vendor demands, delays “In the cloud” or “vendor hosted” solutions Spreadsheets??? Really?!?! Toorcon 15 -- @grutz Managing PT Data with Kvasir 12
ENTER KVASIR Toorcon 15 -- @grutz Managing PT Data with Kvasir 13
0118 999 881 999 119 725 3 Toorcon 15 -- @grutz Managing PT Data with Kvasir 14
ACHTUNG! I am an ADHD coder. Large bits of Kvasir were thought of after working at a customer’s site and developed with little sleep and lots of caffeine and/or alcohol. I am also not a really good UI coder. Toorcon 15 -- @grutz Managing PT Data with Kvasir 15
Kvasir’s Cisco Pedigree • • • • Recognized long ago that managing disparate data is essential to effective testing results Began from our acquisition of “The Wheel Group” back in 1999 Multiple iterations: • AttackAll, AutoSPA, Halo/Banshee, AutoSPAng Close source / proprietary Toorcon 15 -- @grutz Managing PT Data with Kvasir 16
Design Philosophy • • • • • • Take disparate data and cram it into a (mostly) consistent relational database format. Focus on PENETRATION TEST tools and data Be quick Be adaptable Try not to get in the way of the hacking No cross-contamination of customer data Toorcon 15 -- @grutz Managing PT Data with Kvasir 17
Benefits to using Kvasir • • • Alcohol infused coding practices Designed by and for Penetration Testers OPEN SOURCE! FREE!!! Data access through web2py shell == awesome! http://web2py.com/books/default/chapter/29/06/the-databaseabstraction-layer Toorcon 15 -- @grutz Managing PT Data with Kvasir 18
High-level Database Design Hosts Accounts Operating Systems CPE Data SNMP Services NetBIOS VulnDB Exploits Toorcon 15 -- @grutz Evidence References Managing PT Data with Kvasir 19
Data Directory Structure All script output is stored under “data” Local to the web server Session-logs/ contain ‘script’ file output from launched terminals Toorcon 15 -- @grutz Managing PT Data with Kvasir 20
Supported Host/Vulnerability Scanners Right Now Nexpose Nmap Nessus Metasploit (hosts only) ShodanHQ Horizon QualysGuard Metasploit Pro (Webscan) BurpSuite Pro (Report XML) Others? Toorcon 15 -- @grutz Managing PT Data with Kvasir 21
Metasploit Pro API Integration • • Kvasir utilizes some MSF Pro-only API functions: • Bruteforce / Exploit • Import XML, PWDUMP, Screenshots • Sending Accounts / Scan data results TODO: • Sending exploits to Framework API • Direct MSF DB access (who uses ‘pass’ as a field name? MSF!) Toorcon 15 -- @grutz Managing PT Data with Kvasir 22
THE KVASIR WORKFLOW Toorcon 15 -- @grutz Managing PT Data with Kvasir 23
Installation and setup https://github.com/KvasirSecurity/Kvasir/wiki/Installation • • Kvasir begins life as a completely blank slate • You must add users, CPE, Vulndata, Exploits, etc • Mostly automated through parts of the UI For multiple team members on a test: • One central person runs the SQL database • All team members have their own Kvasir instance and point to the SQL DB in settings.database_uri Toorcon 15 -- @grutz Managing PT Data with Kvasir 24
Importing Support Data • • • Vulnerability data can be: • Imported prior to engagement start • Imported as part of a Vulnerability Scan results Exploits XML data imported: • Nexpose’s exploits.xml file • ImmunitySec CANVAS download / file CPE OS Data • Downloaded and parsed from MITRE Toorcon 15 -- @grutz Managing PT Data with Kvasir 25
Populating Engagement Data • • • Vulnerability Scanner Imports • Import direct from scanners or files Nmap Scanning Imports • Import XML output file (-oX) • Kick-off a scan and import the results Bruteforce/Account Tools • THC Hydra • Medusa • Metasploit creds.csv output • PW recovery tool output (John POT, user:password, etc) Toorcon 15 -- @grutz Managing PT Data with Kvasir 26
Valkyries Tasks who results feed back to Kvasir Not designed to replace Metasploit / CANVAS / CORE, etc. WebShot: Grab images of HTTP instance using phantomjs VNCShot: Grab images of open VNC Servers using vncdotool Others planned, just not completed Toorcon 15 -- @grutz Managing PT Data with Kvasir 27
SCREENSHOTS! Toorcon 15 -- @grutz Managing PT Data with Kvasir 28
Main Index Toorcon 15 -- @grutz Managing PT Data with Kvasir 29
Host List Toorcon 15 -- @grutz Managing PT Data with Kvasir 30
Host Detail Terminal launch – click or hot-key L Notes submit after enter Flags are hot-keyed: C, D, F Hot-key: ^N Tabs switch with hot-keys: a, s, v, e, o, t, m, b Toorcon 15 -- @grutz Managing PT Data with Kvasir 31
Services Toorcon 15 -- @grutz Managing PT Data with Kvasir 32
Accounts Toorcon 15 -- @grutz Managing PT Data with Kvasir 33
Windows Domain Memberships Toorcon 15 -- @grutz Managing PT Data with Kvasir 34
Evidence (Screenshots, Docs, etc) Toorcon 15 -- @grutz Managing PT Data with Kvasir 35
Password Statistics Toorcon 15 -- @grutz Managing PT Data with Kvasir 36
Vulnerability Statistics Toorcon 15 -- @grutz Managing PT Data with Kvasir 37
Vulnerability Circles “In progress” Diameter calculated by service counts, CVSS details, accounts, severity, etc Toorcon 15 -- @grutz Managing PT Data with Kvasir 38
ON THE HORIZON Toorcon 15 -- @grutz Managing PT Data with Kvasir 39
Lots to still do… • • • • • • Consistent vulnerability database (VulnDB?) that maps to vendor tags (QID, NessusID, Nexpose ID) Additional vulnerability scanner support Metasploit to release their new MDM structure Maltego Integration Probably an overhaul of the user interface Whatever is in TODO.md that I thought of while sleepless on a 10hr flight back home Toorcon 15 -- @grutz Managing PT Data with Kvasir 40
http://github.com/KvasirSecurity/Kvasir http://kvasirsecurity.github.io/assets/presentations/toorcon-15-kvasir.pdf THANK YOU! Toorcon 15 -- @grutz Managing PT Data with Kvasir 41

Recomendados

Softshake 2013: Introduction to NoSQL with Couchbase
Softshake 2013: Introduction to NoSQL with CouchbaseSoftshake 2013: Introduction to NoSQL with Couchbase
Softshake 2013: Introduction to NoSQL with CouchbaseTugdual Grall
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Linux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebLinux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebAll Things Open
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoOSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoNETWAYS
 
The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]Mahmoud Hatem
 
Debugging Distributed Systems - Velocity Santa Clara 2016
Debugging Distributed Systems - Velocity Santa Clara 2016Debugging Distributed Systems - Velocity Santa Clara 2016
Debugging Distributed Systems - Velocity Santa Clara 2016Donny Nadolny
 
Les défis des architectures cloud sur OpenStack
Les défis des architectures cloud sur OpenStackLes défis des architectures cloud sur OpenStack
Les défis des architectures cloud sur OpenStackOsones
 

Recomendados

Softshake 2013: Introduction to NoSQL with Couchbase
Softshake 2013: Introduction to NoSQL with CouchbaseSoftshake 2013: Introduction to NoSQL with Couchbase
Softshake 2013: Introduction to NoSQL with CouchbaseTugdual Grall
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Linux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebLinux HTTPS/TCP/IP Stack for the Fast and Secure Web
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebAll Things Open
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
OSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoOSMC 2018 | Distributed Tracing FAQ by Gianluca Arbezzano
OSMC 2018 | Distributed Tracing FAQ by Gianluca ArbezzanoNETWAYS
 
The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]Mahmoud Hatem
 
Debugging Distributed Systems - Velocity Santa Clara 2016
Debugging Distributed Systems - Velocity Santa Clara 2016Debugging Distributed Systems - Velocity Santa Clara 2016
Debugging Distributed Systems - Velocity Santa Clara 2016Donny Nadolny
 
Les défis des architectures cloud sur OpenStack
Les défis des architectures cloud sur OpenStackLes défis des architectures cloud sur OpenStack
Les défis des architectures cloud sur OpenStackOsones
 
Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]Mahmoud Hatem
 
Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Mahmoud Hatem
 
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC
 
ClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howAltinity Ltd
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
In Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneIn Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneEnkitec
 
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC
 
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...HostedbyConfluent
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder
 
Understanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationUnderstanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationKenna
 
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...☁️Seyfallah Tagrerout☁ [MVP]
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Clientgrutz
 
Who Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyWho Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyKenna
 
A CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesA CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesgrutz
 
Retour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureRetour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureMaxime Rastello
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Fuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceFuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceVinicius Teles
 
PartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionPartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionTimothy Spann
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and RoadmapImply
 

Mais conteúdo relacionado

Mais procurados

Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]Mahmoud Hatem
 
Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Mahmoud Hatem
 
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC
 
ClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howAltinity Ltd
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
In Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneIn Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneEnkitec
 
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC
 
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...HostedbyConfluent
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder
 

Mais procurados (12)

Memory access tracing [poug17]
Memory access tracing [poug17]Memory access tracing [poug17]
Memory access tracing [poug17]
 
Oracle events hunting [POUG19]
Oracle events hunting [POUG19]Oracle events hunting [POUG19]
Oracle events hunting [POUG19]
 
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
 
ClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and howClickHouse Monitoring 101: What to monitor and how
ClickHouse Monitoring 101: What to monitor and how
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
In Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry OsborneIn Memory Database In Action by Tanel Poder and Kerry Osborne
In Memory Database In Action by Tanel Poder and Kerry Osborne
 
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
 
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
The Flux Capacitor of Kafka Streams and ksqlDB (Matthias J. Sax, Confluent) K...
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
 

Destaque

Understanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationUnderstanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationKenna
 
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...☁️Seyfallah Tagrerout☁ [MVP]
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Clientgrutz
 
Who Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyWho Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyKenna
 
A CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesA CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesgrutz
 
Retour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureRetour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureMaxime Rastello
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Fuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceFuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceVinicius Teles
 

Destaque (8)

Understanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability PrioritizationUnderstanding Asset Risk Via Vulnerability Prioritization
Understanding Asset Risk Via Vulnerability Prioritization
 
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
Présentation Microsoft Advanced Threat Analytics | Deep-Dive - MSCloud Summi...
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Client
 
Who Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security StrategyWho Watches the Watchers? Metrics for Security Strategy
Who Watches the Watchers? Metrics for Security Strategy
 
A CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCesA CouNtry's Honerable n3twork deviCes
A CouNtry's Honerable n3twork deviCes
 
Retour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités AzureRetour d’expérience sur le monitoring et la sécurisation des identités Azure
Retour d’expérience sur le monitoring et la sécurisation des identités Azure
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
 
Fuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcanceFuja da escravidão antes que ela te alcance
Fuja da escravidão antes que ela te alcance
 

Semelhante a Managing Your Pentest Data with Kvasir: Toorcon 15

PartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionPartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionTimothy Spann
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and RoadmapImply
 
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...SGS
 
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-hEnd-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-hPrecisely
 
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...StreamNative
 
30 Minutes to the Analytics Platform with Infrastructure as Code
30 Minutes to the Analytics Platform with Infrastructure as Code30 Minutes to the Analytics Platform with Infrastructure as Code
30 Minutes to the Analytics Platform with Infrastructure as CodeGuido Schmutz
 
インフラ野郎Azureチーム Night
インフラ野郎Azureチーム Nightインフラ野郎Azureチーム Night
インフラ野郎Azureチーム NightToru Makabe
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...Daniel Bryant
 
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...Daniel Cohen
 
From big data to AI, power your data with OVHcloud solutions
From big data to AI, power your data with OVHcloud solutionsFrom big data to AI, power your data with OVHcloud solutions
From big data to AI, power your data with OVHcloud solutionsOVHcloud
 
Inside the PostgreSQL Project Infrastructure
Inside the PostgreSQL Project InfrastructureInside the PostgreSQL Project Infrastructure
Inside the PostgreSQL Project InfrastructureCommand Prompt., Inc
 
Bogdan Kecman INIT Presentation
Bogdan Kecman INIT PresentationBogdan Kecman INIT Presentation
Bogdan Kecman INIT Presentationarhismece
 
Interactive Analytics with the Starburst Presto + Alluxio stack for the Cloud
Interactive Analytics with the Starburst Presto + Alluxio stack for the CloudInteractive Analytics with the Starburst Presto + Alluxio stack for the Cloud
Interactive Analytics with the Starburst Presto + Alluxio stack for the CloudAlluxio, Inc.
 
Mastering the move
Mastering the moveMastering the move
Mastering the moveTrivadis
 
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021StreamNative
 
Warsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataWarsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataPatryk Bandurski
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...Daniel Bryant
 
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...InfluxData
 
Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Hortonworks
 
Reliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesReliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesDatabricks
 

Semelhante a Managing Your Pentest Data with Kvasir: Toorcon 15 (20)

PartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC SolutionPartnerSkillUp_Enable a Streaming CDC Solution
PartnerSkillUp_Enable a Streaming CDC Solution
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and Roadmap
 
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
 
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-hEnd-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
End-to-End, Source to Analytics, Data Lineage with Syncsort DMX-h
 
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
 
30 Minutes to the Analytics Platform with Infrastructure as Code
30 Minutes to the Analytics Platform with Infrastructure as Code30 Minutes to the Analytics Platform with Infrastructure as Code
30 Minutes to the Analytics Platform with Infrastructure as Code
 
インフラ野郎Azureチーム Night
インフラ野郎Azureチーム Nightインフラ野郎Azureチーム Night
インフラ野郎Azureチーム Night
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
 
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
DataStax Enterprise & Apache Cassandra – Essentials for Financial Services – ...
 
From big data to AI, power your data with OVHcloud solutions
From big data to AI, power your data with OVHcloud solutionsFrom big data to AI, power your data with OVHcloud solutions
From big data to AI, power your data with OVHcloud solutions
 
Inside the PostgreSQL Project Infrastructure
Inside the PostgreSQL Project InfrastructureInside the PostgreSQL Project Infrastructure
Inside the PostgreSQL Project Infrastructure
 
Bogdan Kecman INIT Presentation
Bogdan Kecman INIT PresentationBogdan Kecman INIT Presentation
Bogdan Kecman INIT Presentation
 
Interactive Analytics with the Starburst Presto + Alluxio stack for the Cloud
Interactive Analytics with the Starburst Presto + Alluxio stack for the CloudInteractive Analytics with the Starburst Presto + Alluxio stack for the Cloud
Interactive Analytics with the Starburst Presto + Alluxio stack for the Cloud
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
Select Star: Flink SQL for Pulsar Folks - Pulsar Summit NA 2021
 
Warsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft ODataWarsaw muleSoft meetup #11 MuleSoft OData
Warsaw muleSoft meetup #11 MuleSoft OData
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
 
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...
 
Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications
 
Reliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesReliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on Kubernetes
 

Último

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Último (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Managing Your Pentest Data with Kvasir: Toorcon 15

  • 1. Managing Penetration Testing Data with Kvasir Toorcon 15 (San Diego) @grutz
  • 2. BACKGROUND Toorcon 15 -- @grutz Managing PT Data with Kvasir 2
  • 3. $ whois grutz Corporate penetration tester for ~15 years ~10 years internal with Federal Reserve and Pacific Gas & Electric 5 years consulting to customers for Developed Squirtle, the NTLM Attack tool Smashed up some Huawei/H3C/HP gear Toorcon 15 -- @grutz Managing PT Data with Kvasir 3
  • 4. DEFINING THE PROBLEM Toorcon 15 -- @grutz Managing PT Data with Kvasir 4
  • 5. Testing is all about collecting data… Toorcon 15 -- @grutz Managing PT Data with Kvasir 5
  • 6. As pentesters we collect a TON of data… Toorcon 15 -- @grutz Managing PT Data with Kvasir 6
  • 7. So you sort them into directories… …which can be difficult to manage… Toorcon 15 -- @grutz Managing PT Data with Kvasir 7
  • 8. Sharing data across your team …can have its challenges Toorcon 15 -- @grutz Managing PT Data with Kvasir 8
  • 9. Did you get everything you need? Great! Now write a report, monkey! Toorcon 15 -- @grutz Managing PT Data with Kvasir 9
  • 10. CURRENT OPTIONS? Toorcon 15 -- @grutz Managing PT Data with Kvasir 10
  • 11. Currently… • • • • • • • Metasploit Pro, Cobalt Strike, STRATEGIC, CORE, etc Nexpose, Nessus, QualysGuard, Saint, Fortigate, etc ThreadFix, Archer, RiskIO, Secunia VIM, etc Issue / Bug tracking tools (and their wikis) • TRAC, Redmine, Bugzilla, etc Wikis! Spreadsheets! Roll your own! Toorcon 15 -- @grutz Managing PT Data with Kvasir 11
  • 12. Issues with these tools • • • • • Not designed to manage PT data • You have to conform your data to the tool • Vulnerability Management != Penetration Test Data! Requires enhancements / add-ons • Develop your own add-ons • Maintain support and training Changes are difficult to implement • No access to source code for when things break • High complexity, vendor demands, delays “In the cloud” or “vendor hosted” solutions Spreadsheets??? Really?!?! Toorcon 15 -- @grutz Managing PT Data with Kvasir 12
  • 13. ENTER KVASIR Toorcon 15 -- @grutz Managing PT Data with Kvasir 13
  • 14. 0118 999 881 999 119 725 3 Toorcon 15 -- @grutz Managing PT Data with Kvasir 14
  • 15. ACHTUNG! I am an ADHD coder. Large bits of Kvasir were thought of after working at a customer’s site and developed with little sleep and lots of caffeine and/or alcohol. I am also not a really good UI coder. Toorcon 15 -- @grutz Managing PT Data with Kvasir 15
  • 16. Kvasir’s Cisco Pedigree • • • • Recognized long ago that managing disparate data is essential to effective testing results Began from our acquisition of “The Wheel Group” back in 1999 Multiple iterations: • AttackAll, AutoSPA, Halo/Banshee, AutoSPAng Close source / proprietary Toorcon 15 -- @grutz Managing PT Data with Kvasir 16
  • 17. Design Philosophy • • • • • • Take disparate data and cram it into a (mostly) consistent relational database format. Focus on PENETRATION TEST tools and data Be quick Be adaptable Try not to get in the way of the hacking No cross-contamination of customer data Toorcon 15 -- @grutz Managing PT Data with Kvasir 17
  • 18. Benefits to using Kvasir • • • Alcohol infused coding practices Designed by and for Penetration Testers OPEN SOURCE! FREE!!! Data access through web2py shell == awesome! http://web2py.com/books/default/chapter/29/06/the-databaseabstraction-layer Toorcon 15 -- @grutz Managing PT Data with Kvasir 18
  • 19. High-level Database Design Hosts Accounts Operating Systems CPE Data SNMP Services NetBIOS VulnDB Exploits Toorcon 15 -- @grutz Evidence References Managing PT Data with Kvasir 19
  • 20. Data Directory Structure All script output is stored under “data” Local to the web server Session-logs/ contain ‘script’ file output from launched terminals Toorcon 15 -- @grutz Managing PT Data with Kvasir 20
  • 21. Supported Host/Vulnerability Scanners Right Now Nexpose Nmap Nessus Metasploit (hosts only) ShodanHQ Horizon QualysGuard Metasploit Pro (Webscan) BurpSuite Pro (Report XML) Others? Toorcon 15 -- @grutz Managing PT Data with Kvasir 21
  • 22. Metasploit Pro API Integration • • Kvasir utilizes some MSF Pro-only API functions: • Bruteforce / Exploit • Import XML, PWDUMP, Screenshots • Sending Accounts / Scan data results TODO: • Sending exploits to Framework API • Direct MSF DB access (who uses ‘pass’ as a field name? MSF!) Toorcon 15 -- @grutz Managing PT Data with Kvasir 22
  • 23. THE KVASIR WORKFLOW Toorcon 15 -- @grutz Managing PT Data with Kvasir 23
  • 24. Installation and setup https://github.com/KvasirSecurity/Kvasir/wiki/Installation • • Kvasir begins life as a completely blank slate • You must add users, CPE, Vulndata, Exploits, etc • Mostly automated through parts of the UI For multiple team members on a test: • One central person runs the SQL database • All team members have their own Kvasir instance and point to the SQL DB in settings.database_uri Toorcon 15 -- @grutz Managing PT Data with Kvasir 24
  • 25. Importing Support Data • • • Vulnerability data can be: • Imported prior to engagement start • Imported as part of a Vulnerability Scan results Exploits XML data imported: • Nexpose’s exploits.xml file • ImmunitySec CANVAS download / file CPE OS Data • Downloaded and parsed from MITRE Toorcon 15 -- @grutz Managing PT Data with Kvasir 25
  • 26. Populating Engagement Data • • • Vulnerability Scanner Imports • Import direct from scanners or files Nmap Scanning Imports • Import XML output file (-oX) • Kick-off a scan and import the results Bruteforce/Account Tools • THC Hydra • Medusa • Metasploit creds.csv output • PW recovery tool output (John POT, user:password, etc) Toorcon 15 -- @grutz Managing PT Data with Kvasir 26
  • 27. Valkyries Tasks who results feed back to Kvasir Not designed to replace Metasploit / CANVAS / CORE, etc. WebShot: Grab images of HTTP instance using phantomjs VNCShot: Grab images of open VNC Servers using vncdotool Others planned, just not completed Toorcon 15 -- @grutz Managing PT Data with Kvasir 27
  • 28. SCREENSHOTS! Toorcon 15 -- @grutz Managing PT Data with Kvasir 28
  • 29. Main Index Toorcon 15 -- @grutz Managing PT Data with Kvasir 29
  • 30. Host List Toorcon 15 -- @grutz Managing PT Data with Kvasir 30
  • 31. Host Detail Terminal launch – click or hot-key L Notes submit after enter Flags are hot-keyed: C, D, F Hot-key: ^N Tabs switch with hot-keys: a, s, v, e, o, t, m, b Toorcon 15 -- @grutz Managing PT Data with Kvasir 31
  • 32. Services Toorcon 15 -- @grutz Managing PT Data with Kvasir 32
  • 33. Accounts Toorcon 15 -- @grutz Managing PT Data with Kvasir 33
  • 34. Windows Domain Memberships Toorcon 15 -- @grutz Managing PT Data with Kvasir 34
  • 35. Evidence (Screenshots, Docs, etc) Toorcon 15 -- @grutz Managing PT Data with Kvasir 35
  • 36. Password Statistics Toorcon 15 -- @grutz Managing PT Data with Kvasir 36
  • 37. Vulnerability Statistics Toorcon 15 -- @grutz Managing PT Data with Kvasir 37
  • 38. Vulnerability Circles “In progress” Diameter calculated by service counts, CVSS details, accounts, severity, etc Toorcon 15 -- @grutz Managing PT Data with Kvasir 38
  • 39. ON THE HORIZON Toorcon 15 -- @grutz Managing PT Data with Kvasir 39
  • 40. Lots to still do… • • • • • • Consistent vulnerability database (VulnDB?) that maps to vendor tags (QID, NessusID, Nexpose ID) Additional vulnerability scanner support Metasploit to release their new MDM structure Maltego Integration Probably an overhaul of the user interface Whatever is in TODO.md that I thought of while sleepless on a 10hr flight back home Toorcon 15 -- @grutz Managing PT Data with Kvasir 40