Pentesting - OWASP Foundation

1y ago
22 Views
2 Downloads
3.05 MB
57 Pages
Last View : 2m ago
Last Download : 2m ago
Upload by : Dahlia Ryals
Transcription

PentestingJacco van Tuijl17 september 2015Pentesting presentation1

PentestingWhat? Servers, mobile devices, embedded devices,networks, RF, (web) application security,physical security and the human.Goal? Identify vulnerabilities and advice about riskand possible solutions.How?Pentesting presentation2

Pentest -printingVulnerability assessmentVerification and exploitationPost exploitationReportPentesting presentation3

Preparation Scope / goal / targetsSigned pentest waiver (also 3th party)Date and time of executionBlack box / gray box / crystal boxIntrusive / non intrusivePrivileged / non privilegedInternet / LANWith or without informing otheremployeesPentesting presentation4

Foot-printing Open sourceslike Google, news paper, website,www.code1000.com(dutch), socialmedia, etcPentesting presentation5

DNSPentesting presentation6

DNS Tools WhoisZone transferSub-domainsDNSmap, DNSenum, DNSBrute,DNSReconPentesting presentation7

WhoisPentesting presentation8

DNSMapDemoPentesting presentation9

Robtex.comPentesting presentation10

RipePentesting presentation11

DNS Zone transfer Host -la voorbeelddomein.nldig @8.8.8.8 voorbeelddomein.nl axfrNslookupPentesting presentation12

Visual traceroutePentesting presentation13

FocaPentesting presentation14

MaltegoPentesting presentation15

The harvesterPentesting presentation16

Recon-ngPentesting presentation17

Finger-printing PortscanCrawlersBanner grabbing / service discoverySniffingEnumeration (smb, ftp, snmp .)Pentesting presentation18

Poortscan NmapAngry ip scannerHpingPentesting presentation19

HPingPentesting presentation20

NMAP (Demo)Pentesting presentation21

Sniffing Wireshark / TsharkTCPdumpUSB, I2C, JTAG, CAN bus, RF,ethernet, etc.Side channelPentesting presentation22

WiresharkPentesting presentation23

BusPirate, logic analyzer,GoodFet, ShikraPentesting presentation24

RFUbertooth RTL-SDR HackRF One Android device (NFCProxy) Proxmark III 25

Side channel Timing attackPower / Acoustic / ElectromagneticanalysisDifferential fault analysis (Poodle)Data remanenceRow hammerFile size, log size, memory consumption,CPU utilization, etc.Pentesting presentation26

Side channel - timingIf (!userExists( ned( gin( USERNAME, g presentation27

Vulnerability assessment Vulnerability scanners / crawlers /spidersProxyFuzzingPassword attacksCryptanalysisCVE , exploitDB(searchsploit), bugtraqshodanPentesting presentation28

Vulnerability scanner / crawlers /spiders Vulnerability scannersNessus, OpenVas, Nexpose, CoreImpact, QualysWeb application security scannersNikto, skipfish, arachni, acunetix,appscanApplicatie specifiekSAPScan, WPScan, Spscan, JoomscanSimpel crawling scriptPentesting presentation29

NessusPentesting presentation30

Proxy OWASP ZAPWebScarabBurp suitIronWaspDIY scriptPentesting presentation31

OWASP ZAPPentesting presentation32

IronWaspPentesting presentation33

Burp suitdemoSogeti PowerPoint Referentie 201434

FuzzDBCheckout fuzzdbgithub.com/fuzzdb-projectSogeti PowerPoint Referentie 201435

FuzzingdemoSogeti PowerPoint Referentie 201436

Verification and exploitation Look at open servicesExploits d and hash attacksShell (root/administrator/system)Pentesting presentation37

Look at open servicesnc 192.124.102.88 1392 Ncat 192.124.102.88 443 telnet 192.124.102.88 1392 Pentesting presentation38

Debugging, decomipling,disassembling and REIDA PRO OllyDBG GDB Dex2jar SWF Decompiler Binwalk Pentesting presentation39

Searchsploit(demo)Pentesting presentation40

MetasploitPentesting presentation41

Metasploit(demo)Pentesting presentation42

Hashes (demo)Pentesting presentation43

Password and hash attacksBruteforce / dictionary / wordlist Hash cracking Pass-the-hash Pentesting presentation TALKS .NET44

Dictionary & CrunchFuzzDBWiki.skullsecurity.org/Passwords crunch 1 1 -t @ -u wordlist-subdomains.txtcrunch 2 2 -t @% -u wordlist-subdomains.txtcrunch 2 2 -t @@ -u wordlist-subdomains.txtcrunch 3 3 -t @@% -u wordlist-subdomains.txtcrunch 3 3 -t @@@ -u wordlist-subdomains.txtcrunch 4 4 -t @@@% -u wordlist-subdomains.txtcrunch 4 4 -t @@@@ -u wordlist-subdomains.txtcrunch 5 5 -t @@@@@ -u wordlist-subdomains.txtPentesting presentation TALKS .NET45

Bruteforce – THC HydraPentesting presentation TALKS .NET46

Hash Cracking John the testing presentation47

BarsWFPentesting presentation48

Pass-The-HashCracking hashes is not always needed:Just pass-the-hash with: Pass-the-hash toolkit Mimikatz Medusa THC hydraDemo FreeRDPPentesting presentation49

CryptanalysisKnown plain text Brute force Implementation Replay, MIT, backdoors Side channel Rubber-hose Pentesting presentation TALKS .NET50

Post exploitation Pivoting / tunnelingBackdoorsPrivilege escalationHardening & patchingErasing tracksPentesting presentation TALKS .NET51

Pivoting and tunneling Route addMETERPRETER run autoroute –hPlink, fport, nc, ncat, OpenVPN andSSHiodine, httptunnel (covert channels)Pentesting presentation TALKS .NET52

Erasing tracks history -c && exit zapper METERPRETER clearrev clearlogs.exe Ccleaner.exe /AUTO /METHOD “0-3” Log flooding Timestomp (MACE atributes NTFS)Pentesting presentation53

Report What did you research and what wasthe goal?What did you not research?What did you find?Finding, cause, impact and solutionSRisk estimation and prioritizingPentesting presentation54

Risk rating CVSSOWASP risk ratingPentesting presentation55

OWASP risk ratingPentesting presentation56

More info Securitytube.netptes.orgOWASPCEH & LPT / OSCP / OSCEHacker / security events:Hardwear.ioHack in The Box Amsterdam 201632c3 - HamburgOWASP Meetings & AppSecBruconPentesting presentation57

Foca Pentesting presentation 14 . Maltego Pentesting presentation 15 . The harvester Pentesting presentation 16 . Recon-ng Pentesting presentation 17 . Finger-printing . Pentesting presentation TALKS .NET 45 . Bruteforce - THC Hydra Pentesting presentation TALKS .NET 46 .

Related Documents:

Basic Pentesting : 2 - Capture The Flag Introduction Basic Pentesting : 2 is a boot2root VM and is a continuation of the Basic Pentesting series by Josiah Pierce. This series is designed to help newcomers to penetration testing and to develop pentesting skills. Have fun exploring part of the offensive side of security.

OWASP Code review guide, V1.1 The Ruby on Rails Security Guide v2 OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool) Internationalization Guidelines and OWASP-Spanish Project OWASP Application Security Desk Reference (ASDR) OWASP .NET Project Leader OWASP Education Project

work with clients, we also find that the OWASP Top 10 vulnerabilities are some of the most prevalent. This tells us that all companies should at least be looking for the OWASP Top 10 on a regular basis. A1 - Injection OWASP Top 10 -2013 OWASP Top 10 -2017 A2 - Broken Authentication and Session Managament A3 - Cross-Site Scripting (XSS)

Threat Prevention Coverage – OWASP Top 10 Analysis of Check Point Coverage for OWASP Top 10 Website Vulnerability Classes The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. OWASP mission is to make software security visible, so that individuals and

OWASP effort. This shows how much passion the community has for the OWASP Top 10, and thus how critical it is for OWASP to get the Top 10 right for the majority of use cases. Although the original goal of the OWASP Top 10 project was simply to raise awareness amongst developers and managers, it has become . the. de facto application security .

The OWASP Top 10 Proactive Controls is similar to the OWASP Top 10 but is focused on defensive techniques and controls as opposed to risks. Each technique or control in this document will . OWASP Mobile Application Security Verification Standard (MASVS) OWASP Top Ten .

Planning the OWASP Testing Guide v4 Matteo Meucci, Giorgio Fedon, Pavol Luptak Few words about the TG history and adoption by the Companies Why we need the Common Numbering . -"OWASP Testing Guide", Version 2.0 December 16, 2008 -"OWASP Testing Guide", Version 3.0 -Released at the OWASP Summit 08. Project Complexity 0 50 100 .

List of C ASTM Standards C4-04(2009) Standard Specification for Clay Drain Tile and Perforated Clay Drain Tile C5-10 Standard Specification for Quicklime for Structural Purposes C10/C10M-10 Standard Specification for Natural Cement C11-13 Standard Terminology Relating to Gypsum and Related Building Materials and Systems C12-13 Standard Practice for Installing Vitrified Clay Pipe Lines C14-11 .