22
Internal Penetration Testing

Internal Penetration Testing

Embed Size (px)

DESCRIPTION

Internal pentest

Citation preview

Page 1: Internal Penetration Testing

Internal Penetration Testing

Page 2: Internal Penetration Testing

Internal Penetration TestingDefining scope and goalsTools of the TestPresentation of findings

Page 3: Internal Penetration Testing

Defining Scope and GoalsDefine specific goals for

assessmentWhat defines success?Identify vs. exploit?Should systems be tagged?Are screenshots enough?

Create timelinesActive assessment

Page 4: Internal Penetration Testing

LimitsOut of scope? Not for hackers

Reading email in attempt to gain passwordsAttacking workstations to gain network

credentialsAttacking administrative workstations to gain

admin accessSearching .txt and .doc files on workstationsSearching .txt and .doc files on production

systemsSniffing trafficKeystroke loggersIntentional denial of service

Page 5: Internal Penetration Testing

Internal vs. External

What is the difference?less or no access controlstest systemstrust relationships

Page 6: Internal Penetration Testing

Tools of the Test

1. Footprint2. Host Identification3. Service Identification4. Service Enumeration5. Host Enumeration6. Network Map7. HSV Scans8. Vulnerability

Mapping/Exploitation

Page 7: Internal Penetration Testing

1. Footprint

Goal: identify ranges and domains

net view /domain to identify domains

Page 8: Internal Penetration Testing

FootprintIdentify IP ranges

SNMPDNSICMP

Page 9: Internal Penetration Testing

2. Host Identification

Identify Hosts

TCP ICMP

Identify domain members using the NET commandnet view /domain:<domain>

Page 10: Internal Penetration Testing

Host IdentificationFoundstone net view

Page 11: Internal Penetration Testing

3. Service Identification

Identify Ports

TCP UDP

Tool: Fscan –i <ip>

Page 12: Internal Penetration Testing

4. Service Enumeration

Identify what is running on listening ports

Tool:Nmap & Nessus

Page 13: Internal Penetration Testing

5. Host Enumeration

use all the previous information to make accurate guess at OS and version from Nessus reports

Page 14: Internal Penetration Testing

6. Network Map

Should be created to identify hosts, services and access paths.

Page 15: Internal Penetration Testing

7. HSV Scans

High Severity Vulnerability (HSV) Scans should be performed to identify systems with high severity vulnerability

NetBIOS weak passwordsSQL weak passwordsWeb Vulnerabilities

Page 16: Internal Penetration Testing

Cont.NetBIOS weak passwords

manual guessing techniquesnbtenum ntsleuth.0catch.comnat Network Auditing Tool

Page 17: Internal Penetration Testing

SQL weak passwords

Tools

SQLMAPSQLlhfSQLdictSqlping2osql

RemarksSQL can run on alternate ports

Page 18: Internal Penetration Testing

Web vulnerabilities

stealthwhisker typhon

Page 19: Internal Penetration Testing

8. Vulnerability Mapping/Exploitation

Source port attacks

If you use IPSec don’t forget to use the NoDefaultExempt key

HKLM\SYSTEM\CCS\Services\IPSEC\NoDefaultExec | DWORD = 1

Web Attacks

NetBIOS

SQL Attacks

Page 20: Internal Penetration Testing

9. Presentation of findings

Report should be clear and concise

Include screenshots

Use action items for remediation

Categorize findings TACTICAL STRATEGIC

Page 21: Internal Penetration Testing

Presentation of findings

Strengthening Microsoft Networks

strong domain architecturesrigid user management hardened applications principle of least privilegesecurity baselines for systems defence in depth network segmentation 3rd party audit

Page 22: Internal Penetration Testing

THANK YOU


INTERNAL NETWORK PENETRATION TESTING - Hackcontrol · 2020. 10. 15. · Executive Summary Hack Control (Provider) was contracted by ____ (Client) to conduct the penetration testing

INTERNAL NETWORK PENETRATION TESTING - Hackcontrol · 2020. 10. 15. · Executive Summary Hack Control (Provider) was contracted by ____ (Client) to conduct the penetration testing

Documents
sap penetration testing sap penetration testing - Black Hat

sap penetration testing sap penetration testing - Black Hat

Documents
Whitepaper: Network Penetration Testing - Happiest Minds · PDF fileInternal network Penetration Testing reveals the holistic view of the security posture of the organization. An internal

Whitepaper: Network Penetration Testing - Happiest Minds · PDF fileInternal network Penetration Testing reveals the holistic view of the security posture of the organization. An internal

Documents
Internal Penetration Testing

Internal Penetration Testing

Documents
Penetration Testing

Penetration Testing

Documents
A Security Evaluation and Internal Penetration Testing Of the …publications.lib.chalmers.se/records/fulltext/212488/212488.pdf · A Security Evaluation and Internal Penetration

A Security Evaluation and Internal Penetration Testing Of the …publications.lib.chalmers.se/records/fulltext/212488/212488.pdf · A Security Evaluation and Internal Penetration

Documents
PENETRATION TESTING AND AUDIT SERVICES · Penetration testing and audit services by SSL247® are the best way to assess and evaluate your internal and external security. A penetration

PENETRATION TESTING AND AUDIT SERVICES · Penetration testing and audit services by SSL247® are the best way to assess and evaluate your internal and external security. A penetration

Documents
Penetration Testing Magazine

Penetration Testing Magazine

Education
Custom Penetration Testing - SANS Sims - Custom... · Advanced Penetration Testing - 2009 SANS 3 What is Penetration Testing? • Process of testing a target environment for weaknesses

Custom Penetration Testing - SANS Sims - Custom... · Advanced Penetration Testing - 2009 SANS 3 What is Penetration Testing? • Process of testing a target environment for weaknesses

Documents
Penetration Testing Methodology

Penetration Testing Methodology

Documents
PENETRATION TESTING AND AUDIT SERVICES...Penetration testing and audit services by SSL247® are the best way to assess and evaluate your internal and external security. A penetration

PENETRATION TESTING AND AUDIT SERVICES...Penetration testing and audit services by SSL247® are the best way to assess and evaluate your internal and external security. A penetration

Documents
Web Application Penetration Testing · Penetration Testing By: Frank Coburn & Haris Mahboob. Take Aways Overview of the web app penetration ... §Penetration testing vs vulnerability

Web Application Penetration Testing · Penetration Testing By: Frank Coburn & Haris Mahboob. Take Aways Overview of the web app penetration ... §Penetration testing vs vulnerability

Documents
Penetration Testing Services · Penetration Testing Services Smarttech ... Best practice methodology ... During an internal penetration test, the tester will

Penetration Testing Services · Penetration Testing Services Smarttech ... Best practice methodology ... During an internal penetration test, the tester will

Documents
Penetration testing Professional

Penetration testing Professional

Documents
Web Applications Penetration Testingcs1160315/WebPenetration... · 2018. 3. 3. · Penetration testing typically includes network penetration testing and application security testing

Web Applications Penetration Testingcs1160315/WebPenetration... · 2018. 3. 3. · Penetration testing typically includes network penetration testing and application security testing

Documents
Penetration Testing Network & Perimeter Testing

Penetration Testing Network & Perimeter Testing

Documents
Vulnerability Assessment & Penetration Testing...test is a penetration test of the internal network (plug in and see how far you can get). In such an internal penetration test we have

Vulnerability Assessment & Penetration Testing...test is a penetration test of the internal network (plug in and see how far you can get). In such an internal penetration test we have

Documents
Writing a Penetration Testing Report - Abaxio · (Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd th, ... Title Black Box Penetration Testing

Writing a Penetration Testing Report - Abaxio · (Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd th, ... Title Black Box Penetration Testing

Documents
Internal Penetration Testing Datasheet

Internal Penetration Testing Datasheet

Documents
Penetration Testing - Brown University Departmentcs.brown.edu/cgc/net.secbook/se01/handouts/Ch09-PenetrationTesti… · Penetration Testing 12/7/2010 Penetration Testing 1 What Is

Penetration Testing - Brown University Departmentcs.brown.edu/cgc/net.secbook/se01/handouts/Ch09-PenetrationTesti… · Penetration Testing 12/7/2010 Penetration Testing 1 What Is

Documents
Network Infrastructure Penetration Testing and …...Network Infrastructure Penetration Testing and Ethical Hacking This course teaches penetration testing and will illustrate how

Network Infrastructure Penetration Testing and …...Network Infrastructure Penetration Testing and Ethical Hacking This course teaches penetration testing and will illustrate how

Documents
Penetration testing as an internal audit activity

Penetration testing as an internal audit activity

Business
Penetration Testing Methodologies Testing... · penetration testing, aiutando la comunità di sicurezza nella scelta del percorso migliore per il penetration testing. Il termine open

Penetration Testing Methodologies Testing... · penetration testing, aiutando la comunità di sicurezza nella scelta del percorso migliore per il penetration testing. Il termine open

Documents
Penetration Testing - University of Texas at Dallascsi.utdallas.edu/...Penetration_Testing...Slides.pdf · Penetration Testing. What is penetration testing? Attempt to bypass security

Penetration Testing - University of Texas at Dallascsi.utdallas.edu/...Penetration_Testing...Slides.pdf · Penetration Testing. What is penetration testing? Attempt to bypass security

Documents
PENETRATION TESTING SERVICES - Opposition Security · PENETRATION TESTING SERVICES Opposition Security penetration testing services evaluate your security program in depth to find

PENETRATION TESTING SERVICES - Opposition Security · PENETRATION TESTING SERVICES Opposition Security penetration testing services evaluate your security program in depth to find

Documents
VAPT (Vulnerability Assessment & Penetration Testing) //Remedy · VAPT (Vulnerability Assessment & Penetration Testing) //Remedy A Division. In Penetration Testing, part of a security

VAPT (Vulnerability Assessment & Penetration Testing) //Remedy · VAPT (Vulnerability Assessment & Penetration Testing) //Remedy A Division. In Penetration Testing, part of a security

Documents
Wireless Penetration Testing

Wireless Penetration Testing

Documents
PENETRATION TESTING - Perspective Risk · PDF fileA PROVIDER OF PENETRATION TESTING SERVICES? ... Invariably, penetration testing means that the penetration testers will

PENETRATION TESTING - Perspective Risk · PDF fileA PROVIDER OF PENETRATION TESTING SERVICES? ... Invariably, penetration testing means that the penetration testers will

Documents
BackTrack 5 Wireless Penetration Testing Beginner's …cdn.ttgtmedia.com/...BackTrack-5-Wireless-Penetration-Testing-eBook... · BackTrack 5 Wireless Penetration Testing Beginner's

BackTrack 5 Wireless Penetration Testing Beginner's …cdn.ttgtmedia.com/...BackTrack-5-Wireless-Penetration-Testing-eBook... · BackTrack 5 Wireless Penetration Testing Beginner's

Documents
INFORMATION SHEET PENETRATION TESTING...Vulnerability scanning VS penetration testing Penetration testing distinguishes itself from general vulnerability scanning but the two phrases

INFORMATION SHEET PENETRATION TESTING...Vulnerability scanning VS penetration testing Penetration testing distinguishes itself from general vulnerability scanning but the two phrases

Documents