Module 5 – Vulnerability Identification

Phase II Controls Assessment Scheduling

○ Information Gathering○ Network Mapping○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation○ Enumerating Further○ Compromise Remote Users/Sites○ Maintaining Access○ Cover the Tracks

Heorot.net

Vulnerability Identification

Purpose behind Vulnerability Identification

“...find flaws within the network, servers, services and other attached information resources.”

Heorot.net

Vulnerability Identification Identify vulnerable services using service banners Perform vulnerability scan to search for known

vulnerabilities Perform false positive and false negative Enumerate discovered vulnerabilities Estimate probable impact (classify vulnerabilities

found) Identify attack paths and scenarios for exploitation

Heorot.net

Identify Vulnerable ServicesUsing Service Banners

Heorot.net

Identify Vulnerable ServicesUsing Service Banners

Apache Demonstration

Perform Vulnerability Scan

*Tools:NessusSaraInternet ScannerRetina Network Security ScannerNetreconCore IMPACT

*None of these tools are found on the BackTrack DiskHeorot.net

Perform Vulnerability Scan

Advantage of Vulnerability Scanners:“Click-and-Go”Basic knowledge of IT and SecurityPowerfulUp-to-date

Disadvantage of Vulnerability Scanners:“Click-and-Go”Basic knowledge of IT and Security

Heorot.net

Perform False Positive and False Negative

“False positives refer to non-issues that were incorrectly detected. Accordingly, false negatives refer to existent issues that were not detected during an assessment. In every assessment there is always the risk of any of these being present.”

Enumerate Discovered VulnerabilitiesIdentified Vulnerability

Apache/2.0.55 (UNIX) PHP/5.1.2

Tools:Web Sites:

○ Milw0rm.org○ Securityfocus.com○ Cert.org○ Packetstormsecurity.com○ National Vunerability Database

http://nvd.nist.gov/

MetasploitVulnerability Scanners

Heorot.net

Enumerate Discovered Vulnerabilities

Apache / milw0rm Demonstration

Estimate Probable Impact

High Risk Vulnerability○ “...immediate threat of high and adverse impact on the

business critical processes of the target organization”

Medium Risk Vulnerability○ “...threat of high and adverse impact to non-critical

systems in terms of business.○ “...no immediate threat nor a big impact and the

vulnerability affects critical business systems.”

Low Risk Vulnerability○ ...”the technical and business impact is low.”

Heorot.net

Identify Attack Paths and Scenarios for Exploitation Game plan on how to attack the system List of vulnerabilities

Threat Level based on Impact to business goals Measures to mitigate vulnerabilities Stopping point

About to move away from “Blue Team”and move into “Red Team”

Heorot.net

Hands-On Exercise Identify Live Hosts

Tools:The InternetList of Services

○ Version InformationOperating System

○ Version Information

Find known VulnerabilitiesBugtraq

○ http://securityfocus.com/archive/1

National Vunerability Database○ http://nvd.nist.gov/

Find Potential Exploitsmilw0rm.org (that’s a “zero”)

Securityfocus.comCert.orgPacketstormsecurity.com

Heorot.net

Module 5 – Conclusion

Phase II Controls Assessment Scheduling

○ Information Gathering○ Network Mapping○ Vulnerability Identification

Identify vulnerable services using service bannersPerform vulnerability scanPerform false positive and false negative Enumerate discovered vulnerabilitiesEstimate probable impactIdentify attack paths and scenarios for exploitation

Heorot.net