35
AHMAD MUAMMAR !(C)2011 | @Y3DIPS SECURITY PENETRATION TESTING TEKNIS PELATIHAN KEAMANAN INFORMASI AHMAD MUAMMAR !(C)2011 | @Y3DIPS

Penetration testing

Tags:

Embed Size (px)

DESCRIPTION

Technical workshop about Penetration Testing for BPPT

Citation preview

Page 1: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

SECURITY PENETRATION TESTING

TEKNIS PELATIHAN KEAMANAN INFORMASI

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

Page 2: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

AGENDA

SECURITY ASSESSMENT

VULNERABILITY ASSESSMENT

SECURITY AUDIT

PENETRATION TESTING

VA V.S PENTEST

PENTEST V.S SYSTEM AUDIT

Page 3: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

AGENDA

PENETRATION TESTING

TYPE

SCOPE (AREA)

LIMITATIONS

PENETRATION TESTING

METHODOLOGIES

WELL KNOWN STANDARD

Page 4: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

SECURITY ASSESSMENT

IS A WAY TO VALIDATE/CHECK THE LEVEL OF SECURITY ON EVERY ASPECT OF IT INFRASTRUCTURE.

ALSO TO ENSURE THAT NECESSARY SECURITY CONTROLS ARE INTEGRATED INTO THE DESIGN AND IMPLEMENTATION.

TO PREPARE FOR BETTER ENHANCEMENT

Page 5: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

SECURITY ASSESSMENT

VULNERABILITY ASSESSMENT

A VULNERABILITY ASSESSMENT IS USUALLY CARRIED OUT BY SECURITY VULNERABILITY SCANNER APPLICATION. MOST OF THE PRODUCT TEST TYPE OF OPERATING SYSTEM, APPLICATION, PATCH LEVEL, USER ACCOUNT AND ELSE.

VULNERABILITY SCANNER IDENTIFY COMMON SECURITY CONFIGURATION MISTAKES AND COMMON ATTACK

Page 6: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

SECURITY ASSESSMENT

SECURITY AUDIT

MOST PART ARE CHECKLIST-BASED (CORPORATE SECURITY POLICICES OR REGULATION STANDARDS (ISO) OR PBI)

IMPORTANT FOR BEING COMPLIED WITH SECURITY POLICIES, LEGISLATION AND STANDARDS

E.G: IS THERE ANY BACKUPS? ANTIVIRUS?

Page 7: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

SECURITY ASSESSMENT

PENETRATION TESTING

IS WHEN A “HACKER” DO THE ATTACKER WORK.

THE ONLY GOAL IS TO GET AS MUCH AS POSSIBLE AND AS DEEP AS POSSIBLE TO BREAK INTO THE SYSTEM.

Page 8: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

VA V.S PENTEST

VULNERABILITY ASSESSMENT IDENTIFIES THE “POSSIBLE” VULNERABILITIES (ALSO FALSE POSITIVE)

PENETRATION TESTING VALIDATES THE VULNERABILITY

Page 9: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENTEST V.S SECURITY AUDITS

SECURITY AUDITS IMPORTANT FOR BEING COMPLIED WITH SECURITY POLICIES, LEGISLATION AND STANDARDS

PENTEST COMPLEMENT SYSTEM AUDITS AND HELP TO FIX SECURITY THREAT BEFORE AN ATTACKER DISCOVERS IT

Page 10: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

CHECK SENSITIVE INFORMATION AVAILABLE

CHECK WHAT KIND OF PRIVILEGES PENTESTER GAIN

CHECK IF POSSIBLE TO ESCALATE PRIVILEGES

CHECK IF VULNERABILITY CAN LEAD TO MORE EXPLOITS (ANOTHER APPLICATION, SYSTEM, OR SERVER)

Page 11: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

TYPE OF PENETRATION TESTING:

BLACK BOX: 0 INFORMATION ABOUT THE SYSTEM, MAYBE ONLY THE IP/DOMAIN NAME. FULL ATTACKER PERSPECTIVE

GRAY BOX: PARTIAL INFORMATION ABOUT A SYSTEM, SIMULATE ATTACK BY EMPLOYEE, VENDORS.

WHITE BOX: SIGNIFICANT INFORMATION ABOUT A SYSTEM, SOURCE CODE/CONFIGURATION REVIEW.

Page 12: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

NETWORK INFRASTRUCTURE PENTEST

WIFI, VOIP, TELEPHONE

APPLICATION INFRASTRUCTURE PENTEST

WEB, MOBILE

SYSTEM INFRASTRUCTURE PENTEST

PHYSICAL SECURITY

SOCIAL ENGINEETING (PEOPLE)

Page 13: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

MOST LIMITATIONS

TIME

SKILLED

ACCESS TO EQUIPMENT

Page 14: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

METHODOLOGY

A GUIDELINE FOR SOLVING A PROBLEM, WITH SPECIFIC COMPONENTS SUCH AS PHASES, TASKS, METHODS, TECHNIQUES AND TOOLS

Page 15: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

!

WELL KNOWN STANDARD

Page 16: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

SOURCE: ISSAF

Page 17: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

INFORMATION GATHERING : USING ALL RESOURCES (INTERNET) TO FIND ALL THE INFORMATION ABOUT TARGET, USING TECHNICAL AND NON-TEHCNICAL METHODS

SOURCE: ISSAF

Page 18: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

INFORMATION GATHERING

NON TECHNICAL

SEARCH COMPANY INFO ON SOCIAL NETWORK : LINKEDIN.COM, FACEBOOK

SEARCH KEY PERSONAL ACTIVITY: ADMINISTRATOR, PROGRAMMER

GOOGLE HACKING

Page 19: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

HANDS ON

INFORMATION GATHERING VIA SOCIAL NETWORK

INFORMATION GATHERING VIA GOOGLE HACKING

Page 20: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

INFORMATION GATHERING

TECHNICAL

USING DIG. NSLOOKUP, WHOIS TO FIND INFORMATION

Page 21: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

HANDS ON

INFORMATION GATHERING USING DIG

INFORMATION GATHERING USING WHOIS

Page 22: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

NETWORK MAPPING: FOOTPRINT THE NETWORK AND RESOURCES THAT ALREADY GATHER FROM INFORMATION GATHERING. E.G: FIND LIVE HOST, PORT AND SERVICE, NETWORK PERIMETER, OS AND SERVICE FINGERPRINTING

SOURCE: ISSAF

Page 23: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

NETWORK MAPPING

TOOLS: NMAP, TRACEROUTE, PING

MENCOBA NMAP, TRACEROUTE

SOURCE: ISSAF

Page 24: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

HANDS ON

Page 25: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

HANDS ON

Page 26: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

VULNERABILITY IDENTIFICATION : IDENTIFY ALL SERVICES VULNERABILITY (BASED ON VERSION/BANNER), USING VULNERABILITY SCAN, IDENTIFY ATTACK PATH

TOOLS: NMAP, NESSUS

SOURCE: ISSAF

Page 27: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

HANDS ON

NMAP -SV (DETECT OPEN PORT WITH SERVICE INFO (VERSION))

NMAP -O (DETECT POSSIBLE OS)

Page 28: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

PENETRATION: TRY TO GAIN UNAUTHORIZED ACCESS BY CIRCUMVENTING THE SECURITY MEASURES TO GET ACCESS,. E.G: FIND POC, CREATE TOOLS, TESTING

SOURCE: ISSAF

Page 29: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

GAINING ACCESS AND PRIVILEGES : GAINING LEAST PRIVILEGE BY DEFAULT USER OR PASSWORD, DEFAULT SETTINGS, PUBLIC SERVICES, TRY TO ESCALATE PRIVILEGES TO SUPERIOR LEVEL (ADMINISTRATOR/ROOT)

USING/CREATING EXPLOIT

OR METASPLOIT (FREE) , IMMUNITY CANVAS, CORE IMPACT

SOURCE: ISSAF

Page 30: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

HANDS ON

USING METASPLOIT

USING LOCAL EXPLOIT TO GAIN HIGHER LEVEL PRIVILEGES

Page 31: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

ENUMERATING FURTHER: OBTAIN PASSWORD (PASSWORD FILE (/ETC/SHADOW, SAM), USER DATABASE), SNIFFING NETWORK, MAPPING INTERNAL NETWORK

SOURCE: ISSAF

Page 32: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

HANDS ON

CRACKING PASSWORD FILE

Page 33: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

COMPROMISE REMOTE USERS/SITES: (IF POSSIBLE) TRY TO COMPROMISE REMOTE USER (VPN USERS) TO GET PRIVILEGE TO INTERNAL NETWORK

SOURCE: ISSAF

Page 34: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

MAINTAINING ACCESS: OFTEN NOT PERFORM

COVERING TRACKS: OFTEN NOT PERFORM

SOURCE: ISSAF

Page 35: Penetration testing

AHMAD MUAMMAR !(C)2011 | @Y3DIPS

PENETRATION TESTING

VALUE IS ON THE REPORT

PENETRATION TESTING SERVICE LEVEL AGREEMENT

NON DISCLOSURE AGREEMENT

THERE ARE ALWAYS A RISK, E.G : SYSTEM DOWN/CRASH DURING PENTEST, SLOWDOWN NETWORK


Penetration Testing Report - E-SPIN Group · Penetration Testing Report Independent / 3rd party Web Application Vulnerability & Security Assessment / Penetration Testing / Audit (come

Penetration Testing Report - E-SPIN Group · Penetration Testing Report Independent / 3rd party Web Application Vulnerability & Security Assessment / Penetration Testing / Audit (come

Documents
Penetration Testing Magazine

Penetration Testing Magazine

Education
Penetration Testing - University of Texas at Dallascsi.utdallas.edu/...Penetration_Testing...Slides.pdf · Penetration Testing. What is penetration testing? Attempt to bypass security

Penetration Testing - University of Texas at Dallascsi.utdallas.edu/...Penetration_Testing...Slides.pdf · Penetration Testing. What is penetration testing? Attempt to bypass security

Documents
Penetration Testing Presentation

Penetration Testing Presentation

Documents
Web Application Penetration Testing · Penetration Testing By: Frank Coburn & Haris Mahboob. Take Aways Overview of the web app penetration ... §Penetration testing vs vulnerability

Web Application Penetration Testing · Penetration Testing By: Frank Coburn & Haris Mahboob. Take Aways Overview of the web app penetration ... §Penetration testing vs vulnerability

Documents
penetration testing

penetration testing

Technology
Penetration Testing - Brown University Departmentcs.brown.edu/cgc/net.secbook/se01/handouts/Ch09-PenetrationTesti… · Penetration Testing 12/7/2010 Penetration Testing 1 What Is

Penetration Testing - Brown University Departmentcs.brown.edu/cgc/net.secbook/se01/handouts/Ch09-PenetrationTesti… · Penetration Testing 12/7/2010 Penetration Testing 1 What Is

Documents
Expert Penetration Testing

Expert Penetration Testing

Documents
Penetration Testing Basics

Penetration Testing Basics

Technology
Penetration Testing Methodologies Testing... · penetration testing, aiutando la comunità di sicurezza nella scelta del percorso migliore per il penetration testing. Il termine open

Penetration Testing Methodologies Testing... · penetration testing, aiutando la comunità di sicurezza nella scelta del percorso migliore per il penetration testing. Il termine open

Documents
Chapter22 Penetration Testing

Chapter22 Penetration Testing

Documents
Cone Penetration Testing

Cone Penetration Testing

Documents
PENETRATION TESTING - Perspective Risk · PDF fileA PROVIDER OF PENETRATION TESTING SERVICES? ... Invariably, penetration testing means that the penetration testers will

PENETRATION TESTING - Perspective Risk · PDF fileA PROVIDER OF PENETRATION TESTING SERVICES? ... Invariably, penetration testing means that the penetration testers will

Documents
Firewall Penetration Testing

Firewall Penetration Testing

Technology
PENETRATION TESTING SERVICES - Opposition Security · PENETRATION TESTING SERVICES Opposition Security penetration testing services evaluate your security program in depth to find

PENETRATION TESTING SERVICES - Opposition Security · PENETRATION TESTING SERVICES Opposition Security penetration testing services evaluate your security program in depth to find

Documents
Penetration Testing Report

Penetration Testing Report

Documents
Penetration testing demystified

Penetration testing demystified

Documents
Network Infrastructure Penetration Testing and …...Network Infrastructure Penetration Testing and Ethical Hacking This course teaches penetration testing and will illustrate how

Network Infrastructure Penetration Testing and …...Network Infrastructure Penetration Testing and Ethical Hacking This course teaches penetration testing and will illustrate how

Documents
Penetration Testing Network & Perimeter Testing

Penetration Testing Network & Perimeter Testing

Documents
Penetration Testing Results

Penetration Testing Results

Documents
Demystifying Penetration Testing

Demystifying Penetration Testing

Documents
sap penetration testing sap penetration testing - Black Hat

sap penetration testing sap penetration testing - Black Hat

Documents
Android Penetration Testing

Android Penetration Testing

Documents
Penetration testing Professional

Penetration testing Professional

Documents
BackTrack 5 Wireless Penetration Testing Beginner's …cdn.ttgtmedia.com/...BackTrack-5-Wireless-Penetration-Testing-eBook... · BackTrack 5 Wireless Penetration Testing Beginner's

BackTrack 5 Wireless Penetration Testing Beginner's …cdn.ttgtmedia.com/...BackTrack-5-Wireless-Penetration-Testing-eBook... · BackTrack 5 Wireless Penetration Testing Beginner's

Documents
VAPT (Vulnerability Assessment & Penetration Testing) //Remedy · VAPT (Vulnerability Assessment & Penetration Testing) //Remedy A Division. In Penetration Testing, part of a security

VAPT (Vulnerability Assessment & Penetration Testing) //Remedy · VAPT (Vulnerability Assessment & Penetration Testing) //Remedy A Division. In Penetration Testing, part of a security

Documents
Writing a Penetration Testing Report - Abaxio · (Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd th, ... Title Black Box Penetration Testing

Writing a Penetration Testing Report - Abaxio · (Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd th, ... Title Black Box Penetration Testing

Documents
Web Applications Penetration Testingcs1160315/WebPenetration... · 2018. 3. 3. · Penetration testing typically includes network penetration testing and application security testing

Web Applications Penetration Testingcs1160315/WebPenetration... · 2018. 3. 3. · Penetration testing typically includes network penetration testing and application security testing

Documents
INFORMATION SHEET PENETRATION TESTING...Vulnerability scanning VS penetration testing Penetration testing distinguishes itself from general vulnerability scanning but the two phrases

INFORMATION SHEET PENETRATION TESTING...Vulnerability scanning VS penetration testing Penetration testing distinguishes itself from general vulnerability scanning but the two phrases

Documents
Wireless Penetration Testing

Wireless Penetration Testing

Documents