Penetration Testing LAB NMAP PING-Scan considered host up
Normal User: host accepts or refuses (TCP rst) a connection Root and host in same network: host answers an ARP request normal user and host in diff network: host answers to icmp echo request host replies to tcp ack on port 80 host replies to tcp syn on port 443 root and host in diff network
Penetration Testing 3 Goals explain the activities of threat modeling, vulnerability analysis, exploitation and post exploitations discuss the main challanages in these phases and what methods or tools could be use discuss several reasson why vulnerability scanners might not work perfectly (false positives / false negatives) know the architecture and main features of the Metasploit framework and you can use it for vulnerability testing and exploitation tasks Threat modeling (when building software or systems)
Threat Landscape collection of threats threat actors observed trends tracking the threat landscape know the threat agents and their capabilities know used weapons and tatics know exising threats know most relevant threats know emerging threats and actors Why? know your enemy - prepare for current and emerging threats
provides motivation for investments in security controls
Definition by ENISA1 The ENISA Threat Landscape provides an overview of threats, together with current and emerging trends.
#Securing Information Systems
ISMS ISO/IEC 27000 family NIST Risk Management Framework BSI 2000 family An ISMS is a systemic approach to managing information so that it remains secure. (It’s not an application) It includes people, processes and IT systems by applying risk mgmt processes. Information security risk is managed and kept at an acceptable leve by designing, implementing and maintaining a coherent set of security controls. our focus: Security controls Security Controls are safeguards or countermeasures to avoid, detect counteract, or minimize security risks to physical property, information, computer systems, or other assets.
Penetration Testing Goals name six different testing methods and discuss which method is best when given the task of doing a security test be able to explain penetration testing name at least two standards providing guidance on how to do penetration testing explain the role and important parameters (scope, rules of engagement, test method) of the pre-engagement phase Reasons Why do we want to test? What’s our goal?
Find and fix vulnerabilities?
Exploits Definition Is a piece of software, chunk of data, sequence of commands that take advantage of a vulnerability in an system
Classification Often classified by their action
Unauthorized data access arbitrary code execution denial of service privilege escalation Characterization local exploit remote exploit client-side exploit
often requires some user action
drive by attacks trigger fore example by malicious website server side exploit 0-day exploit Stack Layout CPU Registers esp stack pointer
Introduction ISMS information security management system Security Controls safeguards or countermeasures Type of controls preventiv detective corrective ISO 27K -> 93 security controls ISO 27002:2022 implementation guidance
CIS controls (Critical Security Controls) 18 controls dealing with the most relevant threats