Professional Documents
Culture Documents
Test To Evaluate:: Strengths of All Security Controls Procedurals Operational Technological
Test To Evaluate:: Strengths of All Security Controls Procedurals Operational Technological
Test to evaluate:
Benefits:
Security of network
Discovery of Vulnerabilities
Demonstration of Threats
Overview
Scope:
Scale:
Security of network
Methodology
Footprinting whois, nslookup
TCP/UDP
Techniques Ping sweep OS detection
port scan
File share
Password Password Buffer
Techniques brute
eavesdropping file grab overflow
forcing
Lc_messages,
John the ripper
Tools Getadmin,
L0phtcrack
sechole
Pilfering
Footprinting
Scanning
Enumeration
Gather info to allow access of
Gaining Access trusted systems
Escalating Privilege
Pilfering
Covering Tracks
Creating Back Doors
Pilfering
Pilfering
User data,
rhosts
Tools Configuration files
LSA secrets
Registry
Covering Tracks
Footprinting
Scanning
Enumeration Once total ownership of the
target is secured, hiding this
Gaining Access fact from system administrators
Escalating Privilege become paramount, lest they
Pilfering quickly end the romp
Covering Tracks
Creating Back Doors
Covering Tracks
Covering Tracks
Rootkits
Tools Zap, Event Log GUI
file streaming
Creating Back Doors
Footprinting
Scanning
Enumeration Trap doors will be laid in various
parts of the system to ensure
Gaining Access that privilege access is easily
Escalating Privilege regained whenever the intruder
Pilfering decides
Covering Tracks
Creating Back Doors
Creating Back Doors
Creating Back Doors
A permanent foothold
The attack:
How can I
The exploit: scam you
today?
Help desks often do not require
adequate authentication
Impersonation: Third-Party Authorization
The attack:
Access to assets
Verification codes
The exploit:
The attack:
Full name and
account
Attacker pretends to be tech
password support for the company and
Please. obtains user credentials for
troubleshooting purposes
The exploit:
The exploit:
The exploit:
The exploit:
The attack:
Examples
Attacker sends mail that asks Fake sweepstakes
for personal information
Free offers
The attack:
The defense:
The attack:
Examples:
Begins by requesting
basic information
16.7%
Software