Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

S3SS10N Wednesday – How to Break into a Company from the Internet (part 1)


< Back to Blog Posts

S3SS10N Wednesday – How to Break into a Company from the Internet (part 1)

Published: May 11, 2016 | By: Tatianna | Views: 2689
save

What is S3SS10N Wednesday?

Click here to find out more, or watch the Session below to experience it.

 

You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free.

Join Now

Login

Instructor Bio-

Andrew McNicol
Andrew (@primalsec) is a Python junkie who is currently the lead for a web application penetration testing team and mentor for the SANS institute. Previously, he worked on an incident response team focusing on malware analysis and network forensics. He is always looking for new Python tricks or new ways to gain code execution on remote systems. He is one of the founders and lead authors of Primal Security Podcast, focusing on Python scripting, exploit development, and CLI Kung Fu. Andrew holds numerous technical security qualifications, most notably Offensive Security Certified Expert (OSCE), and Offensive Security Certified Professional (OSCP).

Don’t forget to comment!
Tell us what you think, and share your own knowledge.

Notes


Listen to / Download the MP3

 
Session Summary & Notes:
Risk analysis and penetration testing are the two phases involved in performing a security audit of an organization’s network and systems. The objective is to first get the lay of the land in order to enumerate the attack surfaces where potential vulnerabilities lie. The second phase then uses this intelligence in an attempt to exploit the discovered vulnerabilities. This second phase is what is known as external penetration testing.
Attackers with malicious intent–as well as good guys sometimes referred to as white hat hackers–use similar methodologies and tools in an attempt to exploit security vulnerabilities. The primary difference is one of intent. The bad guys are looking for opportunities to either cause mischief or achieve financial gain from their actions whereas the white hatters are highly-skilled professionals hired by an organization to audit technology environments for security vulnerabilities. The focus of this video is on the disciplined approach taken by IT security professional s using well-defined methodologies in order to carry out vulnerability assessments and penetration testing.

The goal of external penetration testing is to identify risks, which begins with information gathering during the assessment phase. Before beginning, it’s vital to understand precisely what the customer is attempting to accomplish with a security audit. Is their need compliance-driven or do they simply require a general vulnerability assessment? In addition, the penetration tester must also be clear on what can be tested and when it can be tested. Bringing down critical systems or infrastructure during peak business hours probably won’t go over too well with the customer. The cardinal rule of external penetration testing is do no harm! By understanding the need upfront, a more tailored approach can then be crafted for the customer.

Penetration testing methodologies consist of repeatable processes that are typically governed by industry standards. The OWASP Testing Guide is an example of one such standard. Utilizing a safe environment provides isolation from production equipment and systems. Virtual Machines (VMs) as well as online lab challenges can be probed for vulnerabilities separately from a customer’s production environment. The first step in a disciplined approach is to examine the externally-facing communication channels on the customer’s network along with publicly available information about the organization.

Information about the technologies and systems in use is then expanded to enumerate IP address ranges on the network along with the enumeration of domains and subdomains connected to the WWW. This information can in turn be used with port-scanning tools and spiders to crawl linked content. Sitemaps and a list of open ports and services associated with them is a treasure trove of potentially vulnerable attack vectors.

Extracting the technology stack for a network is another piece of the vulnerability puzzle. Knowing that systems on a network are running ruby scripts or using a MySQL database on the backend of web apps provides deeper insight into the technology environment and yields more potential vulnerabilities to probe during the external penetration testing phase.

Finally, perhaps the most vulnerable element in any organization is the human one. Knowing something about the users on the network sets the stage for social engineering and phishing attacks to obtain login credentials. By identifying the attack surface, the stage is then set for drilling down into the technologies within an environment in order to obtain a list of injection points that can then be probed using automated penetration testing tools.

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
19 Comments
  1. Great video.
    I could not understand very well the names of the TechStack tools?
    Can someone write them down?

  2. Very interesting

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel