Standard e best practice per il penetration testing: tutto quello che devi sapere per proteggere la tua azienda

Estimated reading time: 5 minutes Il penetration testing è una pratica fondamentale per garantire la sicurezza delle reti e dei sistemi informatici delle aziende. In un mondo sempre più interconnesso, gli attacchi informatici diventano sempre più frequenti e sofisticati, rendendo necessaria l'adozione di standard e best practice nel penetration testing. In questo articolo esploreremo i principali standard come l'OWASP e l'OSSTMM, e scopriremo le migliori pratiche per proteggere la tua azienda.

Indice

- Introduzione al penetration testing - Standard per il penetration testing - OWASP - OSSTMM - PTES - NIST SP 800-115 - Best practice per il penetration testing - Scoping - Pianificazione - Esecuzione - Reporting - Follow-up - Conclusioni e passi successivi

1. Introduzione al penetration testing

Il penetration testing, spesso abbreviato come "pen testing" o "pentesting", è il processo di valutazione della sicurezza di un sistema informatico, di una rete o di un'applicazione web attraverso l'imitazione di un attacco da parte di un malintenzionato. L'obiettivo del penetration testing è identificare eventuali vulnerabilità che potrebbero essere sfruttate da un attaccante per accedere a dati sensibili, manipolare sistemi o danneggiare infrastrutture. Il penetration testing è un componente critico di un approccio proattivo alla sicurezza informatica, consentendo alle organizzazioni di individuare e correggere le debolezze prima che possano essere sfruttate da attaccanti reali.

2. Standard per il penetration testing

Esistono diversi standard e framework per il penetration testing, ognuno con i propri obiettivi, metodologie e requisiti. In questa sezione esamineremo alcuni dei più noti e ampiamente adottati standard nel settore. 2.1. OWASP L'Open Web Application Security Project (OWASP) è una comunità globale di professionisti della sicurezza che lavorano insieme per migliorare la sicurezza delle applicazioni web. OWASP è noto per il suo "OWASP Top Ten Project", che elenca le dieci vulnerabilità più critiche delle applicazioni web. L'OWASP offre inoltre una serie di linee guida e strumenti per il penetration testing, tra cui l'OWASP Testing Guide, un documento completo che fornisce una metodologia dettagliata per il penetration testing delle applicazioni web. L'OWASP Testing Guide copre quattro fasi principali del processo di penetration testing: - fase di raccolta delle informazioni; - Fase di valutazione della vulnerabilità; - Fase di sfruttamento delle vulnerabilità; - Fase di reportistica. 2.2. OSSTMM L'Open Source Security Testing Methodology Manual (OSSTMM) è un framework di test di sicurezza completo e aperto sviluppato dall'Institute for Security and Open Methodologies (ISECOM). L'OSSTMM fornisce una metodologia strutturata per il penetration testing che si concentra sull'analisi della sicurezza delle operazioni, delle comunicazioni e dei controlli di sicurezza fisica. L'OSSTMM copre sei aree di sicurezza principali: - sicurezza fisica; - Sicurezza delle telecomunicazioni; - Sicurezza delle reti; - Sicurezza delle applicazioni; - Sicurezza delle operazioni di sicurezza; - Sicurezza del personale. 2.3. PTES Il Penetration Testing Execution Standard (PTES) è un framework di penetration testing creato da professionisti della sicurezza con l'obiettivo di fornire linee guida e standard per l'esecuzione di test di sicurezza. Il PTES si concentra sull'intero ciclo di vita del penetration testing, dalla pianificazione e la raccolta delle informazioni fino alla reportistica e all'analisi post-test. Il PTES è suddiviso in sette fasi principali: - pre-engagement Interactions; - Intelligence Gathering; - Threat Modeling; - Vulnerability Analysis; - Exploitation; - Post Exploitation; - Reporting. 2.4. NIST SP 800-115 Lo Special Publication 800-115 (SP 800-115) del National Institute of Standards and Technology (NIST) è un documento che fornisce linee guida per il penetration testing delle reti e dei sistemi informatici. Il NIST SP 800-115 copre diversi aspetti del penetration testing, tra cui la pianificazione, l'esecuzione, l'analisi dei risultati e la reportistica. Le linee guida del NIST includono quattro fasi principali del processo di penetration testing: - pianificazione; - Scoperta; - Attacco; - Reportistica.

3. Best practice per il penetration testing

Oltre agli standard e ai framework specifici, ci sono alcune best practice che possono essere adottate per garantire che il penetration testing sia efficace e fornisca risultati utili per migliorare la sicurezza delle organizzazioni. 3.1. Scoping Il processo di definizione dell'ambito, o "scoping", è fondamentale per stabilire gli obiettivi, le tempistiche e le risorse necessarie per il penetration testing. Durante la fase di scoping, è importante identificare gli asset critici dell'organizzazione e definire l'ambito del test in base a questi asset. Inoltre, è necessario stabilire chiaramente le modalità di comunicazione e le procedure di escalation per eventuali problemi riscontrati durante il test. 3.2. Pianificazione Una pianificazione accurata è essenziale per garantire che il penetration testing sia eseguito in modo efficiente e sistematico. Durante la fase di pianificazione, è importante definire le metodologie e gli strumenti che verranno utilizzati nel processo di test, oltre a stabilire le tempistiche e le milestone per le varie fasi del test. 3.3. Esecuzione L'esecuzione del penetration testing deve essere svolta seguendo le metodologie e gli strumenti stabiliti nella fase di pianificazione. Durante l'esecuzione, i tester devono documentare tutti i risultati e le scoperte, in modo da poter essere analizzati e utilizzati per migliorare la sicurezza dell'organizzazione. 3.4. Reporting La reportistica è una componente cruciale del penetration testing, in quanto consente di comunicare i risultati e le scoperte ai responsabili della sicurezza e ai decisori aziendali. Il report deve essere chiaro, conciso e includere informazioni dettagliate sulle vulnerabilità identificate, l'impatto potenziale e le raccomandazioni per mitigare i rischi associati. 3.5. Follow-up Dopo aver completato il penetration testing e condiviso i risultati con le parti interessate, è essenziale effettuare un follow-up per garantire che tutte le raccomandazioni siano state implementate e che le vulnerabilità identificate siano state correttamente mitigate. Questo può includere test di verifica o ulteriori valutazioni di sicurezza per garantire che le misure di sicurezza siano efficaci.

4. Conclusioni e passi successivi

Il penetration testing è un elemento cruciale di un approccio proattivo alla sicurezza informatica e può aiutare le organizzazioni a identificare e correggere le vulnerabilità prima che possano essere sfruttate da attaccanti reali. Adottando standard come l'OWASP, l'OSSTMM o il NIST, le aziende possono garantire che il loro penetration testing sia basato sulle migliori pratiche e sugli standard di riferimento per la sicurezza informatica. L'OWASP offre una vasta gamma di strumenti e metodi per testare la sicurezza delle applicazioni web, mentre l'OSSTMM fornisce un approccio sistematico e rigoroso alla valutazione della sicurezza. Il NIST (National Institute of Standards and Technology) è invece un organismo governativo degli Stati Uniti che fornisce linee guida e standard per la sicurezza informatica, incluso il Framework per il miglioramento della sicurezza delle infrastrutture critiche (CSF). L'adozione di questi standard può aiutare le organizzazioni a condurre un penetration testing completo e accurato, identificando le vulnerabilità e mitigando le minacce prima che possano essere sfruttate da attaccanti reali. - Sicurezza delle reti informatiche: PT vs. VA - SOAR e l'automazione della sicurezza informatica Read the full article

Hands-On Ethical Hacking and Network Defense 3rd Edition PDF ‎ ISBN-13 ‏ : ‎ 978-1285454610   About the Author Michael T. Simpson is president/senior consultant of MTS Consulting, Inc., a firm specializing in network security and network design. His certifications include CEH, CISSP, Security+, OSSTMM Professional Security Tester (OPST), OSSTMM Professional Security Analyst (OPSA), ITIL, MCSE, MCDBA, MCSD, MCT, and OCP. He also holds an M.B.A. from M.B.A. Chaminade University and has authored or co-authored eight books. Mike has more than 30 years of industry experience, including 20 years with the U.S. Department of Defense, where he designed and configured computer networks, served as an Oracle database and UNIX administrator, and held multiple cyber security positions. Nicholas Antill is a seasoned information security professional with over 10 years of specialized cyber security experience. He specializes in penetration testing, proactive security controls, and network defense. In addition to earning a B.S. from the University of Pittsburgh and an M.S. from Capella University, he holds many industry certifications, including the OSCP, GWAPT, GPEN, GCIH, CISA, CISSP, and GCFE. Nicholas started his career at a small grocery chain in Pittsburgh, where he developed a fascination with network attack and defense techniques. He worked in support of the U.S. Department of Justice and the U.S. Department of Defense before returning to the private sector, where he currently manages the ethical hacking program at a large U.S. financial institution. Product details Publisher ‏ : ‎ Cengage Learning; 3rd edition (October 7, 2016) Language ‏ : ‎ English Paperback ‏ : ‎ 512 pages ISBN-10 ‏ : ‎ 1285454618

Así va mi mañana... |￣￣￣￣￣￣￣￣￣￣￣|               Hackers        You’re all awesome |＿＿＿＿＿＿＿＿＿＿＿|                 \ (•◡•) /                   \       /                     ---                     |   | . . . #pentester #vulnerabilityassessment #HackingTools #Pentest #Pentesting #VulnerabilityAssessment #EthicalHacking #InfoSec #CyberSecurity #EthicalHacker #ceh #diabetichacker #darkdevil #hacker #hacking #whitehat #greyhat #blackhat #owasp #osstmm #issaf #ptes https://www.instagram.com/p/B8ecAinlrYl/?igshid=1uyyz6om9e5lk

A penetration testing or pen test is a technique to identify security vulnerabilities in your information asset. The activity is performed by an authorized ethical hacker based on industry security standards such as OWASP, PTES, OSSTMM, CWE, SANS or similar standards. The penetration testing assessments are useful in evaluating the overall system security and efficiency of defensive mechanisms.

Blacklock provides On Demand Penetration Testing as a Service (PTaaS) that specialises in web application and network penetration testing. Blacklock allows the customer to initiate a penetration test anytime, anywhere and delivers the result in a single platform.

Customers can find Blacklock on the web at blacklock.io, AWS Marketplace and social platforms including LinkedIn, Twitter, and YouTube.

[100% OFF] Ethical Hacking : Become a Cyber Security Expert (2020) What you Will learn ? How to carry out a complete penetration test Pentesting Methodologies, OSSTMM, NIST and OWASP…

Sızma Testi Nedir?

Sızma Testi Nedir?

Sızma testleri penetrasyon (penetration) testleri olarak ta isimlendirilir. Bilgi güvenliğinin çok önemli hale geldiği günümüzde sızma testleri, en küçük KOBİ'den en büyük işletmeye kadar çok kritik öneme sahiptir. Bir firmanın en önemli varlığı bilgidir. Bilgi hırsızlığı, bilgi kaybı ve hizmet aksamasının önüne geçmenin en iyi yolu sızma testleri ile firmamızın ağ ve sitemindeki zayıflıkların ortaya konmasıdır. Günümüzde kötü niyetli bilgisayar korsanlarının yaptığı siber saldırılar artan bir ivmeyle devam ediyor. Kimi zaman hayati öneme sahip verilerinizi şifreleyip sizden fidye istiyorlar, kimi zaman da sisteminizin ve web sitelerinizin hizmet vermesini engelliyorlar. Bir otelin bilgisayar sistemine fidye yazılımı bulaştıran siber korsanlar bu saldırı ile otelin müşteri kabul edememesi veya çıkış yapacak müşterilerinin işlemlerini yapamamasına yol açıyor. Bu verdiğimiz örnek ülkemizde son yıllarda yaşanan gerçek olaylardan sadece biri. Firmaların bilişim alt yapılarının ve sistemlerinin güvenlik açıklarının tespit ve analiz edilmesi için ilgili firmanın talebi ve onayı ile gerçekleştirilen testlere sızma testi (penetrasyon testi) denir. Bu testlerin yapılması sayesinde bir firmanın ağ ve sistem alt yapısındaki açıklar ve zafiyetler (vulnerability) önceden tespit edilerek kötü niyetli bilgisayar korsanlarının veya firma içindeki gayri memnun bir çalışanın bu sistemlere zarar vermesi engellenmiş olur. Artık ülkemizde belirli kuruluşların sızma testlerini yaptırması yasal bir zorunluluk olmuş bunun sonucunda da lisanslı ve yetkin sızma testi uzmanı ihtiyacı ortaya çıkmıştır.

Sızma Testi Çeşitleri

Sızma testleri yapılırken test edilen sistem hakkında farklı bilgi seviyeleri edinilmiş olabilir. Sistem hakkında elde ettiğimiz bilgiye göre sızma testleri beyaz, siyah ve gri kutu testleri olmak üzere üç çeşittir. Beyaz Kutu(White Box): Testi yapılacak ağ ve sistem alt yapısı ile ilgili tüm bilgiler testi yapacak kişiye verilir. Sistem hakkında ne kadar çok bilgi sahibi olursak sistemde bulacağımız zafiyetler o kadar fazla olur. Siyah Kutu(Black Box): Testi yapılacak ağ ve sistem alt yapısı ile ilgili hiç bir bilgi testi yapacak kişiye verilmez. Böylelikle gerçek bir saldırı simüle edilmiş, kötü niyetli bir bilgisayar korsanının verebileceği hasar ortaya konmuş olur. Gri Kutu(Gray Box): Testi yapılacak ağ ve sistem alt yapısı ile ilgili bazı bilgiler testi yapacak kişiye verilir. Bu şekilde genelde şirket içinden yetkisiz kişilerin verebileceği zararlar ortaya konmuş olur.

Sızma Testi Türleri

Sızma testleri, test edilen ortama göre farklılık göstermektedir. Bunun yanında belirli bir alanda uzmanlaşma gerekliliği bu ayrımı ortaya çıkarmıştır. Sızma testi türleri şu şekilde sıralanabilir; • Ağ sızma testleri • Mobil uygulama sızma testleri • Web uygulamaları ve veri tabanı sızma testleri • Kablosuz ağ sızma testleri • Scada ve gömülü sistemler sızma testleri • Hizmet aksatma (DDOS) saldırı testleri • Sosyal mühendislik sızma testleri

Sızma Testi Aşamaları

Sızma testi aşamalarını temelde planlama, bilgi toplama, tarama ve keşif, zafiyetleri bulup sızma, sızma sonrası işlemler ve raporlama olarak 6 ana başlıkta toplayabiliriz. Planlama: Test yapılmadan önce testi talep eden firma ile testin çeşidini, sızılacak sistemleri, testin yapılacağı tarih ve saati, testi yapacak kişiyi vb. bilgilerin belirlendiği ön aşamadır. Bilgi toplama: Yapılacak testin çeşidine göre hedef sistem hakkında aktif ve pasif kaynaklardan bilgi toplama aşamasıdır. Ağ ve sistem alt yapısını fiziksel olarak geçmek mümkün olmadığında şirket çalışanları hakkında bilgi toplayıp, sosyal mühendislik saldırıları ile sisteme erişmek mümkün olabilir. Tarama ve keşif: Ağ ve sistem alt yapısındaki cihazları, açık portlarını, çalışan servislerin tesbit edildiği aşamadır. Zafiyetleri bulup sızma: Zafiyetleri sömürerek (Exploitation) sistemde verilebilecek tüm zararlı ortaya koyma aşamasıdır. Sızma sonrası işlemler: Sisteme sızdıktan sonra sistemde kalıcı hale gelme, yetkileri yükseltip farklı felaket senaryolarını ortaya koyma ve son olarak bıraktığımız izlerin temizlenmesi aşamasıdır. Raporlama: Yapılan tüm işlemlerin belirli bir formatta yazılıp testi talep eden firmaya sunma aşamasıdır.

Sızma Testinde Kullanılan Yöntemler

Sızma testleri yapılırken farklı yöntemler (metadolojiler) kullanılır. Bunlar; 1. OSSTMM(Open Source Security Testing Methodology Manual-Açık Kaynak Güvenlik Testi Metodolojisi El Kitabı ) : (http://www.Isecom.org/research/osstmm.html) tanınmış bir uluslararası standarttır. Pete Herzog tarafından hazırlanmış ve güvenlik testi ve analizi için ISECOM tarafından geliştirilmiştir. Birçok organizasyon tarafından günlük değerlendirme döngüsünde kullanılmaktadır. Bu metodoloji dört ana gruba ayrılmıştır ;kapsam, kanal, dizin ve vektör. 2. ISSAF(Information Systems Security Assessment Framework-Bilgi Sistemleri Güvenlik Değerlendirme Çerçevesi ): (www.oissg.org/issaf) başka bir açık kaynak güvenlik test ve analiz çerçevesidir. Bu çerçeve, güvenliğe hitap etmek için çeşitli alanlara ayrılmıştır. Bu alanların her biri, bir alanın farklı bölümlerini değerlendirir. Hedef sistemin güvenliğini sağlamak ve başarılı bir güvenlik sağlamak için gerekli kaynakları sağlamaktadır. 3.WASC-TC(Web Application Security Consortium Threat Classifcation -Web Uygulaması Güvenlik Konsorsiyumu Tehdit Sınıflandırması ) : Web Uygulamalarının güvenlik risklerini belirleme gelişmenin yaşam döngüsü boyunca takip edilebilir kapsamlı ve titiz test prosedürü gerektirir. WASC tehdit sınıflandırması, web uygulamalarının güvenliğini değerlendirmek için açık bir standarttır. 4. PTES(Penetration Testing Execution Standard- Penetrasyon Testi Yürütme Standardı) : Penetrasyon Testi Yürütme Standardı (PTES),Penetrasyon testinin yedi aşamasından oluşur ve etkili bir sonuç elde etmek için kullanılabilir. Metodolojinin ayrıntıları şu adresten bulunabilir: http://www.pentest-standard.org/index.php/Main_Page Read the full article

Kali Linux – Assuring Security by Penetration Testing

Kali Linux – Assuring Security by Penetration Testing: Master the art of penetration testing with Kali Linux Download Introduction Kali Linux is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying an appropriate testing methodology equipped with well-defined business objectives and a scheduled test plan will result in the robust penetration testing of your network. Kali Linux – Assuring Security by Penetration Testing is a fully focused, structured book that provides guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect realworld attack scenarios from your business perspective in today's digital age. This book reveals the industry's best approach for logical and systematic penetration testing process. This book starts with lab preparation and testing procedures, explaining the basic installation and configuration setup, discussing different types of penetration testing, uncovering open security testing methodologies, and proposing the Kali Linux specific testing process. We shall discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. We have also provided extra weaponry treasures and key resources that may be crucial to any professional penetration testers. This book will serve as a single professional, practical, and expert guide to develop necessary penetration testing skills from scratch. You will be trained to make the best use of Kali Linux either in a real-world environment or in an experimental test bed. What this book covers  Chapter 1, Beginning with Kali Linux, introduces you to Kali Linux, a Live DVD Linux distribution specially developed to help in the penetration testing process. You will learn a brief history of Kali Linux and several categories of tools that Kali Linux has. Next, you will also learn how to get, use, configure, and update Kali Linux as well as how to configure several important network services (HTTP, MySQL, and SSH) in Kali Linux. You will also learn how to install and configure a vulnerable virtual machine image for your testing environment and several ways that can be used to install additional tools in Kali Linux. Chapter 2, Penetration Testing Methodology, discusses the basic concepts, rules, practices, methods, and procedures that constitute a defined process for a penetration testing program. You will learn about making a clear distinction between two well-known types of penetration testing, black box and white box. The differences between vulnerability assessment and penetration testing will also be analyzed. You will also learn about several security testing methodologies and their core business functions, features, and benefits. These include OSSTMM, ISSAF, OWASP, and WASC-TC. Thereafter, you will learn about a general penetration Kali Linux testing process incorporated with 10 consecutive steps to conduct a penetration testing assignment from an ethical standpoint. Chapter 3, Target Scoping, covers a scope process to provide necessary guidelines on normalizing the test requirements. A scope process will introduce and describe each factor that builds a practical roadmap towards test execution. This process integrates several key elements, such as gathering client requirements, preparing a test plan, profiling test boundaries, defining business objectives, and project management and scheduling. You will learn to acquire and manage the information about the target's test environment. Chapter 4, Information Gathering, introduces you to the information gathering phase. You will learn how to use public resources to collect information about the target environment. Next, you learn how to analyze DNS information and collect network routing information. Finally, you will learn how to utilize search engines to get information of the target domain, e-mail addresses, and document metadata from the target environment. Chapter 5, Target Discovery, introduces you to the target discovery process. You will learn the purpose of target discovery and the tools that can be used to identify target machines. At the end of this chapter, you will also learn about the tools that can be used to perform OS fingerprinting on the target machines. Chapter 6, Enumerating Target, introduces you to target enumeration and its purpose. You will learn a brief theory on port scanning and several tools that can be used to do port scanning. You will also learn about various options available to be used by the Nmap port scanner tool. Also, you will learn about how to find SMB, SNMP, and VPN available in the target machine in the last part of the chapter. Chapter 7, Vulnerability Mapping, discusses two generic types of vulnerabilities: local and remote. You will get insights on vulnerability taxonomy, pointing to industry standards that can be used to classify any vulnerability according to its unifying commonality pattern. Additionally, you will learn a number of security tools that can assist you in finding and analyzing the security vulnerabilities present in a target environment. These include OpenVAS, Cisco, Fuzzing, SMB, SNMP, and web application analysis tools. Chapter 8, Social Engineering, covers some core principles and practices adopted by professional social engineers to manipulate humans into divulging information or performing an act. You will learn some of the basic psychological principles that formulate the goals and vision of a social engineer. You will also learn about the attack process and methods of social engineering followed by real-world examples. In the end, you will be given hands-on exercise using the social engineering tools that can assist you in evaluating the target's human infrastructure. Chapter 9, Target Exploitation, highlights the practices and tools that can be used to conduct a real-world exploitation. The chapter will explain what areas of vulnerability research are crucial in order to understand, examine, and test the vulnerability. Additionally, it will also point out several exploit repositories that should keep you informed about the publicly available exploits and when to use them. You will also learn to use one of the infamous exploitation toolkits from a target evaluation perspective. Moreover, you will discover the steps for writing a simple exploit module for the Metasploit framework. Chapter 10, Privilege Escalation, introduces you to privilege escalation as well as network sniffing and spoofing. You will learn how to escalate your gained privilege using a local exploit. You will also learn the tools required to attack a password via the offline or online technique. You will also learn about several tools that can be used to spoof the network traffic. In the last part of this chapter, you will discover several tools that can be used to do a network sniffing attack. Chapter 11, Maintaining Access, introduces you to the operating system and web backdoors. You will learn about several backdoors that are available and how to use them. You will also learn about several network tunneling tools that can be used to create covert communication between the attacker and the victim machine. Chapter 12, Documentation and Reporting, covers the penetration testing directives for documentation, report preparation, and presentation. These directives draw a systematic, structured, and consistent way to develop the test report. Furthermore, you will learn about the process of results verification, types of reports, presentation guidelines, and the post-testing procedures. Appendix A, Supplementary Tools, describes several additional tools that can be used for the penetration testing job. Appendix B, Key Resources, explains various key resources to help you become more skillful in the penetration testing field.. What you need for this book  All the necessary requirements for the installation, configuration, and use of Kali Linux have been discussed in Chapter 1, Beginning with Kali Linux. Who this book is for If you are an IT security professional or a network administrator who has a basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and you want to use Kali Linux for penetration testing, this book is for you Via TimoBook

Hola bb #pwnagotchi jajaja 😂 . _/﹋\_ (҂`_´) -''Let's Hacking'' <,︻╦╤─ ҉ - - - - _/\_ . . . #pentester #vulnerabilityassessment #HackingTools #Pentest #Pentesting #VulnerabilityAssessment #EthicalHacking #InfoSec #CyberSecurity #EthicalHacker #ceh #diabetichacker #darkdevil #hacker #hacking #whitehat #greyhat #blackhat #owasp #osstmm #issaf #ptes https://www.instagram.com/p/B4ohxTUgGQX/?igshid=1sfv9r7gsrjbu

1. There are THREE methods of evaluating risks, please STATE them and briefly de

1. There are THREE methods of evaluating risks, please STATE them and briefly describe each method giving pros and cons of each 

2. The Information Systems Security Assessment Framework is broken down into ‘Phases’. Please state the title of these Phases and describe what is required at each Phase

3. The Open Source Security Testing Methodology Manual (OSSTMM) is another framework broken into…

View On WordPress

I need answers for these question below.

1. There are THREE methods of evaluating risks, please STATE them and briefly describe each method giving pros and cons of each.2. The Information Systems Security Assessment Framework is broken down into ‘phases’.Please state the title of these Phases and describe what is required at each phase.3. The Open Source Security Testing Methodology Manual (OSSTMM) […]

The post I need answers for these question below. appeared first on Novelty Essays.

BSides Athens 2017 Wrap-Up

The second edition of BSides Athens was planned this Saturday. I already attended the first edition (my wrap-up is here) and I was happy to be accepted as a speaker for the second time!  This edition moved to a new location which was great. Good wireless, air conditioning and food. The day was based on three tracks: the first two for regular talks and the third one for the CTP and workshops. The “boss”, Grigorios Fragkos introduced the 2nd edition. This one gave more attention to a charity program called “the smile of the child” which helps Greek kids to remain in touch with the new technologies. A specific project is called “ODYSSEAS” and is based on a truck that travels across Greek to educate kids to technologies like mobile phones, social networks, … The BSides Athens donated to this project. A very nice initiative that was presented by Stefanos Alevizos who received a slot of a few minutes to describe the program (content in Greek only).

The keynote was assigned to Dave Lewis who presented “The Unbearable Lightness of Failure”. The main fact explained by Dave is that we fail but…we learn from our mistakes! In other words, “failure is an acceptable teaching tool“. The keynote was based on many facts like signs. We receive signs everywhere and we must understand how to interpret them or the famous Friedrich Nietzsche’s quote: “That which does not kill us makes us stronger“. We are facing failures all the time. The last good example is the Wannacry bad story which should never happen but… You know the story! Another important message is that we don’t have to be afraid t fail. We also have to share as much as possible not only good stories but also bad stories. Sharing is a key! Participate in blogs, social networks, podcasts. Break out of your silo! Dave is a renowned speaker and delivered a really good keynote!

Then talks were split across the two main rooms. For the first one, I decided to attend the Thanissis Diogos’s presentation about “Operation Grand Mars“. In January 20167, Trustwave published an article which described this attack. Thanassis came back on this story with more details. After a quick recap about what is incident management, he reviewed all the fact related to the operation and gave some tips to improve abnormal activities on your network. It started with an alert generated by a workstation and, three days later, the same message came from a domain controller. Definitively not good! The entry point was infected via a malicious Word document / Javascript. Then a payload was download from Google docs which is, for most of our organization, a trustworthy service. Then he explained how persistence was achieved (via autorun, scheduled tasks) and also lateral movements. The pass-the-hash attack was used. Another tip from Thanissis: if you see local admin accounts used for network logon, this is definitively suspicious! Good review of the attack with some good tips for blue teams.

My next choice was to move to the second track to follow Konstantinos Kosmidis‘s talk about machine learning (a hot topic today in many conferences!). I’m not a big fan of these technologies but I was interested in the abstract. The talk was a classic one: after an introduction to machine learning (that we already use every day with technologies like the Google face recognition, self-driving card or voice-recognition), why not apply this technique to malware detection. The goal is to: detect, classify but, more important, to improve the algorithm! After reviewing some pro & con, Konstantinos explained the technique he used in his research to convert malware samples into images. But, more interesting, he explained a technique based on steganography to attack this algorithm. The speaker was a little bit stressed but the idea looks interesting. If you’re interested, have a look at his Github repository.

Back to the first track to follow Professor Andrew Blyth with “The Role of Professionalism and Standards in Penetration Testing“. The penetration testing landscape changed considerably in the last years. We switched to script kiddies search for juicy vulnerabilities to professional services. The problem is that today some pentest projects are required not to detect security issues and improve but just for … compliance requirements. You know the “checked-case” syndrome. Also, the business evolves and is requesting more insurance. The coming GDP European regulation will increase the demand in penetration tests.  But, a real pentest is not a Nessus scan with a new logo as explained Andrew! We need professionalism. In the second part of the talk, Andrew reviewed some standards that involve pentests: iCAST, CBEST, PCI, OWASP, OSSTMM.

After a nice lunch with Greek food, back to talks with the one of Andreas Ntakas and Emmanouil Gavriil about “Detecting and Deceiving the Unknown with Illicium”. They are working for one of the sponsors and presented the tool developed by their company: Illicium. After the introduction, my feeling was that it’s a new honeypot with extended features.  Not only, they are interesting stuff but, IMHO, it was a commercial presentation. I’d expect a demo. Also, the tool looks nice but is dedicated to organization that already reached a mature security level. Indeed, before defeating the attacker, the first step is to properly implement basic controls like… patching! What some organizations still don’t do today!

The next presentation was “I Thought I Saw a |-|4><0.-” by Thomas V. Fisher.  Many interesting tips were provided by Thomas like:

Understand and define “normal” activities on your network to better detect what is “abnormal”.

Log everything!

Know your business

Keep in mind that the classic cyber kill-chain is not always followed by attackers (they don’t follow rules)

The danger is to try to detect malicious stuff based on… assumptions!

The model presented by Thomas was based on 4 A’s: Assess, Analyze, Articulate and Adapt! A very nice talk with plenty of tips!

The next slot was assigned to Ioannis Stais who presented his framework called LightBulb. The idea is to build a framework to help in bypassing common WAF’s (web application firewalls). Ioannis explained first how common WAF’s are working and why they could be bypassed. Instead of testing all possible combinations (brute-force), LightBuld relies on the following process:

Formalize the knowledge in code injection attacks variations.

Expand the knowledge

Cross check for vulnerabilities

Note that LightBulb is available also as a BurpSuipe extension! The code is available here.

Then, Anna Stylianou presented “Car hacking – a real security threat or a media hype?“. The last events that I attended also had a talk about cars but they focused more on abusing the remote control to open doors. Today, it focuses on ECU (“Engine Control Unit”) that are present in modern cars. Today a car might have >100 ECU’s and >100 millions lines of code which means a great attack surface! They are many tools available to attack a car via its CAN bus, even the Metasploit framework can be used to pentest cars today! The talk was not dedicated to a specific attack or tools but was more a recap of the risks that cars manufacturers are facing today. Indeed, threats changed:

theft from the car (breaking a window)

theft of the cat

but today: theft the use of the car (ransomware)

Some infosec gurus also predict that autonomous cars will be used as lethal weapons! As cars can be seen as computers on wheels, the potential attacks are the same: spoofing, tampering, repudiation, disclosure, DoS or privilege escalation issues.

The next slot was assigned to me. I presented “Unity Makes Strength” and explained how to improve interconnections between our security tools/applications. The last talk was performed by Theo Papadopoulos: A “Shortcut” to Red Teaming. He explained how .LNK files can be a nice way to compromize your victim’s computer. I like the “love equation”: Word + Powershell = Love. Step by step, Theo explained how to build a malicious document with a link file, how to avoid mistakes and how to increase chances to get the victim infected. I like the persistence method based on assigning a popular hot-key (like CTRL-V) to shortcut on the desktop. Windows will trigger the malicious script attached to the shortcut and them… execute it (in this case, paste the clipboard content). Evil!

The day ended with the CTF winners announce and many information about the next edition of BSides Athens. They already have plenty of ideas! It’s now time for some off-days across Greece with the family…

[The post BSides Athens 2017 Wrap-Up has been first published on /dev/random]

from Xavier

Ups 🙊 como cuando estás buscando algo y aparece un SQLi y no te puedes resistir.... solo como planteamiento de práctica y educación 😉.... jajaja 🤣 . _/﹋\_ (҂`_´) -''Let's Hacking'' <,︻╦╤─ ҉ - - - - _/\_ . . . #pentester #vulnerabilityassessment #HackingTools #Pentest #Pentesting #VulnerabilityAssessment #EthicalHacking #InfoSec #CyberSecurity #EthicalHacker #ceh #diabetichacker #darkdevil #hacker #hacking #whitehat #greyhat #blackhat #owasp #osstmm #issaf #ptes https://www.instagram.com/p/B0mCTG8Apwd/?igshid=q2bmxkxu6tmo

Otro día en el paraíso del #infosec y el #vulnerabilityassessment . |￣￣￣￣￣￣￣￣￣￣￣|               Hackers        You’re all awesome |＿＿＿＿＿＿＿＿＿＿＿|                 \ (•◡•) /                   \       /                     ---                     |   | . . . #pentester #vulnerabilityassessment #HackingTools #Pentest #Pentesting #VulnerabilityAssessment #EthicalHacking #InfoSec #CyberSecurity #EthicalHacker #ceh #diabetichacker #darkdevil #hacker #hacking #whitehat #greyhat #blackhat #owasp #osstmm #issaf #ptes https://www.instagram.com/p/BySouwigGt5/?igshid=d6gmjpvjhee1

Llego mi nuevo bebé… mi Alfa AWUS036AC… en mi revisión ya murieron dos de mis tarjetas con las que inicie el análisis de redes WiFi… ahora a probar qué tal trabaja este juguetito… 😷 🦠 👨🏻‍💻🏠👩🏻‍💻🦠 😷 _/﹋\_ (҂`_´) -''Let's Hacking'' <,︻╦╤─ ҉ - - - - _/\_ . . . #pentester #vulnerabilityassessment #HackingTools #Pentest #Pentesting #VulnerabilityAssessment #EthicalHacking #InfoSec #CyberSecurity #EthicalHacker #ceh #diabetichacker #darkdevil #hacker #hacking #whitehat #greyhat #blackhat #owasp #osstmm #issaf #ptes https://www.instagram.com/p/CoJQtgYjIU_/?igshid=NGJjMDIxMWI=

Jugando ando y preparando ando… 😷🦠💉🖐😷 ________________________ < Jugando ando with kali...> ——————————————- \ ,__, \ (oo)____ (__) )\ ||--|| * #pentester #vulnerabilityassessment #HackingTools #Pentest #Pentesting #VulnerabilityAssessment #EthicalHacking #InfoSec #CyberSecurity #EthicalHacker #ceh #diabetichacker #darkdevil #hacker #hacking #whitehat #greyhat #blackhat #owasp #osstmm #issaf #ptes https://www.instagram.com/p/Cjiph24Aqot/?igshid=NGJjMDIxMWI=

Al fin termine… me costo muchísimo… mi mano derecha no me ayuda en nada 👎 duele a madres… a doparme y dormir 🛌 lo siento si alguien quiere salir por la mañana jajaja 😜 😷 🦠 👨🏻‍💻😈🕵🏻‍♂️🚀🦠 😷 |￣￣￣￣￣￣￣￣￣￣￣|               Hackers        We’re awesome Report time |＿＿＿＿＿＿＿＿＿＿＿|                 \ (•◡•) /                   \       /                     ---                     |   | . #ReportTime #Reporting #VAReport #EthicalHacking #InfoSec #CyberSecurity #EthicalHacker #ceh #diabetichacker #darkdevil #hacker #hacking #whitehat #greyhat #blackhat #owasp #osstmm #issaf #ptes https://www.instagram.com/p/CbzjfUGOTQJ/?utm_medium=tumblr