SlideShare a Scribd company logo

Penetration Testing Services Technical Description Cyber51

M
martinvoelk

This document describes the methodology for conducting network penetration tests and web application penetration tests. For network penetration tests, it involves footprinting, scanning and enumeration, vulnerability analysis, exploitation, and reporting. The goal is to identify security vulnerabilities in the network that could be exploited by hackers. For web application tests, it analyzes the application's configuration, authentication, session management, authorization, data validation, web services, and produces a report of findings and recommendations. The overall goal is to evaluate the security of networks and web applications and provide remedies to identified vulnerabilities.

1 of 18
Downloaded 31 times
Security Services Description
Table of Contents NETWORK PENETRATION TEST ...................................................................................................... 3 WHY? ................................................................................................................................................................. 3 METHODOLOGY ................................................................................................................................................ 3 Footprinting / Network Mapping ............................................................................................................3 Scanning and enumeration.........................................................................................................................4 Vulnerability Analysis....................................................................................................................................7 Exploitation ........................................................................................................................................................8 Reporting.............................................................................................................................................................9 WEB APPLICATION PENETRATION TEST..................................................................................... 9 WHY? ................................................................................................................................................................ 9 METHODOLOGY ...........................................................................................................................................10 Configuration Management Analysis .................................................................................................. 10 Analysis of Authentication ....................................................................................................................... 11 Session Management Analysis ................................................................................................................ 11 Analysis of Authorization ......................................................................................................................... 12 Data Validation Analysis........................................................................................................................... 12 Analysis of Web Services ........................................................................................................................... 13 Reporting.......................................................................................................................................................... 13 APPENDIX A: TYPES OF PENETRATION TESTS……………………………………………………...……….15 Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Network Penetration Test Why? Individuals and businesses enjoy and rely on modern communication methods, collaboration services and benefit from new opportunities the Internet age has created. However, Cyber Crime is on the rise too and has led governments to form complete new authorities to tackle Cyber Warfare and malicious activity. We at Cyber 51 play our part in making the Internet and modern communications a more secure space. Hackers attack both private and corporate systems on a daily basis. The attacker can be stationed anywhere in the world and needs just internet access and the appropriate tools. The threat is real and it happens thousands of times a day. Many attacks take place undetected and result in the theft and destruction of valuable data. The solution: Penetration Tests and Network Security Audits. Cyber 51 will, with the legal permission of the network owner, attack customer systems in the same way as a Hacker. In doing so, Cyber 51 is able to expose security holes in the system. The benefit: The customer is made aware of the Security holes that exist and could be exploited by a hacker with malicious intent to gain unauthorized access to the customer network. In addition, Cyber 51 will prepare a plan of action and, if the customer wishes, implement the closure of these holes. Methodology Footprinting / Network Mapping The process of footprinting is a completely non‐intrusive activity performed in order to get the maximum possible information available about the target organization and its systems using various means, both technical as well as non‐technical. This involves searching the internet, querying various public repositories (whois databases, domain registrars, Usenet groups, mailing lists, etc.). Also, our Security Testing Consultants will look to obtain as much detail as possible of the current topology and network profile. This can consist of information around IP addressing, gathering public domain information about the business, Ping sweeps, port scanning etc. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
This information is then compiled and subsequently analyzed for further areas of investigation.  Information Gathering o Expected results • Domain names • Servers names • IP addresses • Network Topology • Information about ISP • Internet presence • Company Profile o Tasks: • Examine and gather information about domain registries. • Find IP addresses Blocks • Names and locations of DNS servers • Use of multiple traces in order to identify systems and devices between. • Identify email addresses related to the company. • Identify newsgroups, Forums and boards where information related to the company is located. • Examine web pages and scripts source codes • Examine email headers Scanning and enumeration The scanning and enumeration phase will comprise of identifying live systems, open / filtered ports found, services running on these ports, Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
mapping router / firewall rules, identifying the operating system details, network path discovery, etc. This phase involves a lot of active probing of the target systems. After successfully identifying the open ports, services behind them will be fingerprinted, either manually or by using readily available tools. Then, the penetration tester will confirm the exact name and version of the services running on the target system and the underlying Operating System before including the same in the final report.  Services identification on systems o Expected Results • Ports open, closed and filtered • IP addresses of live systems • IP addresses of internal networks • Asset Services • Map the Network • List tunneled and encapsulated protocols discovered • List supported routing protocols • Application type and patch level • Type of operating systems o Tasks • Collection of responses from network • Test TTL / firewalking firewall • Use ICMP and reverse lookup to determine the existence of machines on network • Use TCP fragments with FIN, NULL and XMAS on ports 21, 22,25,80 and 443 of the hosts found on the network • Use TCP SYN on ports 21, 22, 25.80 and 443 of the hosts found on the network. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
• Attempt connections on DNS servers • Use TCP SYN (half open) to list ports that are closed or open filtered all hosts on the network found • Use TCP fragments to ports and services available in the host • Use UDP packets to list all open ports found on the network host • Try to identify the Standard protocols • Try to identify non-standard protocols • Try to identify encrypted protocols • Identify date, time and System Up-Time • Identify the predictability of TCP sequence numbers • Identify the predictability of TCP sequence number ISN  Service identification: o Expected Results • Type of services • Application version and type that offers the service o Tasks • Match each open port with its corresponding service • Identify the Server Up-Time and patches applied • Identify the application that provides the service through the use of fingerprinting and banners • Identify the version of the application • Use UDP based services and Trojans attempt to make connections to the services found  System Identification: Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
o Expected Results • Type of operating system • Patch Level • Type of system • Enumeration System o Tasks • Examine system responses to determine your operating system • Check the prediction of TCP sequence numbers Vulnerability Analysis After successfully identifying the target systems and gathering the required details from the above phases, a penetration tester will try to find any possible vulnerabilities existing in each target system. During this phase a penetration tester will use automated tools to scan the target systems for known vulnerabilities. These tools have their own databases consisting of latest vulnerabilities and their details. During this phase a penetration tester will also test the systems by supplying invalid inputs, random strings, etc., and check for any errors or unintended behaviours in the system output. By doing so there are many possibilities that the penetration tester may come across unidentified vulnerabilities. Penetration tester will not to rely only on automated tools for this activity  Vulnerability testing o Expected Results • Type of applications and services listed by vulnerability • Patch Level of systems and applications • List of vulnerabilities that can cause denial of service • List of areas secured by obscurity Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
o Tasks • Integrate the most popular scanners, hacking tools and exploits in this test • Measure the goal with these tools • Try to identify vulnerabilities in a system and application type d • Perform redundant testing with at least two of the most popular scanners • Identify the vulnerabilities of the operating system • Identify application vulnerabilities • Check the vulnerabilities found by using exploits Exploitation During this phase a penetration tester will try to find exploits for the various vulnerabilities found in the previous phase. Quite often, successful exploitation of vulnerability might not lead to root (administrative) access. In such a scenario additional steps need to be taken, further analysis is required to access the risk, that particular vulnerability may cause to the target system. Example attack scenarios in this phase include, but aren’t limited to;  buffer overflows  application or system configuration problems  modems  routing issues  DNS attacks  address spoofing  share access and exploitation of inherent system trust relationships. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Potential vulnerabilities will be systematically tested for weakness and overall risk. The strength of captured password files will be tested using password-cracking tools. Individual user account passwords may also be tested using dictionary-based, automated login scripts. In the event that an account is compromised, we will attempt to elevate privileges to that of super user, root, or administrator level. Our Security Consultants will maintain detailed records of all attempts to exploit vulnerabilities and activities conducted during the attack phase. Reporting The last phase in the entire activity is the reporting phase. This phase can occur in parallel to the other three stages or at the end of the Attack stage. The final report will be prepared keeping in mind both Management as well as Technical aspects, detailing all the findings with proper graphs, figures, etc. so as to convey a proper presentation of the vulnerabilities and it’s impact to the business of the target organization. An executive summary, describing in brief, the activities performed, findings, and high-level recommendations will be provided. Also detailed technical descriptions of the vulnerabilities and the recommendations to mitigate them will be documented in this report. All the security holes found and exploited will be accompanied with proper Proof‐of‐Concept by means of screenshots of the successful exploits, or any other such methods. This report will consist in an Executive report containing, without to be limited to: conclusions, recommendations, statistics, and hacking methodology brief, and a Technical Report containing without to be limited to: Information Gathering, Network Information, Analysis and Attack results of accomplished tasks. Web Application Penetration Test Why? Web applications have become increasingly vulnerable to different forms of hacker attacks. According to a Gartner Report, 75% of attacks today occur at the application level. A Forrester survey states that “people are now attacking through applications, because it’s easier Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
than through the network layer.” Despite common use of defenses such as firewalls and intrusion detection or prevention systems, hackers can access valuable proprietary and customer data, shutdown websites and servers and defraud businesses, as well as introduce serious legal liability without being stopped or, in many cases, even detected. To counter this problem, Cyber 51 Ltd. offers a comprehensive security risk assessment solution - Web Application Penetration Testing - to identify, analyze and report vulnerabilities in a given application. As part of this service, Cyber 51 Ltd. attempts to identify both inherent and potential security risks that might work as entry points for the hacker. We believe vulnerabilities could be present in a web application due to inadvertent flaws left behind during development, security issues in the underlying environment and misconfigurations in one or more components like database, web server etc. When conducting a Web Application Penetration Testing assignment, Cyber 51 Ltd. adopts a strong technology and process-based approach supported by a well-documented methodology to identify potential security flaws in the application and underlying environment. Adherence to industry standards such as OWASP, customized tests based on technology and business logic, skilled and certified security engineers, risk assessment on the vulnerabilities found, scoring system based on CVSS (Common Vulnerability Scoring System) make us different from the other vendors in this space. Customers would benefit from web application penetration testing on the application as it gives an in-depth analysis of your current security posture, recommendations for reducing exposure to currently identified vulnerabilities are highlighted and it allows the customer to make more informed decisions, enabling management of the company’s exposure to threats. The security assessment report submitted on completion of the engagement provides a detailed and prioritized mitigation plan to help customers in addressing security issues in a phased manner. Methodology Configuration Management Analysis The infrastructure used by the Web application will be evaluated from a security perspective. The tests to be performed are as follows: • TLS and SSL tests. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
• Security Testing over the listener of management system databases. • Testing the configuration of the infrastructure and its relationship with the Web application, vulnerability analysis, analysis of authentication mechanisms and identification of all the ports used by the Web application. • Testing the application settings, search through directories and regular files, comments from developers and the eventual acquisition and operational analysis of logs generated by the application. • Searching for old files, backups, logs of operations and other files used by the Web application. • Search and test management interfaces or web application related infrastructure. • Test various HTTP methods supported and the possibilities of XST (Cross-Site Tracing). Analysis of Authentication We will evaluate the various mechanisms and aspects of the web application authentication. The tests to be performed are as follows: • Credentials management • Enumeration of users and user accounts easily identifiable. • Proof of identification credentials brute force, based on information found or inferred. • Testing the authentication mechanisms looking for evasion • Logouts mechanisms and weaknesses associated with the Internet browser cache. • Strength tests over captchas and test multi-factor authentication. Session Management Analysis We will evaluate the different mechanisms and management aspects of web application sessions. The tests to be performed are as follows: Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
• Session management scheme will be tested. • CSRF (Cross-Site Request Forgery). • Test attributes Cookies. • Setting sessions. • Evidence of attributes exposed session and repetition. Analysis of Authorization We will evaluate the various mechanisms and aspects of web application authorization. The tests to be performed are as follows: • Privilege escalation. • "Path Traversal". • Evidence of evasion of clearance mechanisms. • Testing the "business logic" of the Web application, avoiding, altering, or cheating their relationships within the application. Data Validation Analysis We will evaluate the various repositories, access and protection mechanisms related to the validation of data used by the Web application. The tests to be performed are as follows: • Test various XSS (Cross Site Scripting) and "Cross Site Flashing." • SQL Injection tests. • LDAP injection tests. • Evidence of ORM injection. • XML Injection tests. • SSI injection testing. • Testing XPath Injection. • Injection Test IMAP / SMTP. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
• Evidence Code Injection. • Injection Test Operating System Commands. • Evidence of buffer overflow. • Evidence of Splitting / Smuggling of HTTP. • Evidence of evasion of clearance mechanisms. • Evidence of privilege escalation. Analysis of Web Services We will evaluate the web application services related to SOA (Service Oriented Architecture): The tests to be performed are as follows: • Security testing of WSDL. • Evidence of structural Security of XML. • Testing of security at XML content. • Test HTTP GET parameters / REST. • Tests with contaminated SOAP attachments. • Repeat testing of web services. • Testing AJAX Web application vulnerabilities regarding this technology. Reporting The last phase in the entire activity is the reporting phase. This phase can occur in parallel to the other three stages or at the end of the Attack stage. The final report will be prepared keeping in mind both Management as well as Technical aspects, detailing all the findings with proper graphs, figures, etc. so as to convey a proper presentation of the vulnerabilities and it’s impact to the business of the target organization. An executive summary, describing in brief, the activities performed, findings, and high level recommendations will be provided. Also detailed technical descriptions of the vulnerabilities and the recommendations to mitigate them will be documented in this report. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
All the security holes found and exploited will be accompanied with proper Proof‐of‐Concept by means of screenshots of the successful exploits, or any other such methods. This report will consist in an Executive report containing, without to be limited to: conclusions, recommendations, statistics, and hacking methodology brief, and a Technical Report containing without to be limited to: Information Gathering, Network Information, Analysis and Attack results of accomplished tasks. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Penetration Testing Any of our Penetration Tests can contain one or more modules as listed below. We will tailor any Penetration Test to your individual business needs. Internet Security Assessment Any device with access to the Internet is a potential open door to would-be hackers. We provide vulnerability assessments during which we closely map the network architecture, examine all open ports, hosts and services with access to the Web, and ensures that these network devices are secure. Defensive thinking gathers information such as domain names, IP network ranges, operating system and applications, to identify systems on the network, how they are related, the services that are exposed through open ports (such as http, SMTP, terminal services, etc.). Once open ports and attached services are identified, we determine whether each service has been updated with the most recent patches and identifies other vulnerabilities located within the exposed services. In addition to conducting vulnerability assessments, we perform more rigorous penetration tests in which the information gathered from the assessment is used to attempt to penetrate the network. This more thorough procedure can confirm whether potential vulnerabilities are, in fact, capable of being exploited to expose the network. Following all vulnerability assessments and penetration tests, we use the information we gather to prepare a thorough vulnerability analysis and offers recommendations for strengthening network security. Intranet Security Assessment While outside threats must be guarded against, business must also protect against potential threats from within their own networks. Using many of the same techniques and procedures for Internet Security Testing, we provide Intranet risk assessment and analysis to protect against the potential threat posed by insiders. Depending on the client’s needs, intranet testing can be performed by us under varying degrees of disclosure of network information from the client, for example with or without network accounts. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Dial-in RAS Security Assessment Dial-in links pose a potential threat to the integrity of the network security system. We examine dial-up connections that allow employees to access the network through public telephone lines or other dial-up connections. Given a range of telephone exchanges that may include modems, we can identify target numbers that allow for remote access. Using these numbers, we attempt to exploit vulnerabilities in the system and gain access to the network. We can also assess risks posed by the exposure of dial-up connections to the public telephone network which might undermine the client’s own internal security architecture. Web Application Assessment This assessment examines what services are being offered on Web- based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns. We can test these applications using either zero-knowledge testing or full- access testing to examine the full range of potential vulnerabilities. We also conduct source code audits to identify any potential vulnerability among the applications and scripts that are accessible through the Web. Wireless Assessment Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network. We evaluate how to prevent wireless communications from being exposed to eavesdropping and access by unauthorized intruders. Additionally, we examine the enterprise infrastructure for unencrypted or standard WEP enabled access points that may be vulnerable in order to ensure the security of the network. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Social Engineering Assessment Social engineering involves manipulating and/or deceiving company employees and other human resources to gain unauthorized access to a network or to confidential information. We are a premier consulting firm in our ability to identify weak links in the security chain through exploitation of human vulnerabilities. We leverage our unparalleled expertise in this field to expose what is often the weakest link in the information security apparatus: the human element. Once individual or systemic weaknesses are identified, we recommend procedures designed to ensure that employees do not divulge information that could compromise company assets. The social engineering assessment not only uses tactics intended to gain confidential information, but also to induce unsuspecting employees to create vulnerabilities that can subsequently be exploited to gain access to confidential information. Telecommunications Assessment We have unique experience testing vulnerabilities in private bank exchanges that operate company voicemail and messaging systems. Unauthorized access to these systems can allow an intruder to eavesdrop on and manipulate employee voicemail messages, initiate outgoing calls from internal company lines, and access corporate telephone networks and directories. Database Assessment Client lists, credit card records, and other confidential information held in databases must be given particular protection from unauthorized disclosure. We test database integrity to determine whether any vulnerability may compromise this sensitive information. Physical Security Assessment Access to confidential information can often be obtained by simply gaining physical access to company premises. We conducts on-site surveillance to assess physical security and uses social engineering, pass key duplication, and other techniques designed to gain physical entry into secure areas and the network system. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Forensic Analysis In addition to preventing future attacks, we can conduct forensic analysis to evaluate past security breaches. This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has been compromised, and mitigate potential damages from the intrusion. Intrusion Investigation We can investigate documented intrusion attempts in to your network and situations where data was actually compromised. Through investigation, you can find the source of the attack, the techniques used, and how to correct these flaws. While it is always best to stop attacks before they happen, it is important to investigate any possible compromise of your intellectual property. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: info@cyber51.co.uk
Ad

Recommended

Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning
Viren Rao
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
Anne Starr
 
SDN and Named Data Networking Security
SDN and Named Data Networking SecuritySDN and Named Data Networking Security
SDN and Named Data Networking Security
wolverinetyagi
 
Nachos Theoretical assigment 3
Nachos Theoretical assigment 3Nachos Theoretical assigment 3
Nachos Theoretical assigment 3
colli03
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheet
David Sweigert
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
guestd05b31
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012
Giuliano Tavaroli
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
leminhvuong
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Security
prachi67
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
phanleson
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocols
babak danyal
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
 
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC BerkeleyBarriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeley
joebeone
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
Andriy Berestovskyy
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowCeh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumeration
leminhvuong
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
chris zlatis
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniff
Kshitij Tayal
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
amiable_indian
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
vishalgohel12195
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
Joseph Bugeja
 
Password sniffing
Password sniffingPassword sniffing
Password sniffing
SRIMCA
 
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking Chapter 6 - Port Scanning - Eric VanderburgEthical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Eric Vanderburg
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
Issar Kapadia
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
VuongPhm
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Ad

More Related Content

What's hot (20)

Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
leminhvuong
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Security
prachi67
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
phanleson
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocols
babak danyal
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
 
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC BerkeleyBarriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeley
joebeone
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
Andriy Berestovskyy
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowCeh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumeration
leminhvuong
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
chris zlatis
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniff
Kshitij Tayal
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
amiable_indian
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
vishalgohel12195
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
Joseph Bugeja
 
Password sniffing
Password sniffingPassword sniffing
Password sniffing
SRIMCA
 
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking Chapter 6 - Port Scanning - Eric VanderburgEthical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Eric Vanderburg
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
Issar Kapadia
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
leminhvuong
 
Unit 3:Enterprise Security
Unit 3:Enterprise SecurityUnit 3:Enterprise Security
Unit 3:Enterprise Security
prachi67
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
phanleson
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocols
babak danyal
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
 
Barriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC BerkeleyBarriers to TOR Research at UC Berkeley
Barriers to TOR Research at UC Berkeley
joebeone
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
Andriy Berestovskyy
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowCeh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
 
Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumeration
leminhvuong
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
chris zlatis
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniff
Kshitij Tayal
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
amiable_indian
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
vishalgohel12195
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
Joseph Bugeja
 
Password sniffing
Password sniffingPassword sniffing
Password sniffing
SRIMCA
 
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking Chapter 6 - Port Scanning - Eric VanderburgEthical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Ethical hacking Chapter 6 - Port Scanning - Eric Vanderburg
Eric Vanderburg
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
Issar Kapadia
 

Similar to Penetration Testing Services Technical Description Cyber51 (20)

An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
VuongPhm
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Network scan
Network scanNetwork scan
Network scan
penetration Tester
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Sam Bowne
 
Security tools
Security toolsSecurity tools
Security tools
Greater Noida Institute Of Technology
 
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptx
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptxWeek 8 IT infrastructure Scanning and Enumeration Part 2.pptx
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptx
amardeux
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
shahhardik27
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
shahhardik27
 
Sccccccccccccccccccccccannig Network.pptx
Sccccccccccccccccccccccannig Network.pptxSccccccccccccccccccccccannig Network.pptx
Sccccccccccccccccccccccannig Network.pptx
rsi3pfe
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhj
AmitDeshai
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Boston Institute of Analytics
 
Anonymous Security Scanning and Browsing
Anonymous Security Scanning and BrowsingAnonymous Security Scanning and Browsing
Anonymous Security Scanning and Browsing
Abhilash Venkata
 
4-2.Scanning and Enumeration Presentation Slides (1).pptx
4-2.Scanning and Enumeration Presentation Slides (1).pptx4-2.Scanning and Enumeration Presentation Slides (1).pptx
4-2.Scanning and Enumeration Presentation Slides (1).pptx
yeshwanthwp130
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
FRSecure
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
talkaton
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
talkaton
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
Mohammed Adam
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout Presentation
Firoze Hussain
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
Sam Bowne
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
VuongPhm
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Network scan
Network scanNetwork scan
Network scan
penetration Tester
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Sam Bowne
 
Security tools
Security toolsSecurity tools
Security tools
Greater Noida Institute Of Technology
 
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptx
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptxWeek 8 IT infrastructure Scanning and Enumeration Part 2.pptx
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptx
amardeux
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
shahhardik27
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
shahhardik27
 
Sccccccccccccccccccccccannig Network.pptx
Sccccccccccccccccccccccannig Network.pptxSccccccccccccccccccccccannig Network.pptx
Sccccccccccccccccccccccannig Network.pptx
rsi3pfe
 
chapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhjchapter-4-networking hjgjjgj did hfhhfhj
chapter-4-networking hjgjjgj did hfhhfhj
AmitDeshai
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Boston Institute of Analytics
 
Anonymous Security Scanning and Browsing
Anonymous Security Scanning and BrowsingAnonymous Security Scanning and Browsing
Anonymous Security Scanning and Browsing
Abhilash Venkata
 
4-2.Scanning and Enumeration Presentation Slides (1).pptx
4-2.Scanning and Enumeration Presentation Slides (1).pptx4-2.Scanning and Enumeration Presentation Slides (1).pptx
4-2.Scanning and Enumeration Presentation Slides (1).pptx
yeshwanthwp130
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
FRSecure
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
talkaton
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
talkaton
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
Mohammed Adam
 
Cyberscout Presentation
Cyberscout PresentationCyberscout Presentation
Cyberscout Presentation
Firoze Hussain
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
Sam Bowne
 
Ad

More from martinvoelk (16)

Cyber51 Company Presentation Public
Cyber51 Company Presentation PublicCyber51 Company Presentation Public
Cyber51 Company Presentation Public
martinvoelk
 
Consulting Flyer
Consulting FlyerConsulting Flyer
Consulting Flyer
martinvoelk
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
martinvoelk
 
Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51
martinvoelk
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Test
martinvoelk
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
martinvoelk
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
martinvoelk
 
Ppctrainer Offers
Ppctrainer OffersPpctrainer Offers
Ppctrainer Offers
martinvoelk
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consulting
martinvoelk
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consulting
martinvoelk
 
Basic Adwords Course Outline
Basic Adwords Course OutlineBasic Adwords Course Outline
Basic Adwords Course Outline
martinvoelk
 
Pronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training CoursesPronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training Courses
martinvoelk
 
CCIE Bootcamp Training Courses
CCIE Bootcamp Training CoursesCCIE Bootcamp Training Courses
CCIE Bootcamp Training Courses
martinvoelk
 
Servicios de la Seguridad delos Redes
Servicios de la Seguridad delos RedesServicios de la Seguridad delos Redes
Servicios de la Seguridad delos Redes
martinvoelk
 
IT Network Security Services
IT Network Security ServicesIT Network Security Services
IT Network Security Services
martinvoelk
 
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner AssociateProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
martinvoelk
 
Cyber51 Company Presentation Public
Cyber51 Company Presentation PublicCyber51 Company Presentation Public
Cyber51 Company Presentation Public
martinvoelk
 
Consulting Flyer
Consulting FlyerConsulting Flyer
Consulting Flyer
martinvoelk
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
martinvoelk
 
Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51Vulnerability Assesment Subscriptions Cyber51
Vulnerability Assesment Subscriptions Cyber51
martinvoelk
 
Web Application Penetration Test
Web Application Penetration TestWeb Application Penetration Test
Web Application Penetration Test
martinvoelk
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
martinvoelk
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
martinvoelk
 
Ppctrainer Offers
Ppctrainer OffersPpctrainer Offers
Ppctrainer Offers
martinvoelk
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consulting
martinvoelk
 
AdWords Training & AdWords Consulting
AdWords Training & AdWords ConsultingAdWords Training & AdWords Consulting
AdWords Training & AdWords Consulting
martinvoelk
 
Basic Adwords Course Outline
Basic Adwords Course OutlineBasic Adwords Course Outline
Basic Adwords Course Outline
martinvoelk
 
Pronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training CoursesPronetexpert Cisco Ccde Bootcamp Training Courses
Pronetexpert Cisco Ccde Bootcamp Training Courses
martinvoelk
 
CCIE Bootcamp Training Courses
CCIE Bootcamp Training CoursesCCIE Bootcamp Training Courses
CCIE Bootcamp Training Courses
martinvoelk
 
Servicios de la Seguridad delos Redes
Servicios de la Seguridad delos RedesServicios de la Seguridad delos Redes
Servicios de la Seguridad delos Redes
martinvoelk
 
IT Network Security Services
IT Network Security ServicesIT Network Security Services
IT Network Security Services
martinvoelk
 
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner AssociateProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
ProNetExpert Cisco Premier Partner & Cisco Learning Partner Associate
martinvoelk
 
Ad

Penetration Testing Services Technical Description Cyber51

  • 1. Security Services Description
  • 2. Table of Contents NETWORK PENETRATION TEST ...................................................................................................... 3 WHY? ................................................................................................................................................................. 3 METHODOLOGY ................................................................................................................................................ 3 Footprinting / Network Mapping ............................................................................................................3 Scanning and enumeration.........................................................................................................................4 Vulnerability Analysis....................................................................................................................................7 Exploitation ........................................................................................................................................................8 Reporting.............................................................................................................................................................9 WEB APPLICATION PENETRATION TEST..................................................................................... 9 WHY? ................................................................................................................................................................ 9 METHODOLOGY ...........................................................................................................................................10 Configuration Management Analysis .................................................................................................. 10 Analysis of Authentication ....................................................................................................................... 11 Session Management Analysis ................................................................................................................ 11 Analysis of Authorization ......................................................................................................................... 12 Data Validation Analysis........................................................................................................................... 12 Analysis of Web Services ........................................................................................................................... 13 Reporting.......................................................................................................................................................... 13 APPENDIX A: TYPES OF PENETRATION TESTS……………………………………………………...……….15 Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 3. Network Penetration Test Why? Individuals and businesses enjoy and rely on modern communication methods, collaboration services and benefit from new opportunities the Internet age has created. However, Cyber Crime is on the rise too and has led governments to form complete new authorities to tackle Cyber Warfare and malicious activity. We at Cyber 51 play our part in making the Internet and modern communications a more secure space. Hackers attack both private and corporate systems on a daily basis. The attacker can be stationed anywhere in the world and needs just internet access and the appropriate tools. The threat is real and it happens thousands of times a day. Many attacks take place undetected and result in the theft and destruction of valuable data. The solution: Penetration Tests and Network Security Audits. Cyber 51 will, with the legal permission of the network owner, attack customer systems in the same way as a Hacker. In doing so, Cyber 51 is able to expose security holes in the system. The benefit: The customer is made aware of the Security holes that exist and could be exploited by a hacker with malicious intent to gain unauthorized access to the customer network. In addition, Cyber 51 will prepare a plan of action and, if the customer wishes, implement the closure of these holes. Methodology Footprinting / Network Mapping The process of footprinting is a completely non‐intrusive activity performed in order to get the maximum possible information available about the target organization and its systems using various means, both technical as well as non‐technical. This involves searching the internet, querying various public repositories (whois databases, domain registrars, Usenet groups, mailing lists, etc.). Also, our Security Testing Consultants will look to obtain as much detail as possible of the current topology and network profile. This can consist of information around IP addressing, gathering public domain information about the business, Ping sweeps, port scanning etc. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 4. This information is then compiled and subsequently analyzed for further areas of investigation.  Information Gathering o Expected results • Domain names • Servers names • IP addresses • Network Topology • Information about ISP • Internet presence • Company Profile o Tasks: • Examine and gather information about domain registries. • Find IP addresses Blocks • Names and locations of DNS servers • Use of multiple traces in order to identify systems and devices between. • Identify email addresses related to the company. • Identify newsgroups, Forums and boards where information related to the company is located. • Examine web pages and scripts source codes • Examine email headers Scanning and enumeration The scanning and enumeration phase will comprise of identifying live systems, open / filtered ports found, services running on these ports, Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 5. mapping router / firewall rules, identifying the operating system details, network path discovery, etc. This phase involves a lot of active probing of the target systems. After successfully identifying the open ports, services behind them will be fingerprinted, either manually or by using readily available tools. Then, the penetration tester will confirm the exact name and version of the services running on the target system and the underlying Operating System before including the same in the final report.  Services identification on systems o Expected Results • Ports open, closed and filtered • IP addresses of live systems • IP addresses of internal networks • Asset Services • Map the Network • List tunneled and encapsulated protocols discovered • List supported routing protocols • Application type and patch level • Type of operating systems o Tasks • Collection of responses from network • Test TTL / firewalking firewall • Use ICMP and reverse lookup to determine the existence of machines on network • Use TCP fragments with FIN, NULL and XMAS on ports 21, 22,25,80 and 443 of the hosts found on the network • Use TCP SYN on ports 21, 22, 25.80 and 443 of the hosts found on the network. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 6. • Attempt connections on DNS servers • Use TCP SYN (half open) to list ports that are closed or open filtered all hosts on the network found • Use TCP fragments to ports and services available in the host • Use UDP packets to list all open ports found on the network host • Try to identify the Standard protocols • Try to identify non-standard protocols • Try to identify encrypted protocols • Identify date, time and System Up-Time • Identify the predictability of TCP sequence numbers • Identify the predictability of TCP sequence number ISN  Service identification: o Expected Results • Type of services • Application version and type that offers the service o Tasks • Match each open port with its corresponding service • Identify the Server Up-Time and patches applied • Identify the application that provides the service through the use of fingerprinting and banners • Identify the version of the application • Use UDP based services and Trojans attempt to make connections to the services found  System Identification: Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 7. o Expected Results • Type of operating system • Patch Level • Type of system • Enumeration System o Tasks • Examine system responses to determine your operating system • Check the prediction of TCP sequence numbers Vulnerability Analysis After successfully identifying the target systems and gathering the required details from the above phases, a penetration tester will try to find any possible vulnerabilities existing in each target system. During this phase a penetration tester will use automated tools to scan the target systems for known vulnerabilities. These tools have their own databases consisting of latest vulnerabilities and their details. During this phase a penetration tester will also test the systems by supplying invalid inputs, random strings, etc., and check for any errors or unintended behaviours in the system output. By doing so there are many possibilities that the penetration tester may come across unidentified vulnerabilities. Penetration tester will not to rely only on automated tools for this activity  Vulnerability testing o Expected Results • Type of applications and services listed by vulnerability • Patch Level of systems and applications • List of vulnerabilities that can cause denial of service • List of areas secured by obscurity Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 8. o Tasks • Integrate the most popular scanners, hacking tools and exploits in this test • Measure the goal with these tools • Try to identify vulnerabilities in a system and application type d • Perform redundant testing with at least two of the most popular scanners • Identify the vulnerabilities of the operating system • Identify application vulnerabilities • Check the vulnerabilities found by using exploits Exploitation During this phase a penetration tester will try to find exploits for the various vulnerabilities found in the previous phase. Quite often, successful exploitation of vulnerability might not lead to root (administrative) access. In such a scenario additional steps need to be taken, further analysis is required to access the risk, that particular vulnerability may cause to the target system. Example attack scenarios in this phase include, but aren’t limited to;  buffer overflows  application or system configuration problems  modems  routing issues  DNS attacks  address spoofing  share access and exploitation of inherent system trust relationships. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 9. Potential vulnerabilities will be systematically tested for weakness and overall risk. The strength of captured password files will be tested using password-cracking tools. Individual user account passwords may also be tested using dictionary-based, automated login scripts. In the event that an account is compromised, we will attempt to elevate privileges to that of super user, root, or administrator level. Our Security Consultants will maintain detailed records of all attempts to exploit vulnerabilities and activities conducted during the attack phase. Reporting The last phase in the entire activity is the reporting phase. This phase can occur in parallel to the other three stages or at the end of the Attack stage. The final report will be prepared keeping in mind both Management as well as Technical aspects, detailing all the findings with proper graphs, figures, etc. so as to convey a proper presentation of the vulnerabilities and it’s impact to the business of the target organization. An executive summary, describing in brief, the activities performed, findings, and high-level recommendations will be provided. Also detailed technical descriptions of the vulnerabilities and the recommendations to mitigate them will be documented in this report. All the security holes found and exploited will be accompanied with proper Proof‐of‐Concept by means of screenshots of the successful exploits, or any other such methods. This report will consist in an Executive report containing, without to be limited to: conclusions, recommendations, statistics, and hacking methodology brief, and a Technical Report containing without to be limited to: Information Gathering, Network Information, Analysis and Attack results of accomplished tasks. Web Application Penetration Test Why? Web applications have become increasingly vulnerable to different forms of hacker attacks. According to a Gartner Report, 75% of attacks today occur at the application level. A Forrester survey states that “people are now attacking through applications, because it’s easier Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 10. than through the network layer.” Despite common use of defenses such as firewalls and intrusion detection or prevention systems, hackers can access valuable proprietary and customer data, shutdown websites and servers and defraud businesses, as well as introduce serious legal liability without being stopped or, in many cases, even detected. To counter this problem, Cyber 51 Ltd. offers a comprehensive security risk assessment solution - Web Application Penetration Testing - to identify, analyze and report vulnerabilities in a given application. As part of this service, Cyber 51 Ltd. attempts to identify both inherent and potential security risks that might work as entry points for the hacker. We believe vulnerabilities could be present in a web application due to inadvertent flaws left behind during development, security issues in the underlying environment and misconfigurations in one or more components like database, web server etc. When conducting a Web Application Penetration Testing assignment, Cyber 51 Ltd. adopts a strong technology and process-based approach supported by a well-documented methodology to identify potential security flaws in the application and underlying environment. Adherence to industry standards such as OWASP, customized tests based on technology and business logic, skilled and certified security engineers, risk assessment on the vulnerabilities found, scoring system based on CVSS (Common Vulnerability Scoring System) make us different from the other vendors in this space. Customers would benefit from web application penetration testing on the application as it gives an in-depth analysis of your current security posture, recommendations for reducing exposure to currently identified vulnerabilities are highlighted and it allows the customer to make more informed decisions, enabling management of the company’s exposure to threats. The security assessment report submitted on completion of the engagement provides a detailed and prioritized mitigation plan to help customers in addressing security issues in a phased manner. Methodology Configuration Management Analysis The infrastructure used by the Web application will be evaluated from a security perspective. The tests to be performed are as follows: • TLS and SSL tests. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 11. • Security Testing over the listener of management system databases. • Testing the configuration of the infrastructure and its relationship with the Web application, vulnerability analysis, analysis of authentication mechanisms and identification of all the ports used by the Web application. • Testing the application settings, search through directories and regular files, comments from developers and the eventual acquisition and operational analysis of logs generated by the application. • Searching for old files, backups, logs of operations and other files used by the Web application. • Search and test management interfaces or web application related infrastructure. • Test various HTTP methods supported and the possibilities of XST (Cross-Site Tracing). Analysis of Authentication We will evaluate the various mechanisms and aspects of the web application authentication. The tests to be performed are as follows: • Credentials management • Enumeration of users and user accounts easily identifiable. • Proof of identification credentials brute force, based on information found or inferred. • Testing the authentication mechanisms looking for evasion • Logouts mechanisms and weaknesses associated with the Internet browser cache. • Strength tests over captchas and test multi-factor authentication. Session Management Analysis We will evaluate the different mechanisms and management aspects of web application sessions. The tests to be performed are as follows: Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 12. • Session management scheme will be tested. • CSRF (Cross-Site Request Forgery). • Test attributes Cookies. • Setting sessions. • Evidence of attributes exposed session and repetition. Analysis of Authorization We will evaluate the various mechanisms and aspects of web application authorization. The tests to be performed are as follows: • Privilege escalation. • "Path Traversal". • Evidence of evasion of clearance mechanisms. • Testing the "business logic" of the Web application, avoiding, altering, or cheating their relationships within the application. Data Validation Analysis We will evaluate the various repositories, access and protection mechanisms related to the validation of data used by the Web application. The tests to be performed are as follows: • Test various XSS (Cross Site Scripting) and "Cross Site Flashing." • SQL Injection tests. • LDAP injection tests. • Evidence of ORM injection. • XML Injection tests. • SSI injection testing. • Testing XPath Injection. • Injection Test IMAP / SMTP. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 13. • Evidence Code Injection. • Injection Test Operating System Commands. • Evidence of buffer overflow. • Evidence of Splitting / Smuggling of HTTP. • Evidence of evasion of clearance mechanisms. • Evidence of privilege escalation. Analysis of Web Services We will evaluate the web application services related to SOA (Service Oriented Architecture): The tests to be performed are as follows: • Security testing of WSDL. • Evidence of structural Security of XML. • Testing of security at XML content. • Test HTTP GET parameters / REST. • Tests with contaminated SOAP attachments. • Repeat testing of web services. • Testing AJAX Web application vulnerabilities regarding this technology. Reporting The last phase in the entire activity is the reporting phase. This phase can occur in parallel to the other three stages or at the end of the Attack stage. The final report will be prepared keeping in mind both Management as well as Technical aspects, detailing all the findings with proper graphs, figures, etc. so as to convey a proper presentation of the vulnerabilities and it’s impact to the business of the target organization. An executive summary, describing in brief, the activities performed, findings, and high level recommendations will be provided. Also detailed technical descriptions of the vulnerabilities and the recommendations to mitigate them will be documented in this report. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 14. All the security holes found and exploited will be accompanied with proper Proof‐of‐Concept by means of screenshots of the successful exploits, or any other such methods. This report will consist in an Executive report containing, without to be limited to: conclusions, recommendations, statistics, and hacking methodology brief, and a Technical Report containing without to be limited to: Information Gathering, Network Information, Analysis and Attack results of accomplished tasks. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 15. Penetration Testing Any of our Penetration Tests can contain one or more modules as listed below. We will tailor any Penetration Test to your individual business needs. Internet Security Assessment Any device with access to the Internet is a potential open door to would-be hackers. We provide vulnerability assessments during which we closely map the network architecture, examine all open ports, hosts and services with access to the Web, and ensures that these network devices are secure. Defensive thinking gathers information such as domain names, IP network ranges, operating system and applications, to identify systems on the network, how they are related, the services that are exposed through open ports (such as http, SMTP, terminal services, etc.). Once open ports and attached services are identified, we determine whether each service has been updated with the most recent patches and identifies other vulnerabilities located within the exposed services. In addition to conducting vulnerability assessments, we perform more rigorous penetration tests in which the information gathered from the assessment is used to attempt to penetrate the network. This more thorough procedure can confirm whether potential vulnerabilities are, in fact, capable of being exploited to expose the network. Following all vulnerability assessments and penetration tests, we use the information we gather to prepare a thorough vulnerability analysis and offers recommendations for strengthening network security. Intranet Security Assessment While outside threats must be guarded against, business must also protect against potential threats from within their own networks. Using many of the same techniques and procedures for Internet Security Testing, we provide Intranet risk assessment and analysis to protect against the potential threat posed by insiders. Depending on the client’s needs, intranet testing can be performed by us under varying degrees of disclosure of network information from the client, for example with or without network accounts. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 16. Dial-in RAS Security Assessment Dial-in links pose a potential threat to the integrity of the network security system. We examine dial-up connections that allow employees to access the network through public telephone lines or other dial-up connections. Given a range of telephone exchanges that may include modems, we can identify target numbers that allow for remote access. Using these numbers, we attempt to exploit vulnerabilities in the system and gain access to the network. We can also assess risks posed by the exposure of dial-up connections to the public telephone network which might undermine the client’s own internal security architecture. Web Application Assessment This assessment examines what services are being offered on Web- based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns. We can test these applications using either zero-knowledge testing or full- access testing to examine the full range of potential vulnerabilities. We also conduct source code audits to identify any potential vulnerability among the applications and scripts that are accessible through the Web. Wireless Assessment Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network. We evaluate how to prevent wireless communications from being exposed to eavesdropping and access by unauthorized intruders. Additionally, we examine the enterprise infrastructure for unencrypted or standard WEP enabled access points that may be vulnerable in order to ensure the security of the network. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 17. Social Engineering Assessment Social engineering involves manipulating and/or deceiving company employees and other human resources to gain unauthorized access to a network or to confidential information. We are a premier consulting firm in our ability to identify weak links in the security chain through exploitation of human vulnerabilities. We leverage our unparalleled expertise in this field to expose what is often the weakest link in the information security apparatus: the human element. Once individual or systemic weaknesses are identified, we recommend procedures designed to ensure that employees do not divulge information that could compromise company assets. The social engineering assessment not only uses tactics intended to gain confidential information, but also to induce unsuspecting employees to create vulnerabilities that can subsequently be exploited to gain access to confidential information. Telecommunications Assessment We have unique experience testing vulnerabilities in private bank exchanges that operate company voicemail and messaging systems. Unauthorized access to these systems can allow an intruder to eavesdrop on and manipulate employee voicemail messages, initiate outgoing calls from internal company lines, and access corporate telephone networks and directories. Database Assessment Client lists, credit card records, and other confidential information held in databases must be given particular protection from unauthorized disclosure. We test database integrity to determine whether any vulnerability may compromise this sensitive information. Physical Security Assessment Access to confidential information can often be obtained by simply gaining physical access to company premises. We conducts on-site surveillance to assess physical security and uses social engineering, pass key duplication, and other techniques designed to gain physical entry into secure areas and the network system. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]
  • 18. Forensic Analysis In addition to preventing future attacks, we can conduct forensic analysis to evaluate past security breaches. This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has been compromised, and mitigate potential damages from the intrusion. Intrusion Investigation We can investigate documented intrusion attempts in to your network and situations where data was actually compromised. Through investigation, you can find the source of the attack, the techniques used, and how to correct these flaws. While it is always best to stop attacks before they happen, it is important to investigate any possible compromise of your intellectual property. Copyright © 2010 - 2012 Cyber 51 Ltd. All Rights Reserved. http://www.cyber51.co.uk | Email: [email protected]