Penetration testing
0 likes205 views
The document discusses penetration testing and the Metasploit framework. It defines penetration testing as testing a system to find vulnerabilities that could be exploited by an attacker. It also outlines the typical phases of a penetration test: intelligence gathering, threat modeling, vulnerability analysis, exploitation, and reporting. Finally, it provides an overview of the Metasploit framework, describing it as an open source tool for writing exploits and its key components like payloads and listening modes.
Penetration testing
- 1. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 1/12 Penetration Testing ASHOKKUMAR Last updated 20161129 09:38:58 IST
- 2. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 2/12 Contents Introduction Need of pen test Pen test Phases Tranditional Pen test About Metasploit Key Terms of Metasploit Walkthrough of Metasploit
- 3. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 3/12 Introduction Pen Testing Testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky enduser behavior. Overt Pen Testing Security testing performed with the knowledge of the organization. Covert Pen Testing Security testing performed without the knowledge of the organization.
- 4. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 4/12 Need of pen test Protect critical infrastructure to prevent data breaches. Pen Test is the effective ways to identify weaknesses and deficiencies.
- 5. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 5/12 Pen test Phases Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Reporting
- 6. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 6/12 Tranditional Pen test Public Exploit Gathering Change Offset Replace Shellcode
- 7. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 7/12 About Metasploit The Metasploit Framework is a program and subproject developed by Metasploit LLC. Initially created in 2003 in the Perl programming language, then rewritten in the Ruby Programming Language. An Open source platform for writing security tools and exploits
- 8. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 8/12 Key Terms of Metasploit System exploitation Scanning for a computer that can be compromised. Payload Code that to be executed in the Targeted machine. Listening Component within Metasploit that waits for an incoming connection.
- 9. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 9/12 » Metasploit Interfaces Msfconsole Msfcli Armitage
- 10. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 10/12 Walkthrough of Metasploit Load Metasploit Use exploit SET Payload Execute
- 11. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 11/12 References Metasploit The Penetration Tester’s Guide by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni. http://www.dafthack.com/basicexploitmodpart2 https://www.offensivesecurity.com/communityprojects/theexploitdatabase
- 12. 29/11/2016 Penetration Testing (1) file:///home/firefly/meetup/metasploit.html#(1) 12/12 Thank you