BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter

BackTrack Penetration Testing Workshop

Michael Holcomb, CISSP

Upstate ISSA Chapter

Agenda

Introductions Schedule Workshop Format The Attacker Methodology Penetration Testing Execution

Standard (PTES) Pentester Job Requirements

Disclaimer

Do not try this at home… without permission!

Introductions

Name Company Position Previous Experience

Windows & Linux Penetration Testing BackTrack

Schedule

Hours (9:00AM to 4:30PM) 10:20 to 10:30 - Break 11:00 to 12:30 – ISSA Chapter Meeting 2:45 to 3:00 - Break

Workshop Format

Session Materials Practice Exercises Workshop Survey

The Hacker Methodology

Information Gathering Vulnerability Assessment Exploitation Privilege Escalation Maintaining Access

Penetration Testing Execution Standard (PTES)

Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting

Pentester Job Requirements

System and application scanning using analysis tools

Validate automated testing results Conduct manual analysis Evaluate and communicate risk Provide feedback and guidance Certifications (CEH, CISA, CISSP,

OCSP)

Physical Security

Most overlooked area of Information Security

If you can touch it, you can p0wn it!

www.securitywizardry.com/radar.htm

Bookmarks

VMware (vmware.com) BackTrack 5 R3 (backtrack-linux.org) Metasploitable (offensive-security.com) Web Security Dojo (mavensecurity.com) Pauldotcom (pauldotcom.com) OCSP (offensive-security.com) Katana (hackfromacave.com)