Embed Size (px)
DESCRIPTION
05-Defense Vulnerability Scanning Practice
Citation preview
Information Security Education for Vietnamese Officers
2015.08.14. Michał Rzepka
Network & OS security
2 2
Hacking Lab challenges
3 Page Before we start… Ⅰ
6 Page Defensive measures Ⅱ
15 Page Ⅲ
19 Page Exercise session Ⅳ
21 Page Summary Ⅴ
3 3
Hacking Lab challenges
Before we start… Ⅰ
Defensive measures Ⅱ
Ⅲ
Exercise session Ⅳ
Summary Ⅴ
4 4
5 5
6 6
Hacking Lab challenges
Before we start… Ⅰ
Defensive measures Ⅱ
Ⅲ
Exercise session Ⅳ
Summary Ⅴ
7 7
Real attack 1. Reconnaissance / Information Gathering 2. Enumeration 3. Exploitation 4. Maintaining access (persistance) / cleaning up
Security assessment / legal pentesting 1. Reconnaissance / Information Gathering 2. Enumeration 3. Vulnerability assessment / Exploitation 4. Documentation (report)
8 8
• Persistence (maintaining access) / clean-up are beyond of the scope of this course
• But, briefly, it is all about going under radar
9 9
• The last phase of a pentest / security assessment is documentation
• What is expected from the report? • Report should be comprehensive
– Why the test was conducted? What was the goal? – Exact timeline? Exact components included in the scope? – Test limitations (list all the problems – e.g. no access provided,
missing credentials, feature not implemented, XYZ system went down etc.)
• Who is the report’s audience? – Management or tech, or both?
10 10
• Findings should be descriptive enough – What is the problem? – How it can be exploited/abused?
• What is the real risk? – Keep the environment-specific things in mind
• What’s the “business impact”? • Findings should be possible to be reproduced • Recommendations should be reasonable • Keep in mind that you are writing the report to help someone fix the issues!
11 11
12 12
13 13
https://www.nsa.gov/ia/_files/support/defenseindepth.pdf
14 14
https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
15 15
16 16
Hacking Lab challenges
Before we start… Ⅰ
Defensive measures Ⅱ
Ⅲ
Exercise session Ⅳ
Summary Ⅴ
17 17
hacker/compass and
18 18
Hacking Lab challenges
Before we start… Ⅰ
Defensive measures Ⅱ
Ⅲ
Exercise session Ⅳ
Summary Ⅴ
19 19
20 20
Hacking Lab challenges
Before we start… Ⅰ
Defensive measures Ⅱ
Ⅲ
Exercise session Ⅳ
Summary Ⅴ
21 21
22 22
![1.6.4 Vulnerability Scanning Service (VSS) [C.2.10.3]€¦ · 01/12/2018 · 1.6.4 Vulnerability Scanning Service (VSS) [C.2.10.3] Vulnerability scanning is a major component of](https://img.dokumen.tips/doc/110x75/5f53e424f8b2f461df2e920d/164-vulnerability-scanning-service-vss-c2103-01122018-164-vulnerability.jpg)
