BackTrack Penetration Testing WorkshopMichael Holcomb, CISSPUpstate ISSA Chapter

AgendaIntroductionsScheduleWorkshop FormatThe Attacker MethodologyPenetration Testing Execution Standard (PTES)Pentester Job Requirements

DisclaimerDo not try this at home without permission!

IntroductionsNameCompanyPositionPrevious ExperienceWindows & LinuxPenetration TestingBackTrack

ScheduleHours (9:00AM to 4:30PM)10:20 to 10:30 - Break11:00 to 12:30 ISSA Chapter Meeting2:45 to 3:00 - Break

Workshop FormatSession MaterialsPractice ExercisesWorkshop Survey

The Hacker MethodologyInformation GatheringVulnerability AssessmentExploitationPrivilege EscalationMaintaining Access

Penetration Testing Execution Standard (PTES)Pre-engagement InteractionsIntelligence GatheringThreat ModelingVulnerability AnalysisExploitationPost ExploitationReporting

Pentester Job RequirementsSystem and application scanning using analysis toolsValidate automated testing resultsConduct manual analysisEvaluate and communicate riskProvide feedback and guidanceCertifications (CEH, CISA, CISSP, OCSP)

Physical SecurityMost overlooked area of Information SecurityIf you can touch it, you can p0wn it!

www.securitywizardry.com/radar.htm

BookmarksVMware (vmware.com)BackTrack 5 R3 (backtrack-linux.org)Metasploitable (offensive-security.com)Web Security Dojo (mavensecurity.com)Pauldotcom (pauldotcom.com)OCSP (offensive-security.com)Katana (hackfromacave.com)