when a vulnerability assessment > pentest the anomaly
TRANSCRIPT
![Page 1: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/1.jpg)
WHEN A VULNERABILITY ASSESSMENT > PENTEST
THE ANOMALY
![Page 2: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/2.jpg)
$WHOAMI
Network Security for Dept of VA
Father/Husband
Fan of Futbol (Viva Mexico!)
Fan of Martial Arts
Brazilian JiuJitsu
![Page 3: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/3.jpg)
$WHOAMI
![Page 4: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/4.jpg)
$WHOAMI
![Page 5: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/5.jpg)
$WHOAMI
![Page 6: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/6.jpg)
$WHOAMI
![Page 7: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/7.jpg)
WHAT IS A PENTEST?
Recon
Pwnage
Pillage
Loot
Report
![Page 8: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/8.jpg)
WHAT IS A PENTEST?
http://www.pentest-standard.org/
http://www.sans.org/reading_room/whitepapers/bestprac/writing-penetration-testing-report_33343
http://www.offensive-security.com/offsec/sample-penetration-test-report/
![Page 9: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/9.jpg)
WHAT IS A PENTEST?
![Page 10: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/10.jpg)
WHAT IS A PENTEST?
![Page 11: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/11.jpg)
WHAT IS A PENTEST?
![Page 12: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/12.jpg)
INJUSTICIA!
![Page 13: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/13.jpg)
PROBANDO BOLIGRAFOS
- How to Not get a good pentest?http://blog.pentesterlab.com/2012/12/how-not-to-get-good-pentest.html
- Marcus Ranum – “The only favorable or useful outcome of a pentest is the worst one.”
http://www.ranum.com/security/computer_security/editorials/point-counterpoint/pentesting.html
![Page 14: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/14.jpg)
PWNING NOOBS
- Cons and breaking stuff tracks/talks
- Social Media: If you break stuff, talk about how to fix it.
- Reporting is Seriously lacking
![Page 15: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/15.jpg)
PENTESTING
![Page 16: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/16.jpg)
PENTESTING – MI MUJER ME PEGA
“Why don’t you find their weaknesses and then help them fix it?”
![Page 17: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/17.jpg)
VULNERABILITY ASSESSMENT
![Page 18: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/18.jpg)
VULNERABILITY ASSESSMENT
![Page 19: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/19.jpg)
VULNERABILITY ASSESSMENT
- Scan, how? Inside, external, credentials, ips, firewalls
- Agent based vs passive vs active
- Results integration- Results reporting- Team player
![Page 20: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/20.jpg)
SCAN HOW?
- Scanner Location- inside Network, outside network- Denial of service- Nmap
![Page 21: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/21.jpg)
SCAN HOW?
- Exclusions for Scanners- White box vs. Black box- Firewalls, IPS
![Page 22: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/22.jpg)
SCAN HOW?
- Credentials- Windows Desktops and Servers- Linux/Unix servers with SSH account/keys- SNMP strings- Cisco/Networking SSH credentials
- Be careful with credentials: Dave/Immunity, Ron/Tenable, Qualys, more.
- https://lists.immunityinc.com/pipermail/dailydave/2013-February/000334.html
![Page 23: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/23.jpg)
CREDENTIALS?
- Risks- Capture credentials
- Use ssh keys
- Never send clear text credentials
- Secure your scanner applications
- Passive Vulnerability (span port)
![Page 24: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/24.jpg)
SCAN HOW?
- Remember HD Moore’s Law
“Casual attacker power grows at the rate of Metaspoit.”- Joshua Corman
![Page 25: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/25.jpg)
SCAN HOW?
![Page 26: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/26.jpg)
AGENT VS ACTIVE SCANNING
- Agent Pros- Near real time- No network traffic- No outages caused by scans
- Agent Cons- May not be installed- May not be possible to install- Some vulns cannot be found
![Page 27: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/27.jpg)
VULN ASSESSMENT AND PATCH MGT
![Page 28: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/28.jpg)
VULN ASSESSMENT AND PATCH MGT
![Page 29: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/29.jpg)
VULN ASSESSMENT AND PATCH MGT
![Page 30: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/30.jpg)
VULN SCANNINGDOING IT RIGHT
Internal Scans
Credentialed Scans – Linux, Windows, Network devices
Vendor provided exploit availabilities and frameworks
Coordinate HIPS/NIPS, Firewall exclusions
![Page 31: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/31.jpg)
SCAN DATA INTEGRATION
Integrate with Org CMDB
SA information
Satellite Server
SCCM
WSUS
BigFix
![Page 32: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/32.jpg)
SCAN DATA INTEGRATION
Integrate with Org CMDB
![Page 33: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/33.jpg)
SCAN DATA INTEGRATION
Sys Admin information
SA POC information (part of cmdb)
Sys Admin deemed important information
Manual updates from Sys Admins
![Page 34: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/34.jpg)
SCAN DATA INTEGRATION
Satellite Server
SCCM
WSUS
BigFix/Tivoli Endpoing Manager(TEM)
Red Hat patch info integration
Compare with Scan info
![Page 35: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/35.jpg)
SCAN DATA INTEGRATION
Where Does all this data go?
Access DBCustom App with DB backendExcel Spreadsheet
GRC – Governance Risk and Compliance
Any other solutions?
![Page 36: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/36.jpg)
SCAN DATA- Incident Response
Import into org SIEM or incident correlation tool
![Page 37: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/37.jpg)
SCAN REPORTING
- Executive reports on important issues
- Report on Org specified critical findings
- Organizational severity scoring
![Page 38: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/38.jpg)
SCAN REPORTING
- Organizational severity scoring
![Page 39: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/39.jpg)
SCAN REPORTING
- Java JRE vuln – RCE
- Base Score = 9.3- Temporal Score = 7.7- Final Score = ?
![Page 40: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/40.jpg)
SCAN REPORTING
- Java JRE vuln – RCE
- Base Score = 9.3- Temporal Score = 7.7- Final Score = ?
![Page 41: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/41.jpg)
SCAN REPORTING
![Page 42: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/42.jpg)
SCAN REPORTING
- Default Credentials- Exploitable Vulns- Malware identification vulns- Indicators of Compromise- Configuration Auditing
- More?
![Page 43: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/43.jpg)
CALL TO ACTION
- Do work!- Improve scanning- Improve Patch Mgt- Integrate- Consolidate data- Customize to org needs- Work as a team ( Security, Sys Admin, Devs, Operations, etc)
![Page 44: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/44.jpg)
QUESTIONS?
![Page 45: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/45.jpg)
![Page 46: WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY](https://reader035.vdocuments.net/reader035/viewer/2022062619/551632e6550346b2068b4d65/html5/thumbnails/46.jpg)