Professional Documents
Culture Documents
Testing
Internal Penetration
Testing
Defining
Create
timelines
Active assessment
Limits
Out of scope? Not for hackers
Reading email in attempt to gain passwords
Attacking workstations to gain network
credentials
Attacking administrative workstations to gain
admin access
Searching .txt and .doc files on workstations
Searching .txt and .doc files on production
systems
Sniffing traffic
Keystroke loggers
Intentional denial of service
Footprint
Host Identification
Service Identification
Service Enumeration
Host Enumeration
Network Map
HSV Scans
Vulnerability
Mapping/Exploitation
1. Footprint
Goal: identify ranges and
domains
net view /domain to identify
domains
Footprint
Identify IP ranges
SNMP
DNS
ICMP
2. Host Identification
Identify Hosts
TCP
ICMP
Host Identification
Foundstone
net view
3. Service Identification
Identify Ports
TCP
UDP
Tool:
Fscan i <ip>
4. Service Enumeration
Identify
what is running on
listening ports
Tool:
Nmap & Nessus
5. Host Enumeration
use all the previous information
to make accurate guess at OS
and version from Nessus reports
6. Network Map
Should be created to identify
hosts, services and access paths.
7. HSV Scans
High Severity Vulnerability (HSV)
Scans should be performed to
identify systems with high
severity vulnerability
NetBIOS
weak passwords
SQL weak passwords
Web Vulnerabilities
Cont.
NetBIOS weak passwords
Remarks
SQL can run on alternate ports
Web vulnerabilities
stealth
whisker
typhon
8. Vulnerability Mapping/Exploitation
Source port attacks
If you use IPSec dont forget to use
the NoDefaultExempt key
HKLM\SYSTEM\CCS\Services\IPSEC\NoDefaultExec | DWORD = 1
Web Attacks
NetBIOS
SQL Attacks
9. Presentation of findings
Report should be clear and concise
Include screenshots
Use action items for remediation
Categorize findings
TACTICAL
STRATEGIC
Presentation of findings
Strengthening Microsoft
Networks
strong domain architectures
rigid user management
hardened applications
principle of least privilege
security baselines for systems
defence in depth
network segmentation
3rd party audit
THANK YOU