Notifications
Clear all

Pen Testing

7 Posts
5 Users
0 Likes
612 Views
 Andy
(@andy)
Posts: 357
Reputable Member
Topic starter
 

I must confess that this is an area I am not too well versed in. I know the basics, but would love to know more.

Is there a set routine Pen testers use? A check list so to speak?

I'm not looking for a 'how to hack' step by step guide, (I don't think that would be wise on a public forum) more like what one should look for on a post mortem examination on a system that has potentially been compromised.

Andy

 
Posted : 24/04/2005 4:03 pm
mark777
(@mark777)
Posts: 101
Estimable Member
 

Andy

If your budget would stretch to it I would suggest you look at the course run by a company called 7safe. They do two courses that are called Hacking Insight 1 and Hacking- Forensic Artifacts. I have done them both and they are two of the best courses I have ever done. Not only do they go into great detail about hacking techniqes etc but they give a really good insight into the Forensic recovery of evidence left in the registry etc when viruses - trojans etc have been placed on a compromised computer. Shortly after done the course we got a trojan defence argument and I was able to shoot it down in flames and get a guilty plea.

Both courses are very hands on as well and you actually get to hack a system. One other bonus is that they use VmWare a lot and you really get to grips with that which of course comes in handy when you are trying to use EnCase PDE and VmWare to view target drives.

 
Posted : 24/04/2005 5:44 pm
tebodell
(@tebodell)
Posts: 25
Eminent Member
 

Andy-
I'm kind of unclear about the question are you looking for a pen-test framework or a post-intrusion analysis framework?

 
Posted : 24/04/2005 6:35 pm
 Andy
(@andy)
Posts: 357
Reputable Member
Topic starter
 

Mark I would love to go on that course (but finances are tight this year - check out my PM :)).

tebodell, sorry about the vagueness of my post. I would like to have both…. (am I being greedy?). If you can offer some insights that would be great.

Andy

 
Posted : 24/04/2005 6:48 pm
tebodell
(@tebodell)
Posts: 25
Eminent Member
 

Andy–
The well rounded pen-test frameworks I tend to reference would be the ISSAF ( http://www.oissg.org/content/view/71/71/ ) and the OSSTMM ( http://www.isecom.org/osstmm ).

As for post-intrusion analysis, other than the young CCIF ( http://www.oissg.org/content/view/72/72/ ), I'm not aware of a well rrounded framework but I'm sure there are checklists out there all over. Probably find some good ones at the SANS Reading Room ( http://rr.sans.org ). And of course any Incident Response checklists and/or books/blogs are helpful.

HTH,
Ty

 
Posted : 24/04/2005 7:12 pm
(@mohclips)
Posts: 4
New Member
 

I must confess that this is an area I am not too well versed in. I know the basics, but would love to know more.

Is there a set routine Pen testers use? A check list so to speak?

I'm not looking for a 'how to hack' step by step guide, (I don't think that would be wise on a public forum) more like what one should look for on a post mortem examination on a system that has potentially been compromised.

Andy

Pentesting is a huge area, and it really depends on what you are looking for. Most 'pentesting' done is via nessus and a few nmap scans which is more like vulnerability scanning. Thus not really real peneration testing in my book. Any really good pentesting ($$$, or £££) includes the social engineering side of things.

Any really good pentest can compromise your system and not leave a trace (or much of one). This of course would include the social engineering factor so that current user accounts are used within work hours and thus fingering someone else rather than the real attacker.

In my experience most ppl haven't even got the logging on their systems sorted out to even show that their systems have been compromised or what a std user has done that day. Or if they do its only local logging not remote so easily wiped.

Thus the post mortem you mention can be very hard to do.

The checklist you mention should be determined by the customer by the scope of the pentest. Which servers, entry points, networks to 'attack'. As to how the particular pen tester goes about this; if they are any good they will have their own proven methods and this will be based on their own personally written tools and procedures.

There are loads of cowboys out there that think a few open source vulnerability scanners can relieve a customer of $£1000s, and their are loads of customers are ready to believe them.

just my 2p.

Vulnerability scans != Peneration Tests.

Mohclips.

 
Posted : 02/06/2005 9:07 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Mark777

If your budget would stretch to it I would suggest you look at the course run by a company called 7safe. They do two courses that are called Hacking Insight 1 and Hacking- Forensic Artifacts. I have done them both and they are two of the best courses I have ever done. Not only do they go into great detail about hacking techniqes etc but they give a really good insight into the Forensic recovery of evidence left in the registry etc when viruses - trojans etc have been placed on a compromised computer.

I'm interested in this Forensic Artifacts course you mentioned. I went to the 7Safe web site and checked it out…it's unlikely I'll be able to attend b/c it's in the UK.

Can you provide any detailed information about what this course covers? Have you seen or heard of any similar courses here in the US?

Thanks,

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

 
Posted : 03/06/2005 12:14 pm
Share: