1 / 24

Joe Fasulo

Joe Fasulo. Breaking egos since 2006. Who is this guy?. Software Engineer/ Penetration Tester Works for Tyler Technologies (TYL) Free-lance network auditor Computer Science senior at UMaine Former Cybersecurity Team Captain/Founder. Keyterm.

bary
Télécharger la présentation

Joe Fasulo

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joe Fasulo Breaking egos since 2006

  2. Who is this guy? • Software Engineer/ Penetration Tester • Works for Tyler Technologies (TYL) • Free-lance network auditor • Computer Science senior at UMaine • Former Cybersecurity Team Captain/Founder

  3. Keyterm • Penetration Testing – The art of gathering reconnaissance, enumeration and maintaining access of a system.

  4. What the heck is Backtrack? • Linux based penetration testing distribution • Debian based • Best of its kind – others.. • Knoppix STD • nUbuntu • PHLAK • “So good the NSA uses it”

  5. Security Uses • Information Gathering • Network Mapping • Vulnerability Identification • Web Application Analysis • Radio Network Analysis (802.11,Bluetooth,Rfid) • Penetration (Exploit & Social Engineering Toolkit) • Privilege Escalation • Maintaining Access • Digital Forensics • Reverse Engineering • Voice Over IP Wikipedia

  6. Standard ToolsZOMG FREE STUFF! • Metasploit – everyone’s 1337! • Kismet – your neighbor isn’t smart • Nmap – “Why did they shut my internet off”? • Ettercap/dsniff /arpspoof– What does ARP mean? • Wireshark – I see you • Hydra – Please stop filling up my logs.. • Cisco Auditing Tool – did you cheat the CCNA? • SQL Ninja – My kid does websites! • Hamster/Ferret – your Facebook isn’t safe, again.

  7. Problems BT solves.. • Maintained set of security tools that are centrally located to the penetration tester. • Flexible environment for scripting and automation. • A community that welcomes other peoples contributions

  8. Why your day is better as a Penetration Tester because you use backtrack…

  9. Case 1: The crappy network admin

  10. Situation and Environment • You’ve been hired to conduct a network audit and analysis of Company X. • Goal find all servers and networked devices that have known exploits.

  11. BT Solution • Use the organized array of tools that are available to the tester. • Nmapseek • OpenVAS • Nessus (have to install yourself [c’mon you can do it]) • Metasploit..and destroy

  12. Case 2:Finding new exploits“Your new C programmers evaluation”

  13. Fuzzing • The art of testing services or code for random or unexpected output.

  14. WACKA WACKA!

  15. BT Solution • BT provides several tools for fuzzing • Bed • Peach • Jbrofuzz • Fuzzgrind

  16. Case 3:How to become hated by a teenager, and getting paid to do it!

  17. Situation and Environment • CEO X wants you to test his PHP page that DIRECTLY REQUESTS LOGIN INFORMATION TO THE DATABASE and see why random people have been added/deleted/accessing the database.

  18. BT solutionSQL NINJA • Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB Server authentication mode) • Bruteforce of the 'sa' password • Privilege escalation to 'sa' • Creation of a custom xp_cmdshell if the original one has been disabled • Upload of executables • Reverse scan in order to look for a port that can be used for a reverse shell • Direct and reverse shell, both TCP and UDP • DNS tunneled pseudoshell, when no ports are available for a bindshell • Metasploit wrapping, when you want to use Meterpreter or even want to get GUI access on the remote DB server • OS privilege escalation on the remote DB server using token kidnapping • All of the above can be done with obfuscated SQL code, in order to confuse IDS/IPS systems SQLNinja.sourceforge.net

  19. And..we can usually find out pretty quick why we don’t hire teenagers to write database code..

  20. Well can’t I just make my own distribution and load all my own tools on it…? • Sure • But why? • I mean you can but again… • But why when there is a platform that’s stable (enough) and is developed for you.

  21. Learn More.. • www.backtrack-linux.org • IRC • Freenode • #Backtrack-linux

  22. People NOT to listen to.. • People that say.. • “I’ve got a MAC I can’t get a virus” • “My boyfriend is super good with computers because he can setup a netgear” • “I scanned umaine.edu and found so many open ports”! • “The internet is a series of tubes” • “…send me an email to my yahoo account” • “I download off my neighbors router so they can’t track me” • “Have you checked out Firesheep? So good!” • “Can you hack my friends facebook, I want to screw with him.” • “Windows is so insecure, I’m moving to Linux”! • “You’re screwed cause I found your IP”!

  23. Do we have time for a video? • DON’T Be…This guy: • NEXTGENHACKER101 • http://www.youtube.com/watch?v=SXmv8quf_xM

  24. Thanks!

More Related