50 likes | 166 Vues
Module 6 – Penetration. Phase II Controls Assessment Scheduling Information Gathering Network Mapping Vulnerability Identification Penetration Gaining Access & Privilege Escalation Enumerating Further Compromise Remote Users/Sites Maintaining Access Cover the Tracks.
E N D
Module 6 – Penetration • Phase II Controls Assessment Scheduling • Information Gathering • Network Mapping • Vulnerability Identification • Penetration • Gaining Access & Privilege Escalation • Enumerating Further • Compromise Remote Users/Sites • Maintaining Access • Cover the Tracks Heorot.net
Penetration • Purpose behind Penetration • To provide proof of vulnerabilities or exploits • Conducted in an isolated environment (lab) • High risk to continued operation of target • Not necessary for “Blue Team” hacking • Requires higher level of programming skill and TCP/IP stack knowledge Heorot.net
Penetration • Find proof of concept code/tool • Develop tools/scripts • Test proof of concept code/tool • Customize proof of concept code/tool • Test proof of concept code/tool in an isolated environment • Use proof of concept code against target • Verify or disprove the existence of vulnerabilities Heorot.net
Penetration • Find proof of concept code/tool OR • Develop tools/scripts • PenTest Lab • Test proof of concept code/tool • Customize proof of concept code/tool • Development Lab • Test proof of concept code/tool in an isolated environment • Production System • Use proof of concept code against target • Verify or disprove the existence of vulnerabilities Heorot.net
Module 6 – Conclusion • Phase II Controls Assessment Scheduling • Information Gathering • Network Mapping • Penetration • Find proof of concept code/tool • Develop tools/scripts • Test • PenTest Lab • Development Lab • Production System • Verify or disprove the existence of vulnerabilities Heorot.net