BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter
Dec 24, 2015
BackTrack Penetration Testing Workshop
Michael Holcomb, CISSP
Upstate ISSA Chapter
Agenda
Introductions Schedule Workshop Format The Attacker Methodology Penetration Testing Execution
Standard (PTES) Pentester Job Requirements
Disclaimer
Do not try this at home… without permission!
Introductions
Name Company Position Previous Experience
Windows & Linux Penetration Testing BackTrack
Schedule
Hours (9:00AM to 4:30PM) 10:20 to 10:30 - Break 11:00 to 12:30 – ISSA Chapter Meeting 2:45 to 3:00 - Break
Workshop Format
Session Materials Practice Exercises Workshop Survey
The Hacker Methodology
Information Gathering Vulnerability Assessment Exploitation Privilege Escalation Maintaining Access
Penetration Testing Execution Standard (PTES)
Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting
Pentester Job Requirements
System and application scanning using analysis tools
Validate automated testing results Conduct manual analysis Evaluate and communicate risk Provide feedback and guidance Certifications (CEH, CISA, CISSP,
OCSP)
Physical Security
Most overlooked area of Information Security
If you can touch it, you can p0wn it!
www.securitywizardry.com/radar.htm
Bookmarks
VMware (vmware.com) BackTrack 5 R3 (backtrack-linux.org) Metasploitable (offensive-security.com) Web Security Dojo (mavensecurity.com) Pauldotcom (pauldotcom.com) OCSP (offensive-security.com) Katana (hackfromacave.com)