Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
379 lines (323 sloc) 9.08 KB
% Created 2012-04-27 Fri 13:26
\documentclass[11pt]{beamer}
\mode<presentation>
\usetheme{Berlin}
\usecolortheme{crane}
\beamertemplateballitem
\setbeameroption{show notes}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{hyperref}
\usepackage{color}
\usepackage{listings}
\lstset{numbers=none,language=[ISO]C++,tabsize=4,
frame=single,
basicstyle=\small,
showspaces=false,showstringspaces=false,
showtabs=false,
keywordstyle=\color{blue}\bfseries,
commentstyle=\color{red},
}
\usepackage{verbatim}
\institute{Linuxwochen 2012}
\subject{{{{beamersubject}}}}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{fixltx2e}
\usepackage{graphicx}
\usepackage{longtable}
\usepackage{float}
\usepackage{wrapfig}
\usepackage{soul}
\usepackage{textcomp}
\usepackage{marvosym}
\usepackage{wasysym}
\usepackage{latexsym}
\usepackage{amssymb}
\usepackage{hyperref}
\tolerance=1000
\providecommand{\alert}[1]{\textbf{#1}}
\title{A Pentester's Best Friends}
\author{Michael Kohl, Ludwig Hammel}
\date{\today}
\hypersetup{
pdfkeywords={},
pdfsubject={},
pdfcreator={Emacs Org-mode version 7.8.03}}
\begin{document}
\maketitle
\begin{frame}
\frametitle{Outline}
\setcounter{tocdepth}{3}
\tableofcontents
\end{frame}
\section{Einleitung}
\label{sec-1}
\begin{frame}[fragile]\frametitle{Die Vortragenden}
\label{sec-1-1}
\begin{itemize}
\item Penetration Tester und Software-Entwickler\\
\label{sec-1-1-1}%
\item base-camp IT Security \& Solutions\\
\label{sec-1-1-2}%
\item \href{http://www.base-camp.cc/}{http://www.base-camp.cc/}\\
\label{sec-1-1-3}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{Warum Penetration Testing?}
\label{sec-1-2}
\begin{itemize}
\item Schwachstellen identifizieren\\
\label{sec-1-2-1}%
\item Aufdecken von Fehlern aus falscher Bedienung\\
\label{sec-1-2-2}%
\item Erhöhung der Sicherheit auf technischer und organisatorischer Ebene\\
\label{sec-1-2-3}%
\item externe Validierung der Sicherheit\\
\label{sec-1-2-4}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{Ablauf eines Penetration Test}
\label{sec-1-3}
\begin{itemize}
\item Pre-Engagement
\label{sec-1-3-1}%
\begin{itemize}
\item Zieldefinition, Umfang, Rahmenbedingungen\\
\label{sec-1-3-1-1}%
\end{itemize} % ends low level
\item Intelligence Gathering
\label{sec-1-3-2}%
\begin{itemize}
\item Footprinting, Portscans, Google, Social Media\\
\label{sec-1-3-2-1}%
\end{itemize} % ends low level
\item Threat Modeling
\label{sec-1-3-3}%
\begin{itemize}
\item Angriffsvektor, interessante Ziele\\
\label{sec-1-3-3-1}%
\end{itemize} % ends low level
\item Vulnerability Analysis
\label{sec-1-3-4}%
\begin{itemize}
\item Port- u. Servicescans, Banner Grabbing, Traffic Monitoring\\
\label{sec-1-3-4-1}%
\end{itemize} % ends low level
\item Exploitation
\label{sec-1-3-5}%
\begin{itemize}
\item Buffer Overflows, SQL Injections, Bruteforce\\
\label{sec-1-3-5-1}%
\end{itemize} % ends low level
\item Post Exploitation
\label{sec-1-3-6}%
\begin{itemize}
\item Weitere Exploits, Aufräumen\\
\label{sec-1-3-6-1}%
\end{itemize} % ends low level
\end{itemize} % ends low level
\end{frame}
\section{Tools}
\label{sec-2}
\begin{frame}[fragile]\frametitle{owtf}
\label{sec-2-1}
#+begin\_latex
{\setbackgroundtemplate{\ncludegraphics[width=\paperwidth,height=\paperheight]{desert.png}}
\begin{frame}{Ali Baba}
\end{frame}
}
#+end\_latex
\begin{itemize}
\item Offensive Web Testing Framework\\
\label{sec-2-1-1}%
\item Information Gathering\\
\label{sec-2-1-2}%
\item Vulnerability Analysis\\
\label{sec-2-1-3}%
\item passsive, semi-passive, active\\
\label{sec-2-1-4}%
\item On-the-fly Report Updates\\
\label{sec-2-1-5}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{Nmap}
\label{sec-2-2}
\begin{itemize}
\item Geschrieben in C und Lua\\
\label{sec-2-2-1}%
\item Ursprünglich Portscanner\\
\label{sec-2-2-2}%
\item Mittlerweile umfangreicher Security-Scanner\\
\label{sec-2-2-3}%
\item Intelligence Gathering \& Vulnerability Analysis\\
\label{sec-2-2-4}%
\item Nmap Scripting Engine (NSE)\\
\label{sec-2-2-5}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{Nmap Demo}
\label{sec-2-3}
\begin{itemize}
\item Simpler Portscan
\label{sec-2-3-1}%
\begin{itemize}
\item \texttt{nmap linuxwochen.at}\\
\label{sec-2-3-1-1}%
\end{itemize} % ends low level
\item Komplizierterer Portscan (OS Detection, Port-Range, Service/Version Detection)
\label{sec-2-3-2}%
\begin{itemize}
\item \texttt{nmap -O -sV -p 1-2048 linuxwochen.at}\\
\label{sec-2-3-2-1}%
\end{itemize} % ends low level
\item Portscan mit Standardskripts (Wie oben plus Standardskripts und Traceroute)
\label{sec-2-3-3}%
\begin{itemize}
\item \texttt{nmap -A linuxwochen.at}\\
\label{sec-2-3-3-1}%
\end{itemize} % ends low level
\item Portscan mit Extra Skripts
\label{sec-2-3-4}%
\begin{itemize}
\item \texttt{nmap -{}-script=http-generator,banner -p21,80 linuxwochen.at}\\
\label{sec-2-3-4-1}%
\end{itemize} % ends low level
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{NSE kurz}
\label{sec-2-4}
\begin{itemize}
\item Nmap Scripting Engine\\
\label{sec-2-4-1}%
\item Lua\\
\label{sec-2-4-2}%
\item > 350 Skripts\\
\label{sec-2-4-3}%
\item Kategorien: default, discovery, dos, exploit, malware, safe\ldots{}\\
\label{sec-2-4-4}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{NSE Beispiel}
\label{sec-2-5}
\ldots{}
\end{frame}
\begin{frame}[fragile]\frametitle{sqlmap}
\label{sec-2-6}
\begin{itemize}
\item Für MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase und SAP MaxDB\\
\label{sec-2-6-1}%
\item Verschiedene SQL Injection Techniken\\
\label{sec-2-6-2}%
\item Enumeration von Benutzern, Tabellen, Benutzerrollen und -berechtigungen\ldots{}\\
\label{sec-2-6-3}%
\item Datenbanken/Tabellen dumpen\\
\label{sec-2-6-4}%
\item File Upload/Download bei MySQL, PostgreSQL und Microsoft SQL Server\\
\label{sec-2-6-5}%
\item Demo?\\
\label{sec-2-6-6}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{Metasploit}
\label{sec-2-7}
\begin{itemize}
\item Sehr umfangreiches Pen Testing Framework\\
\label{sec-2-7-1}%
\item Geschrieben und erweiterbar in Ruby (früher Perl)\\
\label{sec-2-7-2}%
\item Scanning, Vulnerability Analysis, Exploitation, Post Exploitation\\
\label{sec-2-7-3}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{Arachni}
\label{sec-2-8}
\begin{itemize}
\item Web Application Security Scanner Framework\\
\label{sec-2-8-1}%
\item Geschrieben in Ruby\\
\label{sec-2-8-2}%
\item Spider mit asynchronem HTTP\\
\label{sec-2-8-3}%
\item Als Library verwendbar\\
\label{sec-2-8-4}%
\item Web Interface\\
\label{sec-2-8-5}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{BeEF}
\label{sec-2-9}
\begin{itemize}
\item Browser Exploitation Framework\\
\label{sec-2-9-1}%
\item Geschrieben in Ruby und JavaScript\\
\label{sec-2-9-2}%
\item Fokussiert auf Browser Schwachstellen\\
\label{sec-2-9-3}%
\item Clientseitige Angriffe\\
\label{sec-2-9-4}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{Dradis}
\label{sec-2-10}
\begin{itemize}
\item Post Exploitation Reporting\\
\label{sec-2-10-1}%
\item Geschrieben in Ruby\\
\label{sec-2-10-2}%
\end{itemize} % ends low level
\end{frame}
\begin{frame}[fragile]\frametitle{Diverse Tools}
\label{sec-2-11}
\begin{itemize}
\item ab/Siege: Lasttests, Benchmarking, DoS\\
\label{sec-2-11-1}%
\item John the Ripper:\\
\label{sec-2-11-2}%
\item ophcrack:\\
\label{sec-2-11-3}%
\item Kombinierbar\\
\label{sec-2-11-4}%
\end{itemize} % ends low level
\end{frame}
\section{Distributionen}
\label{sec-3}
\begin{frame}[fragile]\frametitle{Distributionen}
\label{sec-3-1}
\begin{itemize}
\item BackTrack\\
\label{sec-3-1-1}%
\item Grml\\
\label{sec-3-1-2}%
\item OWASP Labrat
\label{sec-3-1-3}%
\begin{itemize}
\item Open Web Application Security Project\\
\label{sec-3-1-3-1}%
\end{itemize} % ends low level
\item ophcrack Live CD\\
\label{sec-3-1-4}%
\end{itemize} % ends low level
\end{frame}
\section{Links}
\label{sec-4}
\begin{frame}[fragile]\frametitle{Links}
\label{sec-4-1}
\begin{itemize}
\item \href{http://base-camp.cc}{http://base-camp.cc}\\
\label{sec-4-1-1}%
\item \href{http://dradisframework.org/}{http://dradisframework.org/}\\
\label{sec-4-1-2}%
\item \href{http://www.securitydistro.com/}{http://www.securitydistro.com/}\\
\label{sec-4-1-3}%
\item Metasploit: \href{http://www.metasploit.com/}{http://www.metasploit.com/}\\
\label{sec-4-1-4}%
\item Siege: \href{http://www.joedog.org/}{http://www.joedog.org/}\\
\label{sec-4-1-5}%
\item John the Ripper: \href{http://www.openwall.com/john/}{http://www.openwall.com/john/}\\
\label{sec-4-1-6}%
\item BeEF: \href{http://beefproject.com/}{http://beefproject.com/}\\
\label{sec-4-1-7}%
\end{itemize} % ends low level
\end{frame}
\end{document}