Professional Documents
Culture Documents
Fundamentals
February 1, 2017
Presented by
Mike Weber, VP Coalfire
Housekeeping
Tools development
Thought Leadership • Cortana Pack • Malleable C2 profiles
• CrackMapExec • Minions
• Doozer • PowerSploit
• Egress-Assess • PowerTools
• Empire • PowerForensics
• Eyewitness • Uproot
• Hashbot • Veil-Evasion
• KrbCredExport
Speaker Introduction
• A vulnerability assessment
is not a penetration test.
• Engagement Planning
• Vulnerability Analysis
• Reporting
Vulnerability Assessment
Key takeaways
• Defines scope based on systems to be assessed
• Mostly uses automated scanners
• Discovers known vulnerabilities
• Finds only technical shortcomings
• Provides tactical recommendations in a lengthy report
• Facilitates internal security management processes
Penetration Testing
What Is A Penetration Test?
Scoped based on test objectives Delivery augmented with technical Narrow or broad scope?
and environment to be tested tools but this is not the primary
driver Impact on response teams
Number of Systems / Physical
Locations Human-driven Working hours or after hours?
Different testing objectives Finds technical and logical Exclusion Lists / Known issues?
necessitate different levels of vulnerabilities
effort Data destruction policies?
Findings ranked based on impact
Results in a “time-box”
Penetration Testing
KEY COMPONENTS
• Threat Emulation
• Attack Surface
• Attack Vectors
• Attack Scenarios
• Methodology
Threat Emulation
Key Takeaways
• Requires one or more objectives for a successful test
• Scope is based on the attack scenarios
• Effort is ‘time-boxed’
• Discovers both technical and logical vulnerabilities
• Reports should be succinct
• Recommendations are strategic
• Enhances internal security operations processes
Know Your Pen Tester
Know Your Pen Tester
• How large is their staff?
• What is their reputation in the industry?
• What are their qualifications?
• Do they do background checks on new hires?
• Do they participate in and support industry
associations, forums, and events?
• Do they have a quality assurance program?
• Do they use quality commercial products
as well as freeware and shareware?
• Do they make their own tools / known for coding
capabilities?
Testing “Maturity Model”
Testing Maturity Model
Your Maturity Level Recommendation
LOW LOW
MODERATE MODERATE
HIGH HIGH
www.Coalfire.com