231417347-PenTest-1.pdf

Published on December 2016 | Categories: Documents | Downloads: 39 | Comments: 0 | Views: 363
of 5
Download PDF   Embed   Report

Comments

Content


PenTest Magazine | PentestIT “Test.lab”
PenTest Magazine | PentestIT “Test.lab”
2
P
enetration Testing
Laboratories “PentestIT”
is a copy of the IT-
structure of the real companies.
Laboratory “Test.lab” created
in order to allow participants to
legally validate and consolidate
skills penetration testing under
real conditions, but we strongly
recommended to use the
knowledge gained in a wrongful
and unlawful purposes.
Laboratories are always unique
and contain the most current
vulnerability in anonymous
form (under NDA), discovered
during penetration testing of a
real companies by PentestIT
team. Developing “Test.lab” we
try to cover almost all areas of
information security: network
security, operating systems and
applications. Participants are
encouraged to perform operation
of a variety of vulnerabilities:
work-related network
components, cryptographic
mechanisms, configuration errors
and code, the human factor.
Gathering participants
from around the world, we
have developed “Test.lab” for
various events, such as the All-
Russian contest ProfIT 2013,
PentestIT “Test.lab”
a platform for legal practical experience
penetration testing
PentestIT “Test.lab” | PenTest Magazine
PentestIT “Test.lab” | PenTest Magazine
3
ZeroNights’13, PHD IV. We are supported by experts in the
field of information security from around the world, and our
laboratory made into one big map pentest.
“Test.lab” is a real computer network virtual
companies containing common configuration errors and
vulnerabilities. Participants acting as pentesters (White
hat), trying to exploit them, and in case of success – have
access to individual nodes laboratories, each of which
contains a token. The winner is the participant who
first collected all the tokens. Work in the laboratory is
based on the technique of “gray box”: before the study
(penetration testing), participants are given information
about the infrastructure “Test.lab” in the form of diagrams
and descriptions.
Depending on the particular laboratory, allowed to use
different methods of hacking (operation vulnerabilities of network
services, WEB, social engineering, buffer overflow, etc.).
We invite you to participate in the lab “One step ahead”
Test.lab, presented on Positive Hack Days IV. To gain access
to the laboratory is necessary to pass a free registration on
the website: https://lab.pentestit.ru. Good luck!
Mayorovsky Maxim, the headmaster of a department,
working out penetration testing laboratories of PentestIT
company.
PenTest Magazine | PentestIT “Test.lab”
PenTest Magazine | PentestIT “Test.lab”
4
Reconnaissance and information gathering
• Types of intelligence (active and passive information
gathering)
• Collect information using DNS
• Use of search engines
• Metadata
• Automating the collection of information
Scanning
• Scan Types
• Tools to scan (nmap, unicornscan)
• Fingerprint (definition version of the OS)
• Grabbing banners (the definition of network services
and services)
Exploitation
• Overview freymorka Metasploit
• Operation and exploits
• Using Meterpreter for research purpose compromised
Postexploitation
• Investigation of compromised systems (Windows and
Linux)
• Work in the Windows command line without additional
tools (scanning and sorting of passwords)
Web security
• Basics of SQL Injection for different databases (MySQL,
MSSQL and PostgreSQL)
• The concept of vulnerability type SQLi
• Techniques and methods of disposal SQLi
Cross-site scripting
• Types of XSS vulnerabilities (passive and active)
• Stealing Cookies
• Stealing data from forms
• Species by vectors (Steady / reflected, Constant /
stored).
Plan Of The
Workshop

Sponsor Documents

Recommended

No recommend documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close