A penetration testing learning kit

April 24, 2008 (at 11:30 a.m.) in Attacks

A penetration testing learning kit” – Penetration testing remains a standard practice for the security-aware professional for assessing the security posture of their infrastructure. Lately, security professionals and newbies have started learning the art of pen-testing from courses, newsgroups and through books that specialize in the distinct protocols, operating systems, web application platforms, et cetera. Today, there are different toolsets and frameworks, some free, some commercial, that provide many of the necessary means for executing a pen test. These can be used to pen-test computers or virtual machines in a laboratory. However, during his work a pen-tester will encounter diverse network configurations with which he must have previous experience. Providing laboratories that can handle these configurations was previously deemed expensive, resource intensive and yet a difficult task –even when using virtualization technologies.

In this talk we will introduce a penetration testing simulation suite that allows the user to design networks (or import real networks) to a network simulator and then execute a penetration test against it using a traditional penetration testing platform (a modified version of Core Impact). The pen-tester´s view of his attack isn´t modified by the simulation.

Throughout the talk we will show different penetration testing scenarios, define targets for these scenarios and show how to achieve these targets. By recreating penetration experiments over arbitrary network designs, the students (i.e., users) can easily access scenarios that would be otherwise impossible. Moreover, each user can access a different simulation for exactly the same network design.

The introduction of our kit will provide a teacher with an excellent tool, not only for teaching, but for researching penetration testing problems and discovering new solutions. We will briefly discuss some research problems we’ve been studying which evidence the utility of our kit.

Finally, we’d like to remark that this talk & the underlying suite do not study exploit and payload engineering, but other tasks of penetration testing. Such as, selecting tasks efficiently, correctly reading the information discovered in information gathering steps, using effective exploits against the most promising targets and mostly, in recreating experiences (and problems) from real penetration tests. During the talk we will describe the kit’s features and limitations.

Ariel Waissbein

Ariel Waissbein joined Corelabs at Core Security Technologies in 1999. During 1999-2002 he worked on a new public-key cryptographic scheme, he discovered cryptographic attacks to popular software products such as SSH and MySQL and designed a cryptographic attack method against polynomial-based public-key schemes. In 2003-2004 he worked in digital rights management projects and developed a provably secure software protection method. Since 2004 he leads a research group which has been tasked with web-application and end-point security and penetration testing. This group has designed a security and privacy enforcement system for web applications called CORE GRASP (see http://grasp.coresecurity.com), a static analysis vulnerability detection scheme and has collaborated in a new web-application penetration testing platform. Since 2005 he co-leads the Computer Security program in the Ph.D program at ITBA university where he still teaches. Papers and presentations: see http://community.corest.com/~wata/ for a complete list.