Title
A Penetration Testing Learning Kit
Authors
Ariel Waissbein
In
Troopers08. April 23-24, 2008. Munich, Germany. At http://www.troopers08.org/
Date published
2008-04
Keywords
teaching penetration testing, penetration testing, Core Impact, Core Insight.

Abstract

A penetration testing learning kit" - Penetration testing remains a standard practice for the security-aware professional for assessing the security posture of their infrastructure. Lately, security professionals and newbies have started learning the art of pen-testing from courses, newsgroups and through books that specialize in the distinct protocols, operating systems, web application platforms, et cetera. Today, there are different toolsets and frameworks, some free, some commercial, that provide many of the necessary means for executing a pen test. These can be used to pen-test computers or virtual machines in a laboratory. However, during his work a pen-tester will encounter diverse network configurations with which he must have previous experience. Providing laboratories that can handle these configurations was previously deemed expensive, resource intensive and yet a difficult task --even when using virtualization technologies.

In this talk we will introduce a penetration testing simulation suite that allows the user to design networks (or import real networks) to a network simulator and then execute a penetration test against it using a traditional penetration testing platform (a modified version of Core Impact). The pen-tester´s view of his attack isn´t modified by the simulation.

Throughout the talk we will show different penetration testing scenarios, define targets for these scenarios and show how to achieve these targets. By recreating penetration experiments over arbitrary network designs, the students (i.e., users) can easily access scenarios that would be otherwise impossible. Moreover, each user can access a different simulation for exactly the same network design.

The introduction of our kit will provide a teacher with an excellent tool, not only for teaching, but for researching penetration testing problems and discovering new solutions. We will briefly discuss some research problems we've been studying which evidence the utility of our kit.

Finally, we'd like to remark that this talk & the underlying suite do not study exploit and payload engineering, but other tasks of penetration testing. Such as, selecting tasks efficiently, correctly reading the information discovered in information gathering steps, using effective exploits against the most promising targets and mostly, in recreating experiences (and problems) from real penetration tests. During the talk we will describe the kit's features and limitations.

Attachments