Download - NETFOX Admin-Treff: Penetration Testing II
![Page 1: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/1.jpg)
NETFOX AG:
REFERENZEN
Admintreff
Penetration-Testing II
NETFOX AG 16. November 2011
![Page 2: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/2.jpg)
NETFOX AG:
REFERENZEN
Penetration-Testing II
Agenda:
Nessus
Web-Server Security
Drive-By Exploits
End-Point-Security
![Page 3: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/3.jpg)
NETFOX AG:
REFERENZEN
Web Server Security
Nesuss Vulnerability Scanner
![Page 4: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/4.jpg)
NETFOX AG:
REFERENZEN
Web Server Security
Demo!
![Page 5: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/5.jpg)
NETFOX AG:
REFERENZEN
Web Server Security
Web Server Security
![Page 6: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/6.jpg)
NETFOX AG:
REFERENZEN
Web Server Security
![Page 7: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/7.jpg)
NETFOX AG:
REFERENZEN
Web Server Security
Google!
![Page 8: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/8.jpg)
NETFOX AG:
REFERENZEN
Web Server Security
Hydra Password Bruteforce-Scanner
![Page 9: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/9.jpg)
NETFOX AG:
REFERENZEN
Web Server Security
DIRB
Directory Bruteforce-Scanner
![Page 10: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/10.jpg)
NETFOX AG:
REFERENZEN
Drive-By-Infektionen
SPAM
vs
Drive-By
![Page 11: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/11.jpg)
NETFOX AG:
REFERENZEN
Spamvolumen 2011
![Page 12: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/12.jpg)
NETFOX AG:
REFERENZEN
Drive-By-Infektionen
![Page 13: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/13.jpg)
NETFOX AG:
REFERENZEN
Drive-By-Infektionen
Was ist ein Drive-By Exploit ?
1) Gehackter Webserver
Link zu Exploit Kit
2) Javascript Code
Checkt Browserplugins
Schwachstelle
Ziel: Datei Laden + Installieren
Wepawet Demo!
![Page 14: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/14.jpg)
NETFOX AG:
REFERENZEN
Drive-By-Infektionen
Bei Erfolg:
Plugin mit Schwachstelle gefunden
Schwachstelle ausgenutzt
Ziel:
Datei aus dem Internet laden
Datei ausführen
![Page 15: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/15.jpg)
NETFOX AG:
REFERENZEN
Drive-By-Infektionen
![Page 16: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/16.jpg)
NETFOX AG:
REFERENZEN
Drive-By-Infektionen
![Page 17: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/17.jpg)
NETFOX AG:
REFERENZEN
Beispiel : Zeus
Features:
Snifft „Form“ Data
Keylogger
Socks 4/4a/5 proxy
MitB : Man in the Browser:
Live-Ijection
![Page 18: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/18.jpg)
NETFOX AG:
REFERENZEN
Beispiel : Zeus
![Page 19: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/19.jpg)
NETFOX AG:
REFERENZEN
Beispiel : Zeus
![Page 20: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/20.jpg)
NETFOX AG:
REFERENZEN
Beispiel : Zeus
![Page 21: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/21.jpg)
NETFOX AG:
REFERENZEN
Beispiel : Zeus
MitM : Man in the Mobile Abfangen der TAN-SMS
![Page 22: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/22.jpg)
NETFOX AG:
REFERENZEN
Lösungsansätze
Praxis:
100% Sicherheit wird nie erreicht
Prinzip : Grundrauschen
Aktualisierungen : Web-server + Endpoint-Security
Web Content AV
Browserwahl
Plugins: Adobe Acrobat, Java, Flash
Privat: Linux Boot CD (USB) zum Onlinebanking
![Page 23: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/23.jpg)
NETFOX AG:
REFERENZEN
Lösungsansätze
Sicherheitskonzept
Strukturplanung: DMZ, Zonen, etc.
Firewall + AV + Content Filter/scanner
Monitoringkonzept
IDS/IPS
![Page 24: NETFOX Admin-Treff: Penetration Testing II](https://reader034.vdocument.in/reader034/viewer/2022052311/558c6295d8b42a016c8b4597/html5/thumbnails/24.jpg)
NETFOX AG:
REFERENZEN
Fragen ?
Fragen ?