Fundamentals

Introduction

• Defining vulnerability, exploit, threat and risk
• Identifying the goals of assessments
• Creating a vulnerability report
• Conducting an initial scan
• Common Vulnerabilities and Exposure (CVE) list

Scanning and exploits

• Vulnerability detection methods
• Types of scanners
• Port scanning and OS fingerprinting
• Enumerating targets to test information leakage
• Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS)
• Deploying exploit frameworks

Analyzing Vulnerabilities and Exploits

Uncovering infrastructure vulnerabilities

• Scanning the infrastructure
• Uncovering switch weaknesses
• Vulnerabilities in Ethereal and Wireshark
• Network management tool attacks

Attacks against analyzers and IDS

• Firewall weaknesses
• Identifying Snort IDS bypass attacks
• Corrupting memory and causing denial of service

Exposing server vulnerabilities

• Scanning servers: assessing vulnerabilities on your network
• Uploading rogue scripts and file inclusion
• Catching input validation errors
• Performing buffer overflow attacks
• SQL injection
• Cross-site scripting (XSS) and cookie theft

Revealing desktop vulnerabilities

• Scanning for desktop vulnerabilities
• Client buffer overflows
• Silent downloading: spyware and adware
• Attacking design errors
• Identifying browser plugin weaknesses

Configuring Scanners and Generating Reports

Implementing scanner operations and configuration

• Choosing credentials, ports and dangerous tests
• Identifying dependencies
• Preventing false negatives
• Creating custom vulnerability tests
• Customizing Nessus scans
• Handling false positives

Creating and interpreting reports

• Filtering and customizing reports
• Interpreting complex reports
• Contrasting the results of different scanners
• Producing a filtered report

Assessing Risks in a Changing Environment

Researching alert information

• Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
• Evaluating and investigating security alerts and advisories
• Determining vulnerability severity
• Employing the Common Vulnerability Scoring System (CVSS)

Identifying factors that affect risk

• Evaluating the impact of a successful attack
• Calculating vulnerability severity
• Weighing important risk factors
• Performing a risk assessment

Managing Vulnerabilities

The vulnerability management cycle

• Applying a vulnerability process
• Standardizing scanning with Open Vulnerability Assessment Language (OVAL)
• Patch and configuration management

Vulnerability controversies

• Rewards for vulnerability discovery
• Bounties on hackers
• Markets for bugs and exploits