Target Considerations

Given a scenario, perform a vulnerability scan.

CONTRAINER
  • Lightweight instance of a VM
  • Runs on to of host OS
  • Docker, Puppet, Vagrant
Applications
  • Application scan
    • Dynamic Analysis
      • -target environment is running and responds to queries
    • Static Analysis
      • -scan input consists of post-execution data stores
SCANNING CONSIDERATIONS
  • Time to run scans - approved schedule(planning)
  • Protocols used - largely dependent on target selection
  • Network topology - network layout(diagram) of test targets
  • Bandwidth limitations - tolerance to impact (affects availability)
  • Query throttling - slow down test iterations to avoid exceeding bandwidth
    • nmap -T
  • Fragile systems/non-traditional assets
    • How to avoid impacting fragile mission critical systems?
ANALYZE SCAN RESULTS
  • Asset categorization
    • Identify and rank assets by a relative value
    • Vulnerable assets with little value could be a waste of time
  • Adjudication
    • Determine which results are valid
      • False positives
      • Filter out false positives
  • Prioritization of vulnerabilities
    • Highest impact vulnerabilities - ease of exploit vs payoff
  • Common themes
    • Vulnerabilities
    • Observations
    • Lack of best practices
QUICK REVIEW
  • Know how to determine if targets are physical machines or are virtualized(i.e. footprinting)
  • Be aware of client restrictions when running scans (i.e. bandwidth use, schedule, etc.)
  • Don't waste time on results that have little value - focus on the most meaningful results
  • Prioritize the highest impact vulnerabilities
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。