Slide 1

Slide 1 text

Generating pentest reports with Reconmap CyberScotland Week Santiago Lizardo February 26, 2021 Generating pentest reports with Reconmap

Slide 2

Slide 2 text

Before the talk Time for Q&A Slides Survey Generating pentest reports with Reconmap

Slide 3

Slide 3 text

Agenda 1 Basic pentesting concepts 2 Reconmap’s introduction 3 Reconmap’s interactive demo 4 Q&A Generating pentest reports with Reconmap

Slide 4

Slide 4 text

About the presenter Software engineer and entrepreneur Based in Scotland Security advocate Reconmap’s founder Generating pentest reports with Reconmap

Slide 5

Slide 5 text

Imposter syndrome Figure: https://flic.kr/p/dQC9kt Generating pentest reports with Reconmap

Slide 6

Slide 6 text

Section outline 1 Basic pentesting concepts Pentest definition Objectives and benefits of pentesting The pentesting methodology The role of the pentester Generating pentest reports with Reconmap

Slide 7

Slide 7 text

Vulnerability assessment Assess security of network or apps Identifies vulnerabilities Involves scanning tools Produces a report Generating pentest reports with Reconmap

Slide 8

Slide 8 text

Vulnerability assessment Assess security of network or apps Identifies vulnerabilities Involves scanning tools Produces a report False positives Findings are not exploited, some of them could just be false positives. Generating pentest reports with Reconmap

Slide 9

Slide 9 text

Pentest definition Assess security of network or apps Identifies vulnerabilities Use scanning tools Vulnerabilities are carefully exploited Produces a report Generating pentest reports with Reconmap

Slide 10

Slide 10 text

Pentest definition (continued) Systematic process Defined scope Legal Authorised Generating pentest reports with Reconmap

Slide 11

Slide 11 text

Types of pentesting Figure: Source phoenixnap.com Generating pentest reports with Reconmap

Slide 12

Slide 12 text

Pentesting objectives Depict the current security level Identify gaps Quantify potential damage Validate/Invalidate security controls Decreases the possibility of real attacks Generating pentest reports with Reconmap

Slide 13

Slide 13 text

Business benefits Helps with compliance ISO27001 PCI DSS HIPPA GLBA FISMA/NIST Protects staff, customers and business partners Preserves company reputation Helps sustain business continuity Generating pentest reports with Reconmap

Slide 14

Slide 14 text

Cost of a pentest Test size Guide price1 Small £1000-£3000 Medium £3000-£5000 Large £5000-£20000 1Source bulletproof.co.uk Generating pentest reports with Reconmap

Slide 15

Slide 15 text

Cost of a pentest Test size Guide price1 Small £1000-£3000 Medium £3000-£5000 Large £5000-£20000 Cost Data breaches costed £2.9M to orgs in 2020 1Source bulletproof.co.uk Generating pentest reports with Reconmap

Slide 16

Slide 16 text

Engagement length Typical engagements are 1 to 3 weeks* 1https://www.itgovernance.co.uk/blog/the-cost-of-a-data-breach-in-2020 Generating pentest reports with Reconmap

Slide 17

Slide 17 text

Engagement length Typical engagements are 1 to 3 weeks* Recovery time Orgs take 280 days on average to detect and respond to an incident.1 1https://www.itgovernance.co.uk/blog/the-cost-of-a-data-breach-in-2020 Generating pentest reports with Reconmap

Slide 18

Slide 18 text

When to perform a pentest Reactively Prior to contracting a data breach insurance Before and after corporate milestones After noticing viruses, malware, spyware on the system After noticing unusual system patterns, traffic After system change & new system deployments After new system integrations After the release of new products/features Generating pentest reports with Reconmap

Slide 19

Slide 19 text

When to perform a pentest Proactively Regularly as a preventive measure At least once a year Generating pentest reports with Reconmap

Slide 20

Slide 20 text

Penetration testing standards OSSTMM OWASP NIST PTES ISSAF Generating pentest reports with Reconmap

Slide 21

Slide 21 text

Pentesting workflow Pre-engagement, analysis and plan Information gathering and reconnaissance Discovering vulnerabilities Exploitation Gaining access Privilege escalation Maintaining access Covering tracks Analysis and reporting Re-test (aka post-fix verification) Generating pentest reports with Reconmap

Slide 22

Slide 22 text

Pre-engagement Paperwork Rules of engagement Contract NDA Documentation sharing Setup Sharing credentials Lifting restrictions ... Generating pentest reports with Reconmap

Slide 23

Slide 23 text

Determine scope Targets Web app Mobile apps Database Network Wireless End user and social engineering attacks DDos and performance tests Internal/External Physical/Remote Generating pentest reports with Reconmap

Slide 24

Slide 24 text

Determine scope (continued) Testing hours/days (eg workdays vs weekends) Locations Network range Teams Generating pentest reports with Reconmap

Slide 25

Slide 25 text

Analysis and reporting Typical report Summary Findings Recommendations Methodology Communication Executive summary delivered to leadership Project closure meeting organised to discuss Generating pentest reports with Reconmap

Slide 26

Slide 26 text

Analysis and reporting (examples) Pentest report examples → https://pentestreports.com Over 150 example reports Stored on Github Source of learning and inspiration Generating pentest reports with Reconmap

Slide 27

Slide 27 text

Re-test The company is expected to close the gaps After the gap-closure, a time frame is determined by both parties for verification tests Findings in the report are reevaluated in the verification tests Generating pentest reports with Reconmap

Slide 28

Slide 28 text

Pentester Plans and designs penetration tests Carry out tests and other simulations Creates reports and offer recommendations Advises management on security improvements Work with other employees to improve organizational cybersecurity Generating pentest reports with Reconmap

Slide 29

Slide 29 text

Pentester tools From notebooks and post its to text files and wikis (Power)Shell scripts Security tools (Zap, Burp, nmap, ...) Jira/Trello/Gitlab, ... Word/Libreoffice Email/Chat Generating pentest reports with Reconmap

Slide 30

Slide 30 text

Becoming a pentester Courses University degrees Computer science Ethical hacking/Cybersecurity Abertay University Practice, practice practice Generating pentest reports with Reconmap

Slide 31

Slide 31 text

Becoming a pentester (continued) Capture the flag/Interactive Hackthebox.eu PentesterLab.com VirtualHackingLabs.com Cybrary PentesterAcademy Bug bounty programs To receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. Generating pentest reports with Reconmap

Slide 32

Slide 32 text

Becoming a pentester (continued) Certifications EC-Council CEH and LPT IACRB CPT and CEPT OSCP, OSCE CREST Practitioner, Registered, Certified Tester CompTIA PenTest+ Generating pentest reports with Reconmap

Slide 33

Slide 33 text

Section outline 2 Reconmap’s introduction Reconmap’s mission Features Technical overview Typical workflow Generating pentest reports with Reconmap

Slide 34

Slide 34 text

Reconmap mission Reconmap is making of every software engineer a penetration tester Generating pentest reports with Reconmap

Slide 35

Slide 35 text

Reconmap mission Generating pentest reports with Reconmap

Slide 36

Slide 36 text

Reconmap mission (continued) Make security testing more accessible Help (infosec)engineers collaborate better Accelerate project delivery Maximise returns Generating pentest reports with Reconmap

Slide 37

Slide 37 text

What is Reconmap? Collaboration platform for InfoSec projects Automation and reporting tool for pentesters Also... Early-stage project Open-source and SaaS Developed in Dundee1 1with contributions from Argentina and the world Generating pentest reports with Reconmap

Slide 38

Slide 38 text

Who is it for? InfoSec pros and teams looking to become more efficient Other technical minded people1 wanting to Learn about security Perform basic security on their projects 1devs, devops, it admins, sys admins, qa, etc... Generating pentest reports with Reconmap

Slide 39

Slide 39 text

Reconmap’s functionality Project/Methodology templating Task management Shared space for Files (docs, results, screenshots, etc) Notes Automation tool Generating pentest reports with Reconmap

Slide 40

Slide 40 text

Features Database Commands Vulnerabilities Notes Command automation Report generator Generating pentest reports with Reconmap

Slide 41

Slide 41 text

Commands Custom commands Any arbitrary command Exec and dependencies installed by the user No upload integration Rmap commands Container based Dependencies included Portable to Windows/Macos/Linux Tighter integration with dashboard Generating pentest reports with Reconmap

Slide 42

Slide 42 text

Reconmap’s code Open-source On Github → https://github.com/reconmap Easy to setup local environments Open for contributors Generating pentest reports with Reconmap

Slide 43

Slide 43 text

Reconmap’s architecture Generating pentest reports with Reconmap

Slide 44

Slide 44 text

API RESTful API OpenAPI specs Fully featured Used by CLI, Web and mobile clients https://api.reconmap.org/docs/ Generating pentest reports with Reconmap

Slide 45

Slide 45 text

Typical workflow 1. Create client 2. Create project from template 3. Complete tasks 4. Some tasks require running commands 5. Reconmap (rmap) runs the command, upload results, and analyses them 6. User annotates and triage vulnerabilities 7. Generate and share the report Generating pentest reports with Reconmap

Slide 46

Slide 46 text

Reconmap’s demonstration General tour Pentest generation walk-through Generating pentest reports with Reconmap

Slide 47

Slide 47 text

Reconmap’s present Young project (∼ 7 months, part-time) Usable, but not complete Evolving fast (releases every 2 weeks) Generating pentest reports with Reconmap

Slide 48

Slide 48 text

Reconmap’s future Immediate term Polish up Expand docs Expand test coverage Short term Add more integrations 2FA Item triage Better analytics Generating pentest reports with Reconmap

Slide 49

Slide 49 text

Reconmap’s future Medium term Machine learning for classification Non-interactive agents Many other things! Generating pentest reports with Reconmap

Slide 50

Slide 50 text

Recap 1 Basic pentesting concepts Pentest definition Objectives and benefits of pentesting The pentesting methodology The role of the pentester 2 Reconmap’s introduction Reconmap’s mission Features Technical overview Typical workflow 3 Reconmap’s interactive demo Present and future 4 Q&A Generating pentest reports with Reconmap

Slide 51

Slide 51 text

More information Documentation https://reconmap.org SaaS https://reconmap.com Code https://github.com/reconmap Twitter https://twitter.com/reconmap Generating pentest reports with Reconmap

Slide 52

Slide 52 text

Questions? Generating pentest reports with Reconmap