Target Considerations
Given a scenario, perform a vulnerability scan.
CONTRAINER
- Lightweight instance of a VM
- Runs on to of host OS
- Docker, Puppet, Vagrant
Applications
- Application scan
- Dynamic Analysis
- -target environment is running and responds to queries
- Static Analysis
- -scan input consists of post-execution data stores
- Dynamic Analysis
SCANNING CONSIDERATIONS
- Time to run scans - approved schedule(planning)
- Protocols used - largely dependent on target selection
- Network topology - network layout(diagram) of test targets
- Bandwidth limitations - tolerance to impact (affects availability)
- Query throttling - slow down test iterations to avoid exceeding bandwidth
- nmap -T
- Fragile systems/non-traditional assets
- How to avoid impacting fragile mission critical systems?
ANALYZE SCAN RESULTS
- Asset categorization
- Identify and rank assets by a relative value
- Vulnerable assets with little value could be a waste of time
- Adjudication
- Determine which results are valid
- False positives
- Filter out false positives
- Determine which results are valid
- Prioritization of vulnerabilities
- Highest impact vulnerabilities - ease of exploit vs payoff
- Common themes
- Vulnerabilities
- Observations
- Lack of best practices
QUICK REVIEW
- Know how to determine if targets are physical machines or are virtualized(i.e. footprinting)
- Be aware of client restrictions when running scans (i.e. bandwidth use, schedule, etc.)
- Don't waste time on results that have little value - focus on the most meaningful results
- Prioritize the highest impact vulnerabilities