Generating pentest reports with Reconmap - CyberScotland Week

Transcript

1. Generating pentest reports with Reconmap CyberScotland Week Santiago Lizardo February

   26, 2021 Generating pentest reports with Reconmap

2. Before the talk Time for Q&A Slides Survey Generating pentest

   reports with Reconmap

3. Agenda 1 Basic pentesting concepts 2 Reconmap’s introduction 3 Reconmap’s

   interactive demo 4 Q&A Generating pentest reports with Reconmap

4. About the presenter Software engineer and entrepreneur Based in Scotland

   Security advocate Reconmap’s founder Generating pentest reports with Reconmap

5. Imposter syndrome Figure: https://flic.kr/p/dQC9kt Generating pentest reports with Reconmap

6. Section outline 1 Basic pentesting concepts Pentest definition Objectives and

   benefits of pentesting The pentesting methodology The role of the pentester Generating pentest reports with Reconmap

7. Vulnerability assessment Assess security of network or apps Identifies vulnerabilities

   Involves scanning tools Produces a report Generating pentest reports with Reconmap

8. Vulnerability assessment Assess security of network or apps Identifies vulnerabilities

   Involves scanning tools Produces a report False positives Findings are not exploited, some of them could just be false positives. Generating pentest reports with Reconmap

9. Pentest definition Assess security of network or apps Identifies vulnerabilities

   Use scanning tools Vulnerabilities are carefully exploited Produces a report Generating pentest reports with Reconmap

10. Pentest definition (continued) Systematic process Defined scope Legal Authorised Generating

    pentest reports with Reconmap

11. Types of pentesting Figure: Source phoenixnap.com Generating pentest reports with

    Reconmap

12. Pentesting objectives Depict the current security level Identify gaps Quantify

    potential damage Validate/Invalidate security controls Decreases the possibility of real attacks Generating pentest reports with Reconmap

13. Business benefits Helps with compliance ISO27001 PCI DSS HIPPA GLBA

    FISMA/NIST Protects staff, customers and business partners Preserves company reputation Helps sustain business continuity Generating pentest reports with Reconmap

14. Cost of a pentest Test size Guide price1 Small £1000-£3000

    Medium £3000-£5000 Large £5000-£20000 1Source bulletproof.co.uk Generating pentest reports with Reconmap

15. Cost of a pentest Test size Guide price1 Small £1000-£3000

    Medium £3000-£5000 Large £5000-£20000 Cost Data breaches costed £2.9M to orgs in 2020 1Source bulletproof.co.uk Generating pentest reports with Reconmap

16. Engagement length Typical engagements are 1 to 3 weeks* 1https://www.itgovernance.co.uk/blog/the-cost-of-a-data-breach-in-2020

    Generating pentest reports with Reconmap

17. Engagement length Typical engagements are 1 to 3 weeks* Recovery

    time Orgs take 280 days on average to detect and respond to an incident.1 1https://www.itgovernance.co.uk/blog/the-cost-of-a-data-breach-in-2020 Generating pentest reports with Reconmap

18. When to perform a pentest Reactively Prior to contracting a

    data breach insurance Before and after corporate milestones After noticing viruses, malware, spyware on the system After noticing unusual system patterns, traffic After system change & new system deployments After new system integrations After the release of new products/features Generating pentest reports with Reconmap

19. When to perform a pentest Proactively Regularly as a preventive

    measure At least once a year Generating pentest reports with Reconmap

20. Penetration testing standards OSSTMM OWASP NIST PTES ISSAF Generating pentest

    reports with Reconmap

21. Pentesting workflow Pre-engagement, analysis and plan Information gathering and reconnaissance

    Discovering vulnerabilities Exploitation Gaining access Privilege escalation Maintaining access Covering tracks Analysis and reporting Re-test (aka post-fix verification) Generating pentest reports with Reconmap

22. Pre-engagement Paperwork Rules of engagement Contract NDA Documentation sharing Setup

    Sharing credentials Lifting restrictions ... Generating pentest reports with Reconmap

23. Determine scope Targets Web app Mobile apps Database Network Wireless

    End user and social engineering attacks DDos and performance tests Internal/External Physical/Remote Generating pentest reports with Reconmap

24. Determine scope (continued) Testing hours/days (eg workdays vs weekends) Locations

    Network range Teams Generating pentest reports with Reconmap

25. Analysis and reporting Typical report Summary Findings Recommendations Methodology Communication

    Executive summary delivered to leadership Project closure meeting organised to discuss Generating pentest reports with Reconmap

26. Analysis and reporting (examples) Pentest report examples → https://pentestreports.com Over

    150 example reports Stored on Github Source of learning and inspiration Generating pentest reports with Reconmap

27. Re-test The company is expected to close the gaps After

    the gap-closure, a time frame is determined by both parties for verification tests Findings in the report are reevaluated in the verification tests Generating pentest reports with Reconmap

28. Pentester Plans and designs penetration tests Carry out tests and

    other simulations Creates reports and offer recommendations Advises management on security improvements Work with other employees to improve organizational cybersecurity Generating pentest reports with Reconmap

29. Pentester tools From notebooks and post its to text files

    and wikis (Power)Shell scripts Security tools (Zap, Burp, nmap, ...) Jira/Trello/Gitlab, ... Word/Libreoffice Email/Chat Generating pentest reports with Reconmap

30. Becoming a pentester Courses University degrees Computer science Ethical hacking/Cybersecurity

    Abertay University Practice, practice practice Generating pentest reports with Reconmap

31. Becoming a pentester (continued) Capture the flag/Interactive Hackthebox.eu PentesterLab.com VirtualHackingLabs.com

    Cybrary PentesterAcademy Bug bounty programs To receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. Generating pentest reports with Reconmap

32. Becoming a pentester (continued) Certifications EC-Council CEH and LPT IACRB

    CPT and CEPT OSCP, OSCE CREST Practitioner, Registered, Certified Tester CompTIA PenTest+ Generating pentest reports with Reconmap

33. Section outline 2 Reconmap’s introduction Reconmap’s mission Features Technical overview

    Typical workflow Generating pentest reports with Reconmap

34. Reconmap mission Reconmap is making of every software engineer a

    penetration tester Generating pentest reports with Reconmap

35. Reconmap mission Generating pentest reports with Reconmap

36. Reconmap mission (continued) Make security testing more accessible Help (infosec)engineers

    collaborate better Accelerate project delivery Maximise returns Generating pentest reports with Reconmap

37. What is Reconmap? Collaboration platform for InfoSec projects Automation and

    reporting tool for pentesters Also... Early-stage project Open-source and SaaS Developed in Dundee1 1with contributions from Argentina and the world Generating pentest reports with Reconmap

38. Who is it for? InfoSec pros and teams looking to

    become more efficient Other technical minded people1 wanting to Learn about security Perform basic security on their projects 1devs, devops, it admins, sys admins, qa, etc... Generating pentest reports with Reconmap

39. Reconmap’s functionality Project/Methodology templating Task management Shared space for Files

    (docs, results, screenshots, etc) Notes Automation tool Generating pentest reports with Reconmap

40. Features Database Commands Vulnerabilities Notes Command automation Report generator Generating

    pentest reports with Reconmap

41. Commands Custom commands Any arbitrary command Exec and dependencies installed

    by the user No upload integration Rmap commands Container based Dependencies included Portable to Windows/Macos/Linux Tighter integration with dashboard Generating pentest reports with Reconmap

42. Reconmap’s code Open-source On Github → https://github.com/reconmap Easy to setup

    local environments Open for contributors Generating pentest reports with Reconmap

43. Reconmap’s architecture Generating pentest reports with Reconmap

44. API RESTful API OpenAPI specs Fully featured Used by CLI,

    Web and mobile clients https://api.reconmap.org/docs/ Generating pentest reports with Reconmap

45. Typical workflow 1. Create client 2. Create project from template

    3. Complete tasks 4. Some tasks require running commands 5. Reconmap (rmap) runs the command, upload results, and analyses them 6. User annotates and triage vulnerabilities 7. Generate and share the report Generating pentest reports with Reconmap

46. Reconmap’s demonstration General tour Pentest generation walk-through Generating pentest reports

    with Reconmap

47. Reconmap’s present Young project (∼ 7 months, part-time) Usable, but

    not complete Evolving fast (releases every 2 weeks) Generating pentest reports with Reconmap

48. Reconmap’s future Immediate term Polish up Expand docs Expand test

    coverage Short term Add more integrations 2FA Item triage Better analytics Generating pentest reports with Reconmap

49. Reconmap’s future Medium term Machine learning for classification Non-interactive agents

    Many other things! Generating pentest reports with Reconmap

50. Recap 1 Basic pentesting concepts Pentest definition Objectives and benefits

    of pentesting The pentesting methodology The role of the pentester 2 Reconmap’s introduction Reconmap’s mission Features Technical overview Typical workflow 3 Reconmap’s interactive demo Present and future 4 Q&A Generating pentest reports with Reconmap

51. More information Documentation https://reconmap.org SaaS https://reconmap.com Code https://github.com/reconmap Twitter https://twitter.com/reconmap

    Generating pentest reports with Reconmap

52. Questions? Generating pentest reports with Reconmap