Penetration Test - Survey the Target(3)

Application and Open-Source Resources

DECOMPILATION

• Complier - translates source code into executable instructions
• Decompiler - attempts to convert executable instructions back into source code
  • Output is generally awkward to read at best
• Sometimes target is not a direct executable(i.e. Jave)

DEBUGGING

• Running an executable in a controlled manner

• Debuggers make it easy to stop and examine memory at will

• Can reveal a program's secrets and weaknesses

• Tools - Windbg

OPEN SOURCE INTELLIGENCE GATHERING

• Open Source Intelligence Gathering(OSINT)
• Sources of research
  • CERT(Computer Emergency Response Team) - https://us-cert.cisa.gov/
  • NIST(National Institute of Standards and Technology) - https://csrc.nist.gov/
  • JPCERT(Japan's CERT) - https://www.jpcert.or.jp/english/vh/project.html
  • CAPEC(Common Attack Pattern Enumeration & Classification) - http://capec.mitre.org/
  • Full disclosure - Popular mailing list from the folks who brought us nmap - https://seclists.org/fulldisclosure/
  • CVE(Common Vulnerabilities and Exposures) - https://cve.mitre.org/
  • CWE(Common Weakness Enumeration) - https://cwe.mitre.org/
  • CNVD(China National Vulnerability Database) - https://www.cnvd.org.cn/

QUICK REVIEW

• Decompilers and debuggers can help to see what a program is doing.
• Lots of useful attack information is available online
• Use scan output to determine target vulnerabilities
• Efficient penetration testing depends on correlated information