Introduction to Vulnerability Assessment

ShmooCon IX - 2013

Presented by: Nate Adams, Jose Cintron, Chriss Koch
Date: Saturday February 16, 2013
Time: 10:00 - 11:50
Location: Congressional D
Track: Train the Trainer

http://opensecuritytraining.info/IntroductionToVulnerabilityAssessment.html

Teaches: The purpose of this course on Vulnerability Assessment is to demonstrate how to identify vulnerabilities in a computer network, determine how a cyber-attacker might exploit these vulnerabilities, and examine how the vulnerabilities might be mitigated. A methodology used by MITRE when conducting assessments. The methodology lays out an orderly approach for conducting a vulnerability assessment and demonstrates numerous tools and techniques in an isolated computer laboratory setting to examine such problems through penetration testing.

Course Objectives:

• Learn a general methodology for conducting assessments
• Scan and mapping network topology
• Identify listening ports/services on hosts
• Fingerprint operating systems remotely
• Learn methodology/best practices for audit of router, switch, and firewalls
• Learn methodology/best practices for audit UNIX and Windows security
• Learn methodology/best practices for web application security assessments

Jose Cintron

Jose Cintron was born and raised in the tropical island of Puerto Rico where he got his taste for sand, coconuts, and rum... Over 15 years of Information Security experience mostly in Vulnerability Assessments, but have also worked with Computer Security Incident Response Teams (CSIRTs). Mainly focused in MS Windows Security and network based application level testing.

Nate Adams

Chriss Koch