Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > Penetration tests: Exposing real world attacks
Go to: HSC Trainings
Version française
o Skills & Expertise
o Consulting
o ISO 27001 services
o Vulnerabilities monitoring
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o Training courses
o E-learning
o Agenda
o Past events
o Tutorials
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
o HSC Newsletter
o Press review
o Press releases
o Publications
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Penetration tests: Exposing real world attacks  
> Access to the content HTML Beginning of the presentation
PDF PDF version [1631 KB]
AdobeFlash Adobe Flash version  
> Description HSC's pentest presentation and their advantages compared to classic vulnerability scanning.  
> Context & Dates Talk presented during Security Day 2011, on 9 February 2011.
> Author Jean-Baptiste Aviat (Jean-Baptiste.Aviat@hsc.fr), Renaud Dubourguais (Renaud.Dubourguais@hsc.fr) 
> Type [ French - HTML ]  
> Abstract &
Table of content
Hervé Schauer Consultants
What is a pentest?
Security assessment (1/3)
Security assessment (2/3)
Security assessment (3/3)
Technical staff awareness
Decision makers awareness
Case study
At first sight
Guessing the infrastructure...
After browsing for a few minutes
What does it look like now?
SQL Injection issue
In the vulnerabilities summary...
Weak passwords policy
In the vulnerabilities summary...
No filtering on file extensions (1/2)
No filtering on file extensions (2/2)
In the vulnerabilities summary...
Where are we now?
Bounce to the SQL Server
In the vulnerabilities summary...
Where are we now?
Compromising the Active Directory
In the vulnerabilities summary...
Where are we now?
> Related documents
themePenetration tests
[Service]  Vunerability assessment (TSAR)
[Service]  Penetration tests
[Course]  Ethical and Practical Hacking
[Tool]  Delphes tool [Delphes extracts the usernames and passwords from Oracle file. - English]
[Presentation]  27C3 report [8 February 2011 - French]
[Tool]  Webef tool [Bruteforcer of web server files and directories - English]
[Tool]  BlueBerry tool [BlueBerry is a tool that can be used to decrypt BlackBerry Administration Service passwords. - English]
[Presentation]  Webshells, or how to open your network's doors ? [21 October 2010 - French]
[Tool]  passe-partout tool [In-memory extraction of SSL private keys - English]
[Presentation]  Webshells, or how to open your network's doors ? [16 March 2010 - French]
[Presentation]  Webshells, real threat for information systems ? [1 December 2009 - French]
[Presentation]  Web Attacks with Smartphone [4 June 2009 - French]
[Presentation]  Security issue seen in enterprises web applications [27 November 2008 - French]
[Presentation]  Feedback on security audits [1 April 2008 - French]
[Tool]  WSPP tool [WSPP - English]
[Presentation]  Modern techniques of IP attacks [18 March 2003 - French]
[Presentation]  Audits, Assessments and Penetration Tests [22 January 2003 - French]
[Presentation]  Audits, Assessments and Penetration Tests [26 June 2002 - French]
[Tip]  Nmap's hidden option [27 December 2000 - French]
[Presentation]  Introduction to intrusion tests [17 March 1998 - French]
[Presentation]  Tests and evaluation of Internet security solutions [30 May 1997 - French]
[Presentation]  Intrusion tests [December 1996 - French]
> Copyright © 2011, Hervé Schauer Consultants, all rights reserved.


Last modified on 18 February 2011 at 15:06:37 CET - webmaster@hsc.fr
Information on this server - © 1989-2010 Hervé Schauer Consultants