Lessons Learned from a Professional Pen Tester: Top OS and Application Vulnerabilities and Deficiencies Found During Penetration Testing

Webinar Registration

The bad guys will utilize any and all vulnerabilities that exist on your network, your endpoints, or applications as a means of gaining initial entry, a foothold in the organization, elevated privileges, and – eventually – access to the data and applications they’re after. Countering these attack vectors requires that you be proactively protecting your environment with activities such as patching known vulnerabilities, performing vulnerability scanning, and penetration testing.

In this real-training-for-free session, I’ll be joined by Trevor Christiansen, Sr. Web Application Pentester at Rapid7, where Trevor will provide a behind the scenes look at some common (and not-so common) methods used to exploit internal and external network-based systems performed by a Rapid7 penetration tester.

Some of the vulnerabilities that will be exploited live include:

  • XML External Entity (XXE) vulnerability within a Java application – Trevor will demonstrate how a malicious actor can identify the XXE vulnerability, use the vulnerability to read the hostname from the system, and read the /etc/passwd file that contains usernames and password hashes.
  • Two SQL Injection (SQLi) vulnerabilities using a Python application and a MySQL database –Trevor will demonstrate how to identify the potential vulnerabilities by using the tool Burp Suite. The first demonstration will be a normal SQL Injection where we will retrieve the password hash from the administrator user. The second demonstration will show a blind, error based SQLi vulnerability that will pull the same hash using an iterative process to determine the password hash.
  • Using Link-Local Multicast Name Resolution to Capture a Password Hash – Trevor will use the modern-day equivalent of NetBIOS name resolution to commandeer mistyped session requests and trick the requesting system into giving up hashed credentials.

Trevor will be joined by Brian Carey, Consulting Services Manager at Rapid7, who will discuss how the vulnerabilities presented can lead to an increase in overall corporate risk, and how you can tie these methods back into program and process deficiencies (including OS and 3rd party patching, weak password management, and security misconfigurations), and how to ensure that you get executive and leadership support and buy-in for the resources needed to properly secure your environment.

Join us for this real-training-for-free session.

First Name:   
Last Name:   
Work Email:  
Job Title:  

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources