ECSA/ LPT ECSA/ LPT EC Council Module XXVI I EC - Council Stolen Laptops, PDAs, and Cell Phones Penetration Testing Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing Fi ll Router and Internal Fi rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration Testing Denial of Service Penetration Testing Password Cracking Stolen Laptop, PDAs and Cell Phones Social Engineering Application Cont’d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Penetration Testing Penetration Testin g Penetration Testing Penetration Testin g Penetration Testing Roadmap (cont ’ d) (cont d) Cont’d Physical Si Database Pii VoIP PiTi S ecur i t y Penetration Testing P enetrat i on test i ng P enetrat i on T est i n g Vi d Vi rus an d Trojan Detection War Dialing VPN Penetration Testing Log Management Penetration Testing File Integrity Checking Blue Tooth and Hand held Device Penetration Testing Telecommunication And Broadband Communication Email Security Penetration Testin g Security Patches Data Leakage Penetration Testing End Here EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Communication Penetration Testing g Penetration Testing Penetration Testing Stolen Laptop Testing Cell phones and PDAs carry sensitive data. Executives and mobile workers depend on these devices everyday. these devices everyday. The loss of a PDA or BlackBerr y is e q uivalent yq to losing a laptop and the sensitive data inside. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Laptop Theft If a laptop were lost • What information of a strategic nature would If a laptop were lost be disclosed? Real examples of this type of information include pending mergers, new product intellectual property, strate g ies and launch p lans , and p reviousl y undisclosed gp,py financial operating results. • What information of a tactical nature would be disclosed? Examples include private compensation information Examples include private compensation information , plans for organizational changes, proposals to clients, and the myriad of similar information that can be gained from reading a person's email, calendar, t t ll ti f d t d d h t EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited con t ac t s, or co ll ec ti on o f d ocumen t s an d sprea d s h ee t s. Laptop Theft (cont’d) If a la p to p were lost • What information about the company's network or computing infrastructure pp network or computing infrastructure would be revealed that would facilitate an electronic attack? Examples of this type of information include usernames and passwords dial in numbers IP usernames and passwords , dial in numbers , IP addressing schemes, DNS naming conventions, ISPs used, primary mail servers, and other networking details related to connecting the l h I i l aptop to t h e corporate or I nternet env i ronment. • What personal information about the laptop owner can be obtained? EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Penetration Testing Steps 1 • Identify sensitive data in the devices 2 • Look for passwords 3 • Look for company infrastructure or finance documents 4 • Extract the address book and phone numbers 5 • Extract schedules and appointments 5 6 • Extract applications installed on these devices • Extract e - mail messages from these devices 7 • Extract e - mail messages from these devices 8 • Gain access to server resources by using information you extracted EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 9 • A ttempt social engineering with the extracted information Step 1: Identify Sensitive Data in the Devices the Devices Laptops and PDA contain Laptops and PDA contain sensitive information, such as: • Company finance documents. El dh • E xce l sprea d s h eets. • Word documents. • Email messages. Operations plan • Operations plan . Look for sensitive data in these documents documents . What if this device gets into the wrong hands? EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited wrong hands? Look for Personal Information in the Stolen Laptop the Stolen Laptop Bank Account Number Internet Shopping Account Credit Card Details Check Tax Return Pan Card Details Passport Details Check Resume of the Host Check his Digital Signature EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Step 2: Look for Passwords Search for the following passwords: VNC password Email account p asswords p Active directory passwords Wbit hit d W e b s it e hi s t ory passwor d s Passwords stored in the registry FTP passwords SSH/Telnet passwords EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Application passwords [...]... operations l f Overseas operations and procedures Company handbooks or manuals Contracts and agreements NDA documents Bank statements Auditing information Insurance documents I d t What if this information gets into the wrong hands? EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 4: Extract the Address Book and Phone Numbers PDA and l t d laptops contain address... EC-Council Name Address Telephone number T l h b Cell phone number Fax number Email address address Birthdate Notes Picture Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 5: Extract Schedules and Appointments Look for schedules and appointment pp information in the PDA and laptop: • • • • • • EC-Council What is the time and date of the meeting? g Who are the attendees?... sensitive data in the device is identified such as company finance documents, email messages, and Excel spreadsheets In the second step, we looked for passwords such as VNC, and email account passwords Extraction of schedules and appointment details such as time, date, venue of the meetings, attendees of the meeting, and meeting confirmation are g , g, g gathered EC-Council Copyright © by EC-Council All... Attempt to Enable Wireless Switch on wireless or Bluetooth near the company campus p y p Scan for the LAN network of the company Locate the LAN network and search SSID in the laptop Check whether SSID is asking for password Check password strength and try to break it by password cracking techniques Enable wireless or Bluetooth to get connected with the network EC-Council Copyright © by EC-Council All... laptop device Example: • Finance software such as Quicken and Microsoft Money can provide rich information EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 7: Extract Email Messages from these Devices Email messages can provide a lot of sensitive information i f i Sometimes you might find passwords and access codes Scan the entire email content for information... All Rights Reserved Reproduction is Strictly Prohibited Step 8: Gain Access to Server Resources by Using Information y Extracted y g you Gain access to network resources using information from the PDA and laptops EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 9: Attempt Social Engineering with the Extracted Information The extracted information could... Password Check whether the BIOS password,/boot password/ hard p ,/ p / disk password is enabled Check whether BIOS setting has hard disk as a bootable device Check whether the user has different username and password from the domain’s logon used on the laptop EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Look into the Encrypted File Check whether any file . Prohibited Communication Penetration Testing g Penetration Testing Penetration Testing Stolen Laptop Testing Cell phones and PDAs carry sensitive data. Executives and mobile workers depend. Testing Fi ll Router and Internal Fi rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration. LPT EC Council Module XXVI I EC - Council Stolen Laptops, PDAs, and Cell Phones Penetration Testing Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration