{"id":791,"date":"2021-05-28T17:45:39","date_gmt":"2021-05-28T15:45:39","guid":{"rendered":"https:\/\/portal.diagnosticsincontrol.com\/?page_id=791"},"modified":"2021-05-31T08:48:35","modified_gmt":"2021-05-31T06:48:35","slug":"diagnostics-penetration-testing-report","status":"publish","type":"page","link":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/diagnostics-penetration-testing-report\/","title":{"rendered":"Diagnostics Penetration Testing Report"},"content":{"rendered":"\n

Introduction<\/span><\/p>\n\n\n\n

At Realworld, we are always striving to ensure that sensitive and private data is kept private. <\/p>\n\n\n\n

With this in mind, Coen issued a challenge to the Diagnostics team to try and break the Diagnostics Collector.  <\/p>\n\n\n\n

At stake was the integrity of the collector, but also a fabulous 1kg of Chocolate Eggs as prize to whomever could break into it and retrieve sensitive information. <\/p>\n\n\n\n

The Diagnostics team set out to test the security of the Collector. Could they rise to the challenge and beat the Collector? <\/p>\n\n\n\n

<\/p>\n\n\n\n

Preparation<\/span><\/p>\n\n\n\n

Gert gave the Diagnostics team a head-start with some tips on doing penetration testing (and pictures of his slippers!). <\/p>\n\n\n\n

\"Text\n\nDescription<\/figure>\n\n\n\n

Armed with this knowledge, the team began to prepare in earnest. At first, it was decided that each member would compete with the others for the fabled eggs, but a twist appeared in the challenge. <\/p>\n\n\n\n

There would only be one day in which to accomplish this monumental task! <\/p>\n\n\n\n

Given this new information, the team decided to collaborate more than compete, and thus the stage was set for an epic confrontation. <\/p>\n\n\n\n

<\/p>\n\n\n\n

Penetration Testing Day\u00a0<\/span><\/p>\n\n\n\n

The day of the testing dawned deceptively quiet. However, the team were ready. Meenakshi had provided yet another advantage to the team through her research, and found the software package Kali, ideal for taking on the tough foe that was the Collector. <\/p>\n\n\n\n

\"\"
Kali VM<\/figcaption><\/figure>\n\n\n\n

Network vulnerability scanning was the logical way to start finding weaknesses in the Collector\u2019s defences. <\/p>\n\n\n\n

\"\"
Vulnerability Check (can only identify the open ports, but not penetrate)<\/figcaption><\/figure>\n\n\n\n

Once the network vulnerability scanning was complete, it was time to bring out the big guns and try to exploit the Collector. Time and again the team\u2019s attacks were turned aside, but they ploughed on, undeterred, trying new attacks. One could be forgiven for thinking that the team attacking from so far apart on the globe would mean that it was easier for the Collector to defend itself, but this was not the case. <\/p>\n\n\n\n

\"\"
Exploit attacks launched<\/figcaption><\/figure>\n\n\n\n

Throughout the day, the team would confer on what was occurring from their respective attacks, and attempt to get past the Collector. They would then shift their focus to better probe the defences. But the day was wearing on. <\/p>\n\n\n\n

Was there still time to crack the Collector? <\/p>\n\n\n\n

<\/p>\n\n\n\n

The End of the Day<\/span>\u00a0<\/p>\n\n\n\n

When the smoke cleared from the final attacks by the team, the Collector stood whole and unbroken. In a last meeting for the day, Coen declared the Collector victorious! It had protected its secrets. <\/p>\n\n\n\n

No one from the team would be able to lay claim to the Chocolate Eggs. <\/p>\n\n\n\n

The data was safe! <\/p>\n\n\n\n

\"\"
No active sessions shows that no attack succeeded<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Epilogue: Report<\/span> <\/p>\n\n\n\n

In all seriousness, the Diagnostics Team are very proud to say that the Diagnostics Collector is secure. <\/p>\n\n\n\n

Penetration Testing failed to retrieve any sensitive information. <\/p>\n\n\n\n

TESTERS\u00a0<\/span><\/p>\n\n\n\n

Meenakshi Sundareswari <\/p>\n\n\n\n

Koen van Keulen <\/p>\n\n\n\n

SOFTWARE USED<\/span>\u00a0<\/p>\n\n\n\n

Several different software penetration tools were used. <\/p>\n\n\n\n

Kali \u2013 this included a whole suite of different tools (including Nmap, Spike, ZAP and Metasploit below, along with a lot of others). <\/p>\n\n\n\n

NMap \u2013 to check ports, and for vulnerability checks. <\/p>\n\n\n\n

Spike \u2013 check vulnerability.  <\/p>\n\n\n\n

ZAP \u2013 check vulnerability. <\/p>\n\n\n\n

Metasploit \u2013 to try exploits. <\/p>\n\n\n\n

REPORT TABLE\u00a0<\/span><\/p>\n\n\n\n

SOFTWARE USED<\/strong> <\/td>ATTACK\/OTHER<\/strong> <\/td>RESULT<\/strong> <\/td>CONCLUSION<\/strong> <\/td><\/tr>
NMap <\/td>Check Ports 443, 22, 8000 and Vulnerability scan <\/td>Ports Identified \u2013 no penetration <\/td>Ports are secured\/Vulnerability cannot be penetrated <\/td><\/tr>
Spike <\/td>ssl test 443 (vulnerability scan) <\/td>No Penetration <\/td>Vulnerability cannot be penetrated <\/td><\/tr>
ZAP <\/td>web test 8000 (vulnerability scan) <\/td>No Penetration <\/td>Vulnerability cannot be penetrated  <\/td><\/tr>
Metasploit <\/td>Exploit attacks <\/td>No Penetration and no data retrieved <\/td>Exploits cannot penetrate the Diagnostics Collector protection, and the data is secure. <\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"

Introduction At Realworld, we are always striving to ensure that sensitive and private data is kept private.  With this in mind, Coen issued a challenge to the Diagnostics team to try and break the Diagnostics Collector.   At stake was the integrity of the collector, but also a fabulous 1kg of Chocolate Eggs as prize to whomever could break into it and retrieve sensitive … <\/p>\n

Continue reading “Diagnostics Penetration Testing Report”<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-791","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/wp-json\/wp\/v2\/pages\/791"}],"collection":[{"href":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/wp-json\/wp\/v2\/comments?post=791"}],"version-history":[{"count":7,"href":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/wp-json\/wp\/v2\/pages\/791\/revisions"}],"predecessor-version":[{"id":804,"href":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/wp-json\/wp\/v2\/pages\/791\/revisions\/804"}],"wp:attachment":[{"href":"https:\/\/portal.diagnosticsincontrol.com\/index.php\/wp-json\/wp\/v2\/media?parent=791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}