Presented at AppSec USA 2013
Nov. 20, 2013, 1 p.m.
Video of session:
OWASP Mantra OS was developed under the mantra of "OWASP because the world is cruel";
The reason this mantra is used for a underlying principle for the development of Mantra OS is because simply it is better for the pen tester to find the exploit then the hacker. The tool-set of Mantra OS v13 contains the same tools many hackers use to exploit web applications such ddos, SQL injection, man in the middle attacks, and poisoning attacks. The purpose of this presentation is to show practical testing methodologies using Mantra OS and how to run these test in a controlled environment. In this talk we will discuss and demo:
• Demo of tool-set of Mantra OS
• Maltego and Intelligence collection.
• DDoS using LOIC, Slow HTTP poisoning and ping of death with scampy.
• SQL injection with burp and sqlmap.
• Man in the Middle with SSL stripping.
• Arp Poisoning, ICMP poisoning and Smurf attacks.
• How to deploy these attacks in controlled environment.
In addition we will discuss why and how hackers use these tools, methods of mitigation these style attacks by hackers, and how to turn pen testing into a risk mitigation plan.