Penetration testing remains a required practice for the security-aware professional for assessing the security of their infraestructure. Learning and making research in penetration testing is a difficult task, one must be able to install the target infraestructure, recreate its use and then desing and test the tools for attacking this target. In the recent years, a few solutions we designed that recollect a toolset of information gathering tools, exploits and a centralized database to help the penetration tester with his job. We designed a suite that ties a real-life penetration testing framework with a network simulation tool that will allow its users a realistic experience of pen testing varied network configurations. This suite allows researchers to investigate certain aspects of penetration testing with minimal configuration and preparation requirements.
Our first milestone in this project is in devising attack metrics, and testing their usefulness and robustness against a set of attack examples.
A first research thread is in attack metrics. Namely, in producing metrics that help to rate the different aspects of a computer network attack. Some examples, include noise (e.g., that could be recorded by an IDS), speed and failed steps.
On the other hand, we are using computer attacks as the means for assessing the security of a computer network. Some interesting metrics that we found are: the date of the oldest working exploit, the number of hops required to reach a given server and the number of exploits that must be used to get into this server.
We are interested in finding procedures and techniques for testing the robustness of exploits and their ability to bypass detection mechanisms (e.g., IPSs).