ethernautics

IT Solutions Architects and Cyber Security Engineering

Penetration Testing – Experience

Banner--Ethernautics-Arch

MWM Logo

Michael Meissner has evaluated and deployed multiple Vulnerability Scanning tools at multiple enterprises to in order to conduct Pen testing, assess computers, computer systems, networks or applications for weaknesses.

Mr. Meissner has performed 1000’s of scans both protect critical digital assets with the enterprise and to evaluate ability of non-authorized attackers looking to gain unauthorized access.

Cyber Security Penetration Testing Tools

Mr. Meissner has experience with the following Vulnerability Scanning tools:

  • Nessus
  • Retina
  • Qualsys
  • Foundstone
  • Nexpose

Penetration Testing involves more than just vulnerability scanning. The list of tools in the penetration testing tool kit is long and ever evolving, for a more comprehensive tool stack see here.  Further the pen testing itself must not be disruptive to production systems. Systems found in these critical infrastructures can be enormously sensitive to penetration testing, thus the testing plan must be well architected and rigorously executed.

Meissner has over 30 years of expertise in designing and deploying Industrial Control Systems (ICS), Plant Control System (PCS), SCADA and Plant Control Networks (PCN). Meissner has extensive experience with the heterogeneous systems, devices and architecture including found in plant and industrial environment including RTUs, PLC’s, Transmitters, pressure indicators, flow indicators, etc.

Cyber Security Analysis and Design

  • Expertise in reviewing architectures and defining scope (e.g., gathering and laying out network addresses and address ranges, assets inventory including security devices, …) in order to provide a sound defense in depth architecture.

    Defense in Depth - Target

    #Defense in Depth Architecture

  • Analysis of Network exposed attack surface (incl. wireless and mobile networks)
  • Critical Digital Systems analysis and vulnerability assessments
  • Identification of Assets in use (incl. firewall configuration, load balancing systems, operating system fingerprinting, service fingerprinting, app fingerprinting, etc.)

Network Analysis and Defense

  • Expertise in Network Traffic Analysis
  • Expertise in Network Scanning using COTS and Custom tools
  • Expertise in Live hosts scanning
  • Expertise in Authentication mechanisms identification, verification, checking against unauthorized authentication (e.g., TCP wrapping, lockouts, …)
  • Expertise in fuzzing, remote-system compromise and elevating privileges, Injection of transitive trust routes
  • Expertise in attacking control units (more relevant to SCADA and connected devices)

Mr. Meissner has performed pen testing at the following clients:

  • Ethernautics, Inc. – Meissner Project with California Water Services Group (Read More)
  • Ethernautics, Inc. – Client Project with Areva, NP at South Texas Project (STP) (Read More)
  • Ethernautics, Inc. – Client Project with CSC at Urenco (Read More)
  • Ethernautics, Inc. – Meissner Project with NetCracker Technologies (Read More)
  • Ethernautics, Inc. – Meissner Project Telcordia (Read More)
  • Ethernautics, Inc. – Meissner Project with Global Telecom Merger (Read More)

 

Advertisements

One comment on “Penetration Testing – Experience

  1. Pingback: Ethernautics, Inc. – Michael W. Meissner: Cyber Security Tools Experience | ethernautics

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: