Cyber Workshop for Basic Pen Testing, System Hardening, and Ransomware Assessments

  • Room: Virtual
Wednesday,May 25, 2022:1:00 PM -3:00 PM


Andrew Lanning
Integrated Security Technologies
Christopher Peckham
Ollivier Corporation
Josh Cummings
Vice President, Technology
VTI Security a Paladin Technologies Company


The physical security industry relies upon computer systems and networks. These systems should be secure and people within the physical security ecosystem need to understand what is involved in providing a solid foundation where their applications can be installed and operated. This workshop will be hands-on with the participants performing various tasks with the guidance of the facilitators. After setting up the environment and installing the programs that will be used in the session, the participants will be asked to run the programs to perform penetration testing from their own laptop against provided network targets. These targets will have various vulnerabilities that the penetration tests will discover. Following a discussion, the participants will then patch and update the targets following guidance from industry hardening guides and then perform the penetration testing again. The differences and details of the hardening guides will be discussed. Finally, the CISA Cyber Security Evaluation Tool will be run.


Super Track(s)


1. Introduction
2. Environment
- Review laptop and network requirements
- Install necessary programs on systems
3. Pen testing
- Present basics of penetration testing
- Discuss several open source pen-testing tools
- Install metasploit and OWASP ZAP Zed Attack Proxy
- Select target machine in network environment that has vulnerabilities on it
- Discuss vulnerabilities
4. Hardening Guide
- Discuss concepts of system hardening using various vendor hardening guides
- Implement hardening of target machine
- Select target machine in network environment that has been hardened and perform penetration testing
- Discuss differences in results after hardening was performed
5.CISA Cyber Security Evaluation Tool
- Discuss purpose of tool
- Review options of tool including newer option for ransomware readiness
- Download tool and run in environment
6. Review of workshop and Next steps
- Discuss workshop outcomes
- Discuss other resources and what can be done further

Learning Objectives

1. Perform a basic system penetration test using open-source tools and evaluate the results and then compare results after target has been hardened
2. Review and implement system hardening based on several industry system hardening guides
3. Obtain an understanding and hands-on experience with the operation of CISA Cyber Security Evaluation Tool including performing a ransomware readiness assessment