commit feb7ef7bd381558571d65768803db8b3ca1028ac Author: Jef Roosens Date: Wed Oct 16 10:56:48 2024 +0200 first part diff --git a/img/ch01/security-teams.jpg b/img/ch01/security-teams.jpg new file mode 100644 index 0000000..2655137 Binary files /dev/null and b/img/ch01/security-teams.jpg differ diff --git a/samenvatting.md b/samenvatting.md new file mode 100644 index 0000000..79d3a37 --- /dev/null +++ b/samenvatting.md @@ -0,0 +1,130 @@ +# Introduction + +## Teams involved in security + +* red: attack team + * test effectiveness of security by performing attacks +* blue: defend team + * defend against attacks by constantly surveiling the network +* yellow: build team + * builds applications that can be used by the other teams +* sharing knowledge + * orange: builders learn from attackers + * green: builder learn from defenders + * purple: defenders learn from attackers + +![Teams](img/ch01/security-teams.jpg) + +## Penetration testing + +### Penetration testers <-> red teams + +* penetration testing + * methodical approach + * limited by Rules of Engagement (restricted scope) + * 1-2 week engagement + * generally announced + * goal is to assess security of network and systems +* red team + * flexible approach + * anything goes (as long as it's legal) + * 1 week to 6 months engagement + * no announcement + * goal is to test general security posture of company + +### Penetrating testing <-> vulnerability assessments + +* penetration testing + * find vulnerabilities, both automated and manually + * exploit them + * attempt to gather confidential data + * inteded to go deeper and focus on technical issues +* vulnerability assessment + * find vulnerabilities through automated means + * don't exploit them or gather data + * broader and often includes explicit policy and procedure review + +### assumed breach exercise + +* pentest where attackers are assumed to already be inside +* malware is dropped inside company boundaries +* getting caught not the end -> reset and try again +* **Time To Detect** (TTD): how long it takes to notice breach +* **Time To Mitigate** (TTM): how long it takes to perform corrective action + +### Useful resources + +* [MITRE](https://attack.mitre.org/): knowledge base of attack tactics and + techniques +* [APT Groups and Operations](https://attack.mitre.org/): Google doc containing + list of dangerous groups +* [Cyber Fundamentals](https://atwork.safeonweb.be/nl/tools-resources/cyberfundamentals-framework) + * concrete measures on how to protect data and ensure safety in company + * four assurance levels + * five core functions + 1. identify + 2. protect + 3. detect + 4. respond + 5. recover + +# Planning, Scoping, Recon and OSINT + +* **Threat**: agent or actor that can cause harm +* **Vulnerability**: flaw that can be exploited to cause harm +* **Risk**: overlap between threat and vulnerability +* **Exploit**: code or technique that a threat uses to take advantage of a + vulnerability +* **Hacking**: manipulate technology to make it do something it's not designed + to do + * **Ethnical hacking** (white hat): hacking with the permission of the target + * **Penetration testing**: ethical hacking with the goal of finding and + exploiting security vulnerabilities in target environment and reporting + them +* **Security audit** + * testing against a rigorous set of standards + * detailed checklists + * more in-depth than pen test + +## Types of penetration tests + +* Network services test + * find target systems on network + * look for openings in OS or running network services and exploit them + * over the internet or from within breached network +* Client-side software test + * look for vulnerabilities in client-side software (e.g. browsers) +* Web application test + * look for vulnerabilities in web-based applications deployed in the target + environment +* Social engineering / phishing test + * attempt to trick user into revealing sensitive information + * using phishing mails to make users click malicious links +* Wireless security test + * find unauthorized wireless access points or authorized ones with security + weaknesses +* Physical security test + * look for flaws in physical security practices + * literally try to break in + * dumpster diving +* Stolen equipment test + * "obtain" (steal) a piece of equipment (e.g. laptop) and analyse it for + sensitive info +* Cryptanalysis attack + * break or bypass encryption on local or intercepted data +* Product security test + * look for security flaws in software products that can be installed in + tester's lab +* Remote war dial test (obsolete) + * attempt to log into discovered modems + +## Phases of an attack + +1. Reconnaissance: OSINT, social engineering, dumpster diving... +2. Scanning: finidngo penings in the systems, listening ports... +3. Exploitation / gaining access: attempt to access and take control of target + devices + +* Malicious actors go further + * install backdoors and rootkits + * cover tracks with covert channels, log editing...