first part
commit
feb7ef7bd3
GPG Key ID:
02D4C0997E74717B
Binary file not shown.
|
After Width: | Height: | Size: 52 KiB |
|
|
@ -0,0 +1,130 @@
|
||||||
|
# Introduction
|
||||||
|
|
||||||
|
## Teams involved in security
|
||||||
|
|
||||||
|
* red: attack team
|
||||||
|
* test effectiveness of security by performing attacks
|
||||||
|
* blue: defend team
|
||||||
|
* defend against attacks by constantly surveiling the network
|
||||||
|
* yellow: build team
|
||||||
|
* builds applications that can be used by the other teams
|
||||||
|
* sharing knowledge
|
||||||
|
* orange: builders learn from attackers
|
||||||
|
* green: builder learn from defenders
|
||||||
|
* purple: defenders learn from attackers
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Penetration testing
|
||||||
|
|
||||||
|
### Penetration testers <-> red teams
|
||||||
|
|
||||||
|
* penetration testing
|
||||||
|
* methodical approach
|
||||||
|
* limited by Rules of Engagement (restricted scope)
|
||||||
|
* 1-2 week engagement
|
||||||
|
* generally announced
|
||||||
|
* goal is to assess security of network and systems
|
||||||
|
* red team
|
||||||
|
* flexible approach
|
||||||
|
* anything goes (as long as it's legal)
|
||||||
|
* 1 week to 6 months engagement
|
||||||
|
* no announcement
|
||||||
|
* goal is to test general security posture of company
|
||||||
|
|
||||||
|
### Penetrating testing <-> vulnerability assessments
|
||||||
|
|
||||||
|
* penetration testing
|
||||||
|
* find vulnerabilities, both automated and manually
|
||||||
|
* exploit them
|
||||||
|
* attempt to gather confidential data
|
||||||
|
* inteded to go deeper and focus on technical issues
|
||||||
|
* vulnerability assessment
|
||||||
|
* find vulnerabilities through automated means
|
||||||
|
* don't exploit them or gather data
|
||||||
|
* broader and often includes explicit policy and procedure review
|
||||||
|
|
||||||
|
### assumed breach exercise
|
||||||
|
|
||||||
|
* pentest where attackers are assumed to already be inside
|
||||||
|
* malware is dropped inside company boundaries
|
||||||
|
* getting caught not the end -> reset and try again
|
||||||
|
* **Time To Detect** (TTD): how long it takes to notice breach
|
||||||
|
* **Time To Mitigate** (TTM): how long it takes to perform corrective action
|
||||||
|
|
||||||
|
### Useful resources
|
||||||
|
|
||||||
|
* [MITRE](https://attack.mitre.org/): knowledge base of attack tactics and
|
||||||
|
techniques
|
||||||
|
* [APT Groups and Operations](https://attack.mitre.org/): Google doc containing
|
||||||
|
list of dangerous groups
|
||||||
|
* [Cyber Fundamentals](https://atwork.safeonweb.be/nl/tools-resources/cyberfundamentals-framework)
|
||||||
|
* concrete measures on how to protect data and ensure safety in company
|
||||||
|
* four assurance levels
|
||||||
|
* five core functions
|
||||||
|
1. identify
|
||||||
|
2. protect
|
||||||
|
3. detect
|
||||||
|
4. respond
|
||||||
|
5. recover
|
||||||
|
|
||||||
|
# Planning, Scoping, Recon and OSINT
|
||||||
|
|
||||||
|
* **Threat**: agent or actor that can cause harm
|
||||||
|
* **Vulnerability**: flaw that can be exploited to cause harm
|
||||||
|
* **Risk**: overlap between threat and vulnerability
|
||||||
|
* **Exploit**: code or technique that a threat uses to take advantage of a
|
||||||
|
vulnerability
|
||||||
|
* **Hacking**: manipulate technology to make it do something it's not designed
|
||||||
|
to do
|
||||||
|
* **Ethnical hacking** (white hat): hacking with the permission of the target
|
||||||
|
* **Penetration testing**: ethical hacking with the goal of finding and
|
||||||
|
exploiting security vulnerabilities in target environment and reporting
|
||||||
|
them
|
||||||
|
* **Security audit**
|
||||||
|
* testing against a rigorous set of standards
|
||||||
|
* detailed checklists
|
||||||
|
* more in-depth than pen test
|
||||||
|
|
||||||
|
## Types of penetration tests
|
||||||
|
|
||||||
|
* Network services test
|
||||||
|
* find target systems on network
|
||||||
|
* look for openings in OS or running network services and exploit them
|
||||||
|
* over the internet or from within breached network
|
||||||
|
* Client-side software test
|
||||||
|
* look for vulnerabilities in client-side software (e.g. browsers)
|
||||||
|
* Web application test
|
||||||
|
* look for vulnerabilities in web-based applications deployed in the target
|
||||||
|
environment
|
||||||
|
* Social engineering / phishing test
|
||||||
|
* attempt to trick user into revealing sensitive information
|
||||||
|
* using phishing mails to make users click malicious links
|
||||||
|
* Wireless security test
|
||||||
|
* find unauthorized wireless access points or authorized ones with security
|
||||||
|
weaknesses
|
||||||
|
* Physical security test
|
||||||
|
* look for flaws in physical security practices
|
||||||
|
* literally try to break in
|
||||||
|
* dumpster diving
|
||||||
|
* Stolen equipment test
|
||||||
|
* "obtain" (steal) a piece of equipment (e.g. laptop) and analyse it for
|
||||||
|
sensitive info
|
||||||
|
* Cryptanalysis attack
|
||||||
|
* break or bypass encryption on local or intercepted data
|
||||||
|
* Product security test
|
||||||
|
* look for security flaws in software products that can be installed in
|
||||||
|
tester's lab
|
||||||
|
* Remote war dial test (obsolete)
|
||||||
|
* attempt to log into discovered modems
|
||||||
|
|
||||||
|
## Phases of an attack
|
||||||
|
|
||||||
|
1. Reconnaissance: OSINT, social engineering, dumpster diving...
|
||||||
|
2. Scanning: finidngo penings in the systems, listening ports...
|
||||||
|
3. Exploitation / gaining access: attempt to access and take control of target
|
||||||
|
devices
|
||||||
|
|
||||||
|
* Malicious actors go further
|
||||||
|
* install backdoors and rootkits
|
||||||
|
* cover tracks with covert channels, log editing...
|
||||||
Loading…
Reference in New Issue