first part
commit
feb7ef7bd3
GPG Key ID:
02D4C0997E74717B
Binary file not shown.
|
After Width: | Height: | Size: 52 KiB |
|
|
@ -0,0 +1,130 @@
|
|||
# Introduction
|
||||
|
||||
## Teams involved in security
|
||||
|
||||
* red: attack team
|
||||
* test effectiveness of security by performing attacks
|
||||
* blue: defend team
|
||||
* defend against attacks by constantly surveiling the network
|
||||
* yellow: build team
|
||||
* builds applications that can be used by the other teams
|
||||
* sharing knowledge
|
||||
* orange: builders learn from attackers
|
||||
* green: builder learn from defenders
|
||||
* purple: defenders learn from attackers
|
||||
|
||||
|
||||
|
||||
## Penetration testing
|
||||
|
||||
### Penetration testers <-> red teams
|
||||
|
||||
* penetration testing
|
||||
* methodical approach
|
||||
* limited by Rules of Engagement (restricted scope)
|
||||
* 1-2 week engagement
|
||||
* generally announced
|
||||
* goal is to assess security of network and systems
|
||||
* red team
|
||||
* flexible approach
|
||||
* anything goes (as long as it's legal)
|
||||
* 1 week to 6 months engagement
|
||||
* no announcement
|
||||
* goal is to test general security posture of company
|
||||
|
||||
### Penetrating testing <-> vulnerability assessments
|
||||
|
||||
* penetration testing
|
||||
* find vulnerabilities, both automated and manually
|
||||
* exploit them
|
||||
* attempt to gather confidential data
|
||||
* inteded to go deeper and focus on technical issues
|
||||
* vulnerability assessment
|
||||
* find vulnerabilities through automated means
|
||||
* don't exploit them or gather data
|
||||
* broader and often includes explicit policy and procedure review
|
||||
|
||||
### assumed breach exercise
|
||||
|
||||
* pentest where attackers are assumed to already be inside
|
||||
* malware is dropped inside company boundaries
|
||||
* getting caught not the end -> reset and try again
|
||||
* **Time To Detect** (TTD): how long it takes to notice breach
|
||||
* **Time To Mitigate** (TTM): how long it takes to perform corrective action
|
||||
|
||||
### Useful resources
|
||||
|
||||
* [MITRE](https://attack.mitre.org/): knowledge base of attack tactics and
|
||||
techniques
|
||||
* [APT Groups and Operations](https://attack.mitre.org/): Google doc containing
|
||||
list of dangerous groups
|
||||
* [Cyber Fundamentals](https://atwork.safeonweb.be/nl/tools-resources/cyberfundamentals-framework)
|
||||
* concrete measures on how to protect data and ensure safety in company
|
||||
* four assurance levels
|
||||
* five core functions
|
||||
1. identify
|
||||
2. protect
|
||||
3. detect
|
||||
4. respond
|
||||
5. recover
|
||||
|
||||
# Planning, Scoping, Recon and OSINT
|
||||
|
||||
* **Threat**: agent or actor that can cause harm
|
||||
* **Vulnerability**: flaw that can be exploited to cause harm
|
||||
* **Risk**: overlap between threat and vulnerability
|
||||
* **Exploit**: code or technique that a threat uses to take advantage of a
|
||||
vulnerability
|
||||
* **Hacking**: manipulate technology to make it do something it's not designed
|
||||
to do
|
||||
* **Ethnical hacking** (white hat): hacking with the permission of the target
|
||||
* **Penetration testing**: ethical hacking with the goal of finding and
|
||||
exploiting security vulnerabilities in target environment and reporting
|
||||
them
|
||||
* **Security audit**
|
||||
* testing against a rigorous set of standards
|
||||
* detailed checklists
|
||||
* more in-depth than pen test
|
||||
|
||||
## Types of penetration tests
|
||||
|
||||
* Network services test
|
||||
* find target systems on network
|
||||
* look for openings in OS or running network services and exploit them
|
||||
* over the internet or from within breached network
|
||||
* Client-side software test
|
||||
* look for vulnerabilities in client-side software (e.g. browsers)
|
||||
* Web application test
|
||||
* look for vulnerabilities in web-based applications deployed in the target
|
||||
environment
|
||||
* Social engineering / phishing test
|
||||
* attempt to trick user into revealing sensitive information
|
||||
* using phishing mails to make users click malicious links
|
||||
* Wireless security test
|
||||
* find unauthorized wireless access points or authorized ones with security
|
||||
weaknesses
|
||||
* Physical security test
|
||||
* look for flaws in physical security practices
|
||||
* literally try to break in
|
||||
* dumpster diving
|
||||
* Stolen equipment test
|
||||
* "obtain" (steal) a piece of equipment (e.g. laptop) and analyse it for
|
||||
sensitive info
|
||||
* Cryptanalysis attack
|
||||
* break or bypass encryption on local or intercepted data
|
||||
* Product security test
|
||||
* look for security flaws in software products that can be installed in
|
||||
tester's lab
|
||||
* Remote war dial test (obsolete)
|
||||
* attempt to log into discovered modems
|
||||
|
||||
## Phases of an attack
|
||||
|
||||
1. Reconnaissance: OSINT, social engineering, dumpster diving...
|
||||
2. Scanning: finidngo penings in the systems, listening ports...
|
||||
3. Exploitation / gaining access: attempt to access and take control of target
|
||||
devices
|
||||
|
||||
* Malicious actors go further
|
||||
* install backdoors and rootkits
|
||||
* cover tracks with covert channels, log editing...
|
||||
Loading…
Reference in New Issue