Full Transcript

Chapter 3 APT Hacker Methodology Public AHM: Strong Enough for Penetration Testers, Made for a Hacker  AHM: stand for APT Hacker Methodology  Penetration Testing: is a sanctioned attack against an organization performed to test the efficacy of security controls and defens...

Chapter 3 APT Hacker Methodology Public AHM: Strong Enough for Penetration Testers, Made for a Hacker  AHM: stand for APT Hacker Methodology  Penetration Testing: is a sanctioned attack against an organization performed to test the efficacy of security controls and defenses in place.  Examples of testing:  Response to “malicious” activities: such as phishing emails or social engineering phone calls  Technical controls: such as the configuration of computers, servers, and network infrastructure  Testing the process: where employees follow to respond to detect incidents. Public Difference between APT Hackers & Penetration Testers  Penetration Testers: They receive a signed letter from the organization they have been contracted with indicating the test has been approved by an authorized party  Penetration Testers if they get caught they do not face any real consequences or arrest.  Limitation of Penetration Testers Activities:  Not allowed to target top executives  Specific and agreed upon targets are allowed to test  Only specific personnel are targeted to test  APT Hackers do Not have limit and do not abide by any rules or limit Public AHM Components (Requirements, Skills, soft Skills)  Elegant, Big-Picture Thinkers: APT hackers who can execute elegant attacks and see the big picture.  Once you have the correct image of the big picture, you will see that any organization can be compromised  No organization is 100% secure. Public Advanced: Echelons of Skill  Thepath of mastery is like climbing a series of ladders with platforms between each.  Each rung in the ladder represents a specific new skill that you must purposefully use to achieve the goal  Upon reaching each platform, you will obtain an enlightened understanding of the skills permitted to get there.  First you must learn the acknowledge simply that a technology works  Second you learn how it is supposed to work  Third you learn how it really works  Fourth you learn how to break it Public Preparation  If I had six hours to chop down a tree, I would spend the first four sharpening the axe…………Abraham Lincoln  Preparation for an attack is critical for any attacker  Preparation in the form of reconnaissance, is an extremely important process that can not be hurried through  Reconnaissance: is the how to properly perform reconnaissance on a target organization  APT hacker will take his time testing all the tools and techniques to be used in an attack  This can cover: testing an exploit, rootkit, backdoor, or phishing website. To make sure all are worked out before executing an attack Public Patience  Patience is a characteristic of APT  APTspent lots of time reconnaissance while traditional hackers spent little  APTspent lots of time testing all the tools and techniques to be used in an attack  APThackers ensure that each phase of the attack is tested well, otherwise alerting the target is no option Public Social Omni-Science  Social Engineering: any act that influence a person to an action that may or may not be in their best interest.  Social Engineering is defined by understanding the pic picture of how all social elements affect the security of a target. Examples:  Inter-relationship between employees and managers  Inter-relationships between departments within organizations  Impact of geological diversity of companies  Business policies and procedures  Company politics  Ethnic differences and diversity of employees  Overall security awareness and importance placed on security  World events external to organization  Employee skills  Impact of holidays and vacation Public Always Target the Weakest Link  Manyattackers simply target the systems they know how to compromise  AnAPT hacker analyzes a target organization and specifically identifies and select the weakest link for attack.  Traditional hacker might attempt:  SQL injection  Cross-site scripting  Parameter manipulation on a target’s web application  If not vulnerable, then move on to another target Public Always Target the Weakest Link  APThacker has an entire toolset of attacks and techniques to choose from  Heor she chooses the technique that exploits the specific weakest link in the chain at the target organization to quickly access to the desired asset  Can guarantee success by performing ample:  Reconnaissance  Understanding the target  Waiting for the opportune time  Then target the weakest link Public Exploitless Exploits  ExploitlessExploits: work by simply using a technology as it’s intended to accomplish our goals  One example of Exploitless exploit could be tailgating on an administrative channel.  An APT hacker will also use:  Memory corruption exploit  Preexisting exploit Public Think Outside the Box  It is critical for any hacker especially APT hacker  It is an ability you can learn, you do not need to be born with it  What in the box:  Constraints of assumptions  Traditional thinking  Group thought  Thinking outside the box means is thinking without the above constrains of assumption or convention  The box is constructed of the rules put in place by:  pragmatism  Human nature  People in authority  Your peers Public Think Outside the Box  AnAPT hacker thinks outside the box in every phase of a successful attack  From inception to clean up  Nature of being criminal  Not restricted by rules  No fear of the law  The Bicycles story Public The Process of Thinking Outside the Box There are four major techniques with the generic process: Find a creative are (space and time) Think without your filter Just write Create first, filter second Public Thinking Outside the Security Box  Remember that the core technique to thinking outside the box is questioning or analysis:  Determine the traditional answer (assumptions)  Question the traditional answer (question assumptions)  Analyze the exact opposite of the traditional answer (contradict assumptions)  One common approach would be to consider the existence of a security control to be a positive thing for the APT hacker. Public Look for Misdirection  Think like a magician  Organizations always show off with their security systems for misdirection  Examples:  Smaller organizations with limited staff, a security engineer familiar with network security might be far more likely to focus on technology to secure the network while ignoring or neglecting other areas such as host-hardening standards  Large organizations might be able to afford large teams of security individuals who each have their own unique skill sets, but neglecting training end users on secure behavior. Public Keep it Simple, Stupid (KISS)  Despiteall of the attack vectors, techniques, and tools available to the APT hacker, you must strive to keep your attacks as simple and elegant as possible.  Bykeeping our attacks as simple as possible, we will avoid unnecessary opportunities for our attacks to fail.  Leonardo da Vinci put it best when he said “simplicity is the ultimate sophistication” Public

Use Quizgecko on...
Browser
Browser