Ethical Hacking Fundamentals INF 203 PDF

Ethical Hacking Fundament als INF 203 What is Security CONTENTS 1 Testing? Pentestin g 2 Vulnerability Assessment 3 (VA) Red Team 4...

Ethical Hacking Fundament als INF 203 What is Security CONTENTS 1 Testing? Pentestin g 2 Vulnerability Assessment 3 (VA) Red Team 4 5 Blue Team How to conduct the Pentest? 6 Methodologi 7 es What is Security Testing? 0 1 A good general definition to start from would be the following: “Security Testing is the process to reveal flaws in a system in terms of Confidentiality, Integrity, Availability (CIA)” As you can imagine, there is no agreement on a universal definition of Security Testing. Indeed, there are various types of activities that fall under the umbrella of security testing: Security Audit Vulnerability Assessment Penetration Testing Red Teaming Ethical Hacking 0 Pentesting 2 A penetration testing (pentest) is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Important note: Pentest, Red Teaming and Vulnerability Assessment (VA) are different activities. Goal of the Pentest Main objective: The goal of a Pentest is to simulate real-world cyber attacks to identify and mitigate potential security risks. Identify vulnerabilities and weaknesses in the system's defenses. Improve the overall security posture by addressing discovered vulnerabilities. Vulnerability assesment 03 If we imagine that system that we are testing is the House with Pentest vs VA safe: ✓ Pentest is activity that is performed to get content of the safe; ✓ VA is activity that performed to find all unsecured windows/doors and find all other ways thief can get into the house and to the safe. RED 04 TEAM Red Team The Red Team is a group of security experts who simulate real- world cyber-attacks to test the defenses of a system or organization. Objective: Find and exploit vulnerabilities in the system as an external threat. Skills required: Advanced knowledge of hacking techniques, creativity, and the ability to think like an attacker. Work in collaboration with the Blue Team for a comprehensive security approach. Red Team Engagement Red teaming is a term borrowed from the military. In military exercises, a group would take the role of a red team to simulate attack techniques to test the reaction capabilities of a defending team, generally known as blue team, against known adversary strategies. Translated into the world of cybersecurity, red team engagements consist of emulating a real threat actor's Tactics, Techniques and Procedures (TTPs) so that we can measure how well our blue team responds to them and ultimately improve any security controls in place. The red team will do everything they can to achieve the goals while remaining undetected and evading any existing security mechanisms like firewalls, antivirus, EDR, IPS and others. Notice how on a red team engagement, not all of the hosts on a network will be checked for vulnerabilities. A real attacker would only need to find a single path to its goal and is not interested in performing noisy scans that the blue team could detect. Red Team Engagement Red Team Kill Chain Pentesting vs Red Teaming Pentesting Red Teaming Security Assessment Methodical Flexible No Rules* 2 weeks - 6 months engagement No announcement Restrictive Scope Test Blue teams on programs, Scope 1-2 weeks engagement policies, tools, and skills Generally Announced Useful to estimate organization's Identify Vulnerabilities Time To Detect (TTD) and Time To Mitigate (TTM) * Can't be illegal… Table Source: Peter Kim, "The Hacker Playbook 3" Blue team 05 Blue team The Blue Team is responsible for defending against simulated cyber-attacks conducted by the Red Team. Objective: Detect, respond, and mitigate attacks to strengthen the overall security posture. Skills required: Strong understanding of defensive strategies, incident response, and security technologies. Work in collaboration with the Red Team for a comprehensive security approach. Purple Team The Purple Team is a collaborative approach that involves both the Red and Blue Teams working together. Real-time sharing: Information and feedback are shared to enhance the overall security by improving detection and response capabilities. How to conduct the Pentest? 06 How to conduct the Pentest? Time to talk about the phase that is usually called ‘Pre-engagement’. There is a bunch of different methodologies, but the idea is the same: agree upon the rules/scope/schedule/etc. of the engagement and record it in some document. Rules of engagement is a formalized document that is usually signed by both parties (Customer and Company that perform security testing). Pre-engagement is about asking questions. More questions you ask – less problems you get in the future. You should agree with Customer on following points: ✓ The goal of the security test ✓ Scope of the engagement ✓ Schedule (milestones) What ✓ Risks ✓ The allowed techniques information ✓ Deliverables ✓ Statement of work should I get? Scope of the engagement We call “Scope of the engagement” as a list of activities you will perform (e.g. list of checks or OWASP Top 10). Also, allowed surface of attack is mentioned here. It might be done with different ways: domain (ask about subdomains), IP, etc. Understand the surface of attack means resolve all questions concerning environment (ensure environment is available etc.). Important note: testing out of surface is illegal! Schedule ✓ Start date of security test ✓ Ensure timetable allowed hours (some project switch off environments for a night) ✓Timetable for possible scans if needed (e.g.: “Please do not switch off environment on some weekend”) ✓ End date Risks Some of activities might cause denial-of-service, loss of the data or slower the work of other people who share the environment. That’s why it is a good idea to conduct security test on a separate environment. Also, you need to know who is the person that might help you in critical situation (contact person). 07 Methodolo gies Methodologies Pentest methodologies can be customized based on the specific system, goals, and industry standards. Common pentesting methodologies: 1. OWASP Testing Guide 2. NIST SP 800-115 3. OSSTMM (Open Source Security Testing Methodology Manual) 4. PTES (Penetration Testing Execution Standard) OWASP Testing Guide The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals. The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world. The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. OWASP Top 10 Companies should adopt this document and start the process of ensuring that their web applications minimize these risks. PTES (Penetration Testing Execution Standard) Penetration Testing Execution Standard (PTES) defines penetration testing as 7 phases. Particularly, PTES Technical Guidelines give hands-on suggestions on testing procedures, and recommendation for security testing tools. 1 Pre-engagement Interactions 2 Intelligence Gathering 3 Threat Modeling 4 Vulnerability Analysis 5 Exploitation 6 Post Exploitation 7 Reporting References 1. https://owasp.org/www-project-web-security-testing-guide/ 2. http://www.pentest-standard.org/index.php/Main_Page 3. https://tryhackme.com/room/redteamfundamentals 4. https://owasp.org/www-project-top-ten/

Ethical Hacking Fundamentals INF 203 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue