Offensive Security

Cyber Security notes, references, and resources.

Main Types of Cyber Security Assessments

Vulnerability Assessment

Systematically identifying and evaluating vulnerabilities in applications, systems, or networks.

Goal: Create a prioritized inventory list of weaknesses without exploiting them.

Limitation: It does not simulate an attack or verify if the vulnerabilities can be exploited.

Activities Involved:

• Identifying assets: determine what applications, systems, or networks must be protected and, thus, assessed.

• Scanning for vulnerabilities: scan for unpatched software, misconfigurations, open ports, outdated libraries, etc, either manually or using tools like Nessus, Qualys, or OpenVAS.

• Risk Prioritization: based on the impact and likelihood of exploitation, assign a severity level—Critical, High, Medium, or Low.

• Reporting: deliver a detailed report outlining vulnerabilities, their impact, and suggested remediation.First Tab

Penetetration Testing

Also known as ethical hacking, simulates an attack on an application, system, or network to actively exploit vulnerabilities.

Goal: Test real-world scenarios, evaluate exploitability, and measure an organization's detection and response capabilities.

Limitation: Testing typically has a defined scope and time limit, so they do not simulate persistent, long-term attacks.

Activities involved:

• Reconnaissance: gather information about the target system (IP ranges, domains, open ports, employee information, exposed data breaches, etc).

• Scanning: identify potential weaknesses using tools like Nmap, Burp Suite, etc.

• Exploitation: actively exploit (validate they can be exploited) identified vulnerabilities, e.g., SQL injection, weak passwords, unpatched software, etc.

• Post-Exploitation: assess what can be done after gaining access, e.g., lateral movement, privilege escalation, data exfiltration, etc.

• Reporting: provide a detailed account of findings, including proof-of-concept (PoC) exploits and recommendations.

Red Teaming

A red team engagement/assessment is a realistic adversary simulation that tests an organization's entire security posture, including people, processes, and technology.

Red teams use stealth and persistence to mimic advanced attackers.

Goal: To simulate real-world advanced attacks and assess the organization's ability to detect, respond, and recover from complex threats.

Limitation: It requires significant time, resources, and organizational buy-in to be effective. It is less about finding specific vulnerabilities and more about a holistic assessment.

Activities involved:

• Long-Term Planning: simulate Tactics, Techniques, and Procedures (TTPs) of advanced threat actors.

• Reconnaissance: perform extended recon, gathering information about employees, systems, and physical locations.

• Multiple Attack Vectors: combine social engineering, physical security breaches, and technical exploits, such as phishing campaigns, to compromise employee credentials.

• Stealth and Persistence: focus on avoiding detection while maintaining access over time.

• Comprehensive Assessment: test all aspects of the organization's defense, including blue teams (defenders), incident response processes, technical systems, and remediation and recovery measures.

• Reporting and Feedback: deliver a report outlining strengths, weaknesses, and opportunities in detection and defense.

Ethical Hacking

Ethical hacking is the authorized use of tools, tactics, and techniques to simulate real-world cyber attacks to identify and validate the exploitability of vulnerabilities to improve the cybersecurity posture of an organization.

• Scope:

  • It is crucial to risk assessment, auditing, counter fraud, and information system security best practices.

  • It identifies risks and highlights remedial actions, thus reducing ICT costs by resolving vulnerabilities.

• Limitations:

  • An ethical hacker can only help an organization better understand its security posture; it is up to the organization to place the right safeguards on the network.

  • Organizations need to know what they are looking for and why they are hiring an ethical hacker.

Information Security Attacks: Motives, Goals, & Objectives

Attacks involve an attempt to obtain, edit, remove, destroy, implant, or reveal information without authorized access. It can be conceptualized as a combination of a motive/goal with a method to perform an attack that exploits a vulnerability.

Attacks = Motive (Goal) + Method(TTP) + Vulnerability

• Motives: disrupt business operations, steal information, manipulate data, create fear & chaos by disrupting critical infrastructure, propagate propaganda/political views, revenge, financial gain, etc.

• Vulnerabilities include hardware/software misconfiguration, insecure or poor system or network design, inherent technology weaknesses, end-user carelessness, and intentional user actions.

• Tactics, Techniques, and Procedures (TTPs):

  • Tactics is the strategy an attacker adopts to perform attacks from beginning to end.

  • Techniques: the technical methods attackers use to achieve intermediate results during the attack.

  • Procedures: the systematic approach adopted by threat actors to launch an attack.