Offensive Security
Cyber Security notes, references, and resources.
Main Types of Cyber Security Assessments
Systematically identifying and evaluating vulnerabilities in applications, systems, or networks.
Goal: Create a prioritized inventory list of weaknesses without exploiting them.
Limitation: It does not simulate an attack or verify if the vulnerabilities can be exploited.
Activities Involved:
Identifying assets: determine what applications, systems, or networks must be protected and, thus, assessed.
Scanning for vulnerabilities: scan for unpatched software, misconfigurations, open ports, outdated libraries, etc, either manually or using tools like Nessus, Qualys, or OpenVAS.
Risk Prioritization: based on the impact and likelihood of exploitation, assign a severity level—Critical, High, Medium, or Low.
Reporting: deliver a detailed report outlining vulnerabilities, their impact, and suggested remediation.First Tab
Also known as ethical hacking, simulates an attack on an application, system, or network to actively exploit vulnerabilities.
Goal: Test real-world scenarios, evaluate exploitability, and measure an organization's detection and response capabilities.
Limitation: Testing typically has a defined scope and time limit, so they do not simulate persistent, long-term attacks.
Activities involved:
Reconnaissance: gather information about the target system (IP ranges, domains, open ports, employee information, exposed data breaches, etc).
Scanning: identify potential weaknesses using tools like Nmap, Burp Suite, etc.
Exploitation: actively exploit (validate they can be exploited) identified vulnerabilities, e.g., SQL injection, weak passwords, unpatched software, etc.
Post-Exploitation: assess what can be done after gaining access, e.g., lateral movement, privilege escalation, data exfiltration, etc.
Reporting: provide a detailed account of findings, including proof-of-concept (PoC) exploits and recommendations.
A red team engagement/assessment is a realistic adversary simulation that tests an organization's entire security posture, including people, processes, and technology.
Red teams use stealth and persistence to mimic advanced attackers.
Goal: To simulate real-world advanced attacks and assess the organization's ability to detect, respond, and recover from complex threats.
Limitation: It requires significant time, resources, and organizational buy-in to be effective. It is less about finding specific vulnerabilities and more about a holistic assessment.
Activities involved:
Long-Term Planning: simulate Tactics, Techniques, and Procedures (TTPs) of advanced threat actors.
Reconnaissance: perform extended recon, gathering information about employees, systems, and physical locations.
Multiple Attack Vectors: combine social engineering, physical security breaches, and technical exploits, such as phishing campaigns, to compromise employee credentials.
Stealth and Persistence: focus on avoiding detection while maintaining access over time.
Comprehensive Assessment: test all aspects of the organization's defense, including blue teams (defenders), incident response processes, technical systems, and remediation and recovery measures.
Reporting and Feedback: deliver a report outlining strengths, weaknesses, and opportunities in detection and defense.
Ethical Hacking
Ethical hacking is the authorized use of tools, tactics, and techniques to simulate real-world cyber attacks to identify and validate the exploitability of vulnerabilities to improve the cybersecurity posture of an organization.
Scope:
It is crucial to risk assessment, auditing, counter fraud, and information system security best practices.
It identifies risks and highlights remedial actions, thus reducing ICT costs by resolving vulnerabilities.
Limitations:
An ethical hacker can only help an organization better understand its security posture; it is up to the organization to place the right safeguards on the network.
Organizations need to know what they are looking for and why they are hiring an ethical hacker.
Information Security Attacks: Motives, Goals, & Objectives
Attacks involve an attempt to obtain, edit, remove, destroy, implant, or reveal information without authorized access. It can be conceptualized as a combination of a motive/goal with a method to perform an attack that exploits a vulnerability.
Motives: disrupt business operations, steal information, manipulate data, create fear & chaos by disrupting critical infrastructure, propagate propaganda/political views, revenge, financial gain, etc.
Vulnerabilities include hardware/software misconfiguration, insecure or poor system or network design, inherent technology weaknesses, end-user carelessness, and intentional user actions.
Tactics, Techniques, and Procedures (TTPs):
Tactics is the strategy an attacker adopts to perform attacks from beginning to end.
Techniques: the technical methods attackers use to achieve intermediate results during the attack.
Procedures: the systematic approach adopted by threat actors to launch an attack.
Last updated