CyberSecC@ptBlackb3ard
  • 🦜Welcome
  • Cyber Security
    • Offensive Security
      • Penetration Testing Methodology
      • Pre-Engagement Interaction
      • Reconnaissance (Information Gathering)
        • Open-Source Intelligence (OSINT)
      • Scanning and Enumeration
        • Domain Enumeration
        • Network Enumeration
          • Network Mapper (nmap)
          • Port/Protocol & Service Enumeration & Attack
            • File Transfer Protocol (FTP): 20, 21
              • Trivial File Transfer Protocol (TFTP): 69
              • FTP over SSL/TLS (FTPS): 989, 990
            • Secure Shell (SSH): 22
            • Telnet: 23
            • Simple Mail Transfer Protocol (SMTP): 25
              • SMTP Secure (SMTPS): 587
            • Domain Name System (DNS):53
            • Dynamic Host Configuration Protocol (DHCP): 67, 68
            • Hyper Text Transfer Protocol (HTTP): 80
              • HTTP over SSL/TLS (HTTPS): 443
            • Kerberos: 88
            • Post Office Protocol version 3 (POP3): 110
            • Network Time Protocol (NTP): 123
            • Remote Procedure Call (RPC): 135
            • NetBIOS: 137, 138, 139
            • Internet Message Access Protocol (IMAP): 143
            • IMAP over SSL/TLS: 933
            • Internet Relay Chat (IRC): 194
            • Light Weight Directory Access Protocol (LDAP): 389
              • LDAP over SSL/TLS (LDAPS): 636
            • Server Message Block (SMB): 445
              • Hostname
              • Shared Folders
            • Network File System (NFS): 2049
            • Microsoft SQL Server: 1433
            • MySQL Server: 3306
            • PostgreSQL Server: 5432
            • Remote Desktop Protocol (RDP): 3389
            • Border Gateway Protocol (BGP): 179
            • Remote Authentication Dial-In User Service (RADIUS): 1812, 1813
        • Web Enumeration
      • Security Assessment Report Writing
      • Tools
        • Cryptography & Encoding
          • Password Recovery
        • Network Tools
  • Networking
    • OSI and TCP/IP Model
      • Common Network Ports & Protocols
  • Cloud
    • Cloud Computing
  • General
    • Cyber Security Theory
      • Information Security
      • Cybersecurity Resilience
      • Cybersecurity Posture
    • Terms and Acronyms
    • Database Cheat Sheets
Powered by GitBook
On this page
  • Main Types of Cyber Security Assessments
  • Ethical Hacking
  • Information Security Attacks: Motives, Goals, & Objectives
  1. Cyber Security

Offensive Security

Cyber Security notes, references, and resources.

Main Types of Cyber Security Assessments

Systematically identifying and evaluating vulnerabilities in applications, systems, or networks.

Goal: Create a prioritized inventory list of weaknesses without exploiting them.

Limitation: It does not simulate an attack or verify if the vulnerabilities can be exploited.

Activities Involved:

  • Identifying assets: determine what applications, systems, or networks must be protected and, thus, assessed.

  • Scanning for vulnerabilities: scan for unpatched software, misconfigurations, open ports, outdated libraries, etc, either manually or using tools like Nessus, Qualys, or OpenVAS.

  • Risk Prioritization: based on the impact and likelihood of exploitation, assign a severity level—Critical, High, Medium, or Low.

  • Reporting: deliver a detailed report outlining vulnerabilities, their impact, and suggested remediation.First Tab

Also known as ethical hacking, simulates an attack on an application, system, or network to actively exploit vulnerabilities.

Goal: Test real-world scenarios, evaluate exploitability, and measure an organization's detection and response capabilities.

Limitation: Testing typically has a defined scope and time limit, so they do not simulate persistent, long-term attacks.

Activities involved:

  • Reconnaissance: gather information about the target system (IP ranges, domains, open ports, employee information, exposed data breaches, etc).

  • Scanning: identify potential weaknesses using tools like Nmap, Burp Suite, etc.

  • Exploitation: actively exploit (validate they can be exploited) identified vulnerabilities, e.g., SQL injection, weak passwords, unpatched software, etc.

  • Post-Exploitation: assess what can be done after gaining access, e.g., lateral movement, privilege escalation, data exfiltration, etc.

  • Reporting: provide a detailed account of findings, including proof-of-concept (PoC) exploits and recommendations.

A red team engagement/assessment is a realistic adversary simulation that tests an organization's entire security posture, including people, processes, and technology.

Red teams use stealth and persistence to mimic advanced attackers.

Goal: To simulate real-world advanced attacks and assess the organization's ability to detect, respond, and recover from complex threats.

Limitation: It requires significant time, resources, and organizational buy-in to be effective. It is less about finding specific vulnerabilities and more about a holistic assessment.

Activities involved:

  • Long-Term Planning: simulate Tactics, Techniques, and Procedures (TTPs) of advanced threat actors.

  • Reconnaissance: perform extended recon, gathering information about employees, systems, and physical locations.

  • Multiple Attack Vectors: combine social engineering, physical security breaches, and technical exploits, such as phishing campaigns, to compromise employee credentials.

  • Stealth and Persistence: focus on avoiding detection while maintaining access over time.

  • Comprehensive Assessment: test all aspects of the organization's defense, including blue teams (defenders), incident response processes, technical systems, and remediation and recovery measures.

  • Reporting and Feedback: deliver a report outlining strengths, weaknesses, and opportunities in detection and defense.

Ethical Hacking

Ethical hacking is the authorized use of tools, tactics, and techniques to simulate real-world cyber attacks to identify and validate the exploitability of vulnerabilities to improve the cybersecurity posture of an organization.

  • Scope:

    • It is crucial to risk assessment, auditing, counter fraud, and information system security best practices.

    • It identifies risks and highlights remedial actions, thus reducing ICT costs by resolving vulnerabilities.

  • Limitations:

    • An ethical hacker can only help an organization better understand its security posture; it is up to the organization to place the right safeguards on the network.

    • Organizations need to know what they are looking for and why they are hiring an ethical hacker.

Information Security Attacks: Motives, Goals, & Objectives

Attacks involve an attempt to obtain, edit, remove, destroy, implant, or reveal information without authorized access. It can be conceptualized as a combination of a motive/goal with a method to perform an attack that exploits a vulnerability.

Attacks = Motive (Goal) + Method(TTP) + Vulnerability

  • Motives: disrupt business operations, steal information, manipulate data, create fear & chaos by disrupting critical infrastructure, propagate propaganda/political views, revenge, financial gain, etc.

  • Vulnerabilities include hardware/software misconfiguration, insecure or poor system or network design, inherent technology weaknesses, end-user carelessness, and intentional user actions.

  • Tactics, Techniques, and Procedures (TTPs):

    • Tactics is the strategy an attacker adopts to perform attacks from beginning to end.

    • Techniques: the technical methods attackers use to achieve intermediate results during the attack.

    • Procedures: the systematic approach adopted by threat actors to launch an attack.

PreviousWelcomeNextPenetration Testing Methodology

Last updated 5 months ago

Page cover image