Attacker Methodology
A co-worker and I recently had the opportunity to go work with some of the aspiring infosec gurus at UW this week and so I'm putting all 3 parts of the lecture that we gave here online... so ... let's get started with some basic adversary methodology...Background / assumptions:
This is probably useful if you've never defended or broken into a network on your own before. The goal is that this is a primer to understanding malware, understanding what attackers are after and what they need to do with malware should help towards that overall level of understanding.Attack Phases
Here are the basic phases of an attack, all of which are important in the real world:Facebook recent RCE
- OSINT
- Initial Access
- PrivEsc (Local)
- Lateral Movement
- PrivEsc (Network)
- Persistence
- Entrenchment
Competition networks
For working in a "game" network you'll only really need to worry about the following attacker phases (but I'd advise reading this whole thing - you can skip the rest of it if you're more TL/DR):- Lateral Movement
- Persistence
- Entrenchment
I wouldn't really worry beyond that scope in a game because there are almost always rules which allow for the Red Team to pre-compromise the network or you'll have to deal with a network that's riddled with semi-rediculous vulns like MS08-067, RPC-DCOM, or stuff that fits into the category of "easily remotely exploited with default Metasploit".
OSINT
Starting access level: No internal access to the network
End Goal: Targeting / Attack strategy and outline of network resources, identities, etc.
Attacker Steps: Use open and public resources to build out a picture of the target
- Open Source Intelligence (OSINT)
- Focus on identities (people), technology and the context and connections between them
- Connections
- Connections are what ties the individuals and technologies together
- Ex: The organization is hiring for a DBA position so the posting can be analyzed to find out more about the IT support group structure (other individuals) and the technology (type(s) of databases and web servers that are in the network
- Groups, networks, organizations
- Context
- Context refers to the roles and responsibilities of the identities/people that are targets are
- Technology
- OSINT will should provide a background of what's in a target network and a start at how it's all connected together.
OSINT - in context - Phishing
- A commonly used tactic is for attackers to try to get their hands on screenshots or snapshots of internal email or websites to build higher quality phishing or other social engineering content.
For more information on OSINT see:
Initial Access
Starting access level: No internal access
End Goal: Initial access in the network (running arbitrary code in the network)
Attacker Steps: Leverage OSINT information to target and gain access to the network
- Social Engineering
- TL/DR this is where you get people to do things that they probably shouldn't to get easy access to the network. This spans everything from getting users to give personal information to login information to just directly downloading and executing binaries
- Targeted Attacks
- While completely overused in industry, "targeted" means that the content of the attack is crafted for the target, this means a phishing, spearphishing, whaling, etc, piece of content mean to appear especially enticing or valid to the target
- Really this is just about all attacks except for broadly used Exploit Kits (EK's) when used by bot herders
- Remote Code Execution
- Remote Code Execution vulnerabilities come in two main flavors:
- Server-Side RCE
- The old-school flavor (MS08-067, RPC-DCOM, etc) are mostly short-lived software vulnerabilities that crop up in environments that don't have good compliance / patch management and/or 3rd parties running remotely accessible services for a company
- The slightly less old-school flavor are web-based vulnerabilities
- The newer vulnerabilities are those that result in code execution directly on the server through the service endpoint / exposed API surface. This would
- Client-Side RCE
- These are vulnerabilities accessible either through a document format (usually delivered via email) or through a user agent
- Attacks right now seem pretty fixated on 3rd party browser plugins, especially Oracle Java
For more information see:
Social Engineering
Web Vulnerabilities (RCE)
Server-Side Code Execution Bugs (new-school)
Client-Side RCE Bugs
Really nice blog,i enjoyed your infomations. Thank you and i will expect more in future.
ReplyDeleteJAVA Training in Chennai
JAVA Training in Velachery
Software testing training in chennai
Android Training in Chennai
Selenium Training in Chennai
Hadoop Training in Chennai
JAVA Training in Chennai
Java Training in Tnagar
Great Article
DeleteB.Tech Final Year Projects for CSE in Python
FInal Year Project Centers in Chennai
Python Training in Chennai
Python Training in Chennai
ReplyDeleteThanks for sharing an informative blog keep rocking bring more details.I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn much new stuff right here! Good luck for the next!
mobile application development training online
mobile app development course
mobile application development course
learn mobile application development
mobile app development training
app development training
mobile application development training
mobile app development course online
online mobile application development
I have been reading for the past two days about your blogs and topics, still on fetching! Wondering about your words on each line was massively effective. Techno-based information has been fetched in each of your topics. Sure it will enhance and fill the queries of the public needs. Feeling so glad about your article. Thanks…!
ReplyDeletebest software testing training in chennai
best software testing training institute in chennai with placement
software testing training
courses
software testing training and placement
software testing training online
software testing class
software testing classes in chennai
best software testing courses in chennai
automation testing courses in chennai
digital marketing training in chennai
digital marketing classes in chennai
digital marketing course in chennai
digital marketing institute in chennai
digital marketing training centers in chennai
digital marketing training institute in chennai
best digital marketing course in chennai
This is a fabulous article, please try to upload these such articles hereafter.
ReplyDeleteLearn Best Youtube Marketing Course Training in Chennai
Learn Best AWS Developer Course Training in Chennai
Learn Best AWS Architect Course Training in Chennai
Learn Best AWS Cloud Practitioner Certification Course Training in Chennai
I feel satisfied to read your blog, you have been delivering a useful & unique information to our vision.keep blogging.
ReplyDeleteDigital Marketing Course In Kolkata
Web Design Course In Kolkata
Excellent blog!!! I got to know the more useful information by reading your blog. thanks lot!!
ReplyDeleteandroid training in chennai
android online training in chennai
android training in bangalore
android training in hyderabad
android Training in coimbatore
android training
android online training
I was following your blog regularly and this one is very interesting and knowledge attaining. Great effort ahead. you can also reach us for web development company in chennai website design company in chennai
ReplyDeleteI had an old hard drive with Bitcoin on it that I mined months ago. Unfortunately, when I tried to get it up and running again, the data was corrupted. Support @ hacker4wise com helped me to recover the Bitcoin I had in it even after I thought it was all gone. My old investment paid off big time and I was able to reap the rewards thanks to this recovery agency.
ReplyDeleteEmperor Casino - Shootercasino
ReplyDeleteGet your VIP rewards at the Emperor Casino! Play Slots, 제왕카지노 Blackjack, Roulette, Video Poker and more at 제왕카지노 the 카지노사이트 best online casino. T&C Apply.