Penetration Testing Summary:
Penetration testing is simulated attacks by malicious hackers, to assess the security of computer network system for evaluating the method.
Penetration testing process:
Test to determine the range -> test of time determined -> acceptable test the bottom line -> Information Collection -> Vulnerability Discovery -> exploit -> after penetration test -> documenting
PTES standard penetration testing process :
The early stage of interaction -> intelligence-gathering stage -> Threat Modeling stage -> Vulnerability analysis phase -> penetration attacks stage -> after penetration attacks stage -> report writing stage
WEB application penetration testing process :
Lockheed Martin, the definition of "kill chain" (network kill chain):
- Investigation Tracking: search for the attacker targets weaknesses, specific means such as collecting phishing attacks using the login credentials and information
- Arms build: making use of loopholes and backdoors can send a weapons carrier
- Load delivery: network packet delivery of weapons to targets, such as sending fraudulent email with malicious links
- Exploit: on the victim's system to run exploit code
- Installation of the implant: the installation of malicious software in the target location
- Command and control: the establishment of a path can remotely control the target system for the attacker
- Goal achievement: an attacker to remotely accomplish its intended target
APT attack (Advanced Persistent Threats) : refers to the high-level attacks prepared by the attacker, this does not include general aggressive behavior, such as a website linked to horse, and external chain; any of the fundamental principles of APT attacks include detailed preparation and step by step strategy, where we will APT attack designed phase sequence (called kill chain).
Kill chain of related steps:
Reconnaissance phase -> Select Tool (weapons stage) -> Fishing Stage -> load delivery stage -> stages of infection -> Mobile network stage -> target the action phase
Network attacks kill chain process:
Branch to : information collection -> Network Intrusion -> privilege escalation attacks -> network penetration -> Hardware backdoors -> Clear traces of invasion
Green League : scanning probe -> penetration attacks -> Attack invasion -> Installation Tools -> malicious behavior
Eye in the sky : reconnaissance -> Intrusion -> Command Control -> penetrate laterally -> data breaches -> trace cleaning up
Original attack chain model :
Surveillance Target: target the investigation, make full use of social engineering to understand the target network
Maker: Specifies the main tool to attack, such as pdf files with malicious code or office documents
Transfer tools: tools to convey the attack on the target system, commonly used approaches include email attachments, website (linked to horse), U disk, etc.
Trigger tool: using the application or operating system vulnerabilities of the target system, triggering Tools run on the target system
Installation Trojan: remote control program (Tema) installation, allow an attacker to long-term potential in the target system
Establish a connection: the Internet and a channel controller C2
Perform the attack: the attack was to perform the desired behavior, such as stealing information, information tampering
STIX White Paper :
Surveillance Target: target the investigation, make full use of social engineering to understand the target network
Maker: Specifies the main tool to attack, such as pdf files with malicious code or office documents
Transfer tools: tools to convey the attack on the target system, commonly used approaches include email attachments, website (linked to horse), U disk, etc.
Trigger tool: using the application or operating system vulnerabilities of the target system, triggering Tools run on the target system
Objective: To establish a channel C2 with the Internet server controller
Implementation activities: execution was required to aggressive behavior, such as stealing information, information tampering
Reserved stronghold: Create attack stronghold, expanded attack victories
hacker attack phase :
- Information-gathering capabilities: in the information gathering stage, information about the destination network or destination host attacker resulting 'amount of information, reflects the information-gathering capabilities of the attacker
- Ability to obtain rights: in order to obtain privileges, an attacker exploit attacks gain control permission for the target system. Obtain permission level, permission attacker's ability to obtain reaction.
- Target control capabilities: the installation stage back door, through the attacker to install a backdoor in the system do the program, continue to keep control of the target system. High and low, to some extent operating system privilege level of the attacker has the ability to control the reaction of the attacker's target.
- The ability to expand its influence: to expand its influence in expanding the impact phase, the attacker has control of the target system as a breakthrough, the target belongs to other hosts in the network attack, attack to expand the influence, and thus ability to obtain more information, the attacker's reaction ability.
- Eliminate traces of ability: the ability to eliminate traces of the stage, the elimination of attack of the attacker after the attack traces, to prevent identification, tracking.