Scribd
Upload
19 views

Ethical Hacking 2 Week Security

Uploaded by

abilkhandulat
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
19 views

Ethical Hacking 2 Week Security

Uploaded by

abilkhandulat
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

Ethical Hacking

Fundamentals
INF 203
CONTENTS 1 What is Security Testing?

Pentesting 2

3 Vulnerability Assessment (VA)

Red Team 4

5 Blue Team

How to conduct the Pentest? 6

7 Methodologies
What is Security
Testing? 01
A good general definition to start from
would be the following:

“Security Testing is the process to


reveal flaws in a system in terms of
Confidentiality, Integrity, Availability
(CIA)”
As you can imagine, there is no agreement on a universal
definition of Security Testing.

Indeed, there are various types of activities that fall under the
umbrella of security testing:

• Security Audit
• Vulnerability Assessment
• Penetration Testing
• Red Teaming
• Ethical Hacking
02
Pentesting
A penetration testing (pentest) is an authorized
simulated cyberattack on a computer system,
performed to evaluate the security of the system.

Important note: Pentest, Red Teaming and


Vulnerability Assessment (VA) are different activities.
Goal of the Pentest
Main objective: The goal of a Pentest is to
simulate real-world cyber attacks to identify and
mitigate potential security risks.

• Identify vulnerabilities and weaknesses in the


system's defenses.
• Improve the overall security posture by
addressing discovered vulnerabilities.
Vulnerability
assesment 03
• If we imagine that system that we are testing is the House with safe:

Pentest vs VA ✓ Pentest is activity that is performed to get content of the safe;


✓ VA is activity that performed to find all unsecured windows/doors and find all
other ways thief can get into the house and to the safe.
04 RED TEAM
Red Team
The Red Team is a group of security experts who simulate real-world cyber-attacks
to test the defenses of a system or organization.
• Objective: Find and exploit vulnerabilities in the system as an external threat.
• Skills required: Advanced knowledge of hacking techniques, creativity, and the
ability to think like an attacker.
Work in collaboration with the Blue Team for a comprehensive security approach.
Red Team Engagement
• Red teaming is a term borrowed from the military. In military exercises, a group would take the role of a red
team to simulate attack techniques to test the reaction capabilities of a defending team, generally known
as blue team, against known adversary strategies. Translated into the world of cybersecurity, red team
engagements consist of emulating a real threat actor's Tactics, Techniques and Procedures (TTPs) so that we
can measure how well our blue team responds to them and ultimately improve any security controls in place.
• The red team will do everything they can to achieve the goals while remaining undetected and evading any
existing security mechanisms like firewalls, antivirus, EDR, IPS and others. Notice how on a red team
engagement, not all of the hosts on a network will be checked for vulnerabilities. A real attacker would only
need to find a single path to its goal and is not interested in performing noisy scans that the blue team could
detect.
Red Team Engagement
Red Team Kill Chain
Pentesting vs Red Teaming

Pentesting Red Teaming


Security Assessment Methodical Flexible

• No Rules*
• 2 weeks - 6 months engagement
• No announcement
• Restrictive Scope • Test Blue teams on programs, policies,
Scope • 1-2 weeks engagement tools, and skills
• Generally Announced • Useful to estimate organization's Time To
• Identify Vulnerabilities Detect
(TTD) and Time To Mitigate (TTM)

* Can't be illegal…

Table Source: Peter Kim, "The Hacker Playbook 3"


Blue team 05
Blue team
The Blue Team is responsible for defending against simulated
cyber-attacks conducted by the Red Team.
• Objective: Detect, respond, and mitigate attacks to
strengthen the overall security posture.
• Skills required: Strong understanding of defensive
strategies, incident response, and security technologies.
Work in collaboration with the Red Team for a comprehensive
security approach.
Purple Team
• The Purple Team is a collaborative approach that involves both the Red and
Blue Teams working together.
• Real-time sharing: Information and feedback are shared to enhance the
overall security by improving detection and response capabilities.
How to conduct
the Pentest? 06
How to conduct the Pentest?

• Time to talk about the phase that is usually called


‘Pre-engagement’. There is a bunch of different
methodologies, but the idea is the same: agree upon
the rules/scope/schedule/etc. of the engagement
and record it in some document.
• Rules of engagement is a formalized document that
is usually signed by both parties (Customer and
Company that perform security testing).
Pre-engagement is about asking questions. More
questions you ask – less problems you get in the
future. You should agree with Customer on
following points:
✓ The goal of the security test
✓ Scope of the engagement
✓ Schedule (milestones)
✓ Risks
What
✓ The allowed techniques information
✓ Deliverables
✓ Statement of work should I get?
Scope of the engagement
We call “Scope of the engagement” as a list of activities you will perform
(e.g. list of checks or OWASP Top 10).
Also, allowed surface of attack is mentioned here. It might be done with
different ways: domain (ask about subdomains), IP, etc.
Understand the surface of attack means resolve all questions concerning
environment (ensure environment is available, you are provided with two
credentials for each role of the application, etc.).
Important note: testing out of surface is illegal!
Schedule
✓ Start date of security test

✓ Ensure timetable allowed hours (some project switch off


environments for a night)

✓Timetable for possible scans if needed (e.g.: “Please do not


switch off environment on some weekend”)

✓ End date
Risks
• Some of activities might cause denial-of-service, loss of the data or slower
the work of other people who share the environment. That’s why it is a
good idea to conduct security test on a separate environment.
• Also, you need to know who is the person that might help you in critical
situation (contact person).
07 Methodologies
Methodologies
Pentest methodologies can be customized based on the specific system, goals,
and industry standards.
Common pentesting methodologies:
1. OWASP Testing Guide
2. NIST SP 800-115
3. OSSTMM (Open Source Security Testing Methodology Manual)
4. PTES (Penetration Testing Execution Standard)
OWASP Testing Guide
• The Web Security Testing Guide (WSTG) Project produces the premier
cybersecurity testing resource for web application developers and security
professionals.
• The WSTG is a comprehensive guide to testing the security of web applications and
web services. Created by the collaborative efforts of cybersecurity professionals
and dedicated volunteers, the WSTG provides a framework of best practices used
by penetration testers and organizations all over the world.
• The OWASP Top 10 is a standard awareness document for


developers and web application security. It represents a broad
consensus about the most critical security risks to web applications.
Companies should adopt this document and start the process of
OWASP Top 10
ensuring that their web applications minimize these risks.
PTES (Penetration Testing Execution Standard)
Penetration Testing Execution Standard (PTES) defines penetration testing as 7 phases. Particularly, PTES Technical
Guidelines give hands-on suggestions on testing procedures, and recommendation for security testing tools.

1 Pre-engagement Interactions

2 Intelligence Gathering
3 Threat Modeling

4 Vulnerability Analysis

5 Exploitation

6 Post Exploitation
7 Reporting
References
1. https://owasp.org/www-project-web-security-testing-guide/
2. http://www.pentest-standard.org/index.php/Main_Page
3. https://tryhackme.com/room/redteamfundamentals
4. https://owasp.org/www-project-top-ten/

You might also like