Book: CH 1 Flashcards

1
Q

Assessment Methodology:

PTES

Penetration Testing Execution Standard

A
  • Built around expectations of the attacker’s actions / how they operate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Assessment Methodology:

OSSTMM

Open Source Security Testing Methodology Manual

A
  • Built around expectations of the attacker’s actions / how they operate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Testing Methodology:

Cyber Kill Chain

A
  • Military concept of the structure of an attack
  • Identify where the attacker is in their process so you can adapt your own response tactics.

Lockheed Martin adapted the military concept to the info security space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security Testing Methodology:

Attack Life Cycle

A
  • Describes exactly how attackers have operated since the attacks started against computing infrastructure
  • Rather than a theoretical exercise / military focus
  • Recognizes that usually an attack is not 1-and-done, there is a loop that happens in the middle
  • They use the compromised systems to launch additional attacks within the environment
  • These attacks don’t happen quickly, it can take days or weeks to move to each of the phases
  • These are usually organizations NOT individuals
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

List The Phases of
The Cyber Kill Chain

(7 Phases)

aka: Phases of the Intrusion Kill Chain

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Phases of The Cyber Kill Chain:

Phase 1:
Reconnaissance

A

Identify target and potential points of attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Phases of The Cyber Kill Chain:

Phase 2:
Weaponization

A
  • May create a custom piece of malware that is specific to the target
  • May use common off-the-shelf (COTS) malware too
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Phases of The Cyber Kill Chain:

Phase 3: Delivery

A

How you get the weapon

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Phases of The Cyber Kill Chain:

Phase 4: Exploitation

A
  • Could be when the mailicious software infects the victim’s system

Exploitation leads to installation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Phases of The Cyber Kill Chain:

Phase 5: Installation

A
  • The attacker will install additional software to maintain access to the system
  • May setup remote access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Phases of The Cyber Kill Chain:

Phase 6: Command & Control

A
  • Gives attackers remote access to the infected system
  • May involve additional software installation or sending directives to infected system

Also Seen As: C2 or C&C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Phases of The Cyber Kill Chain:

Phase 7: Actions on Objective

A
  • Attackers have goal objectives they are trying to achieve
  • The attacker may try to get info or make the system perform actions (Example: DoS)

The attacker won’t stop until they achieve their objectives, so there’s a lot of activity in this phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Phases of The Attack Life Cycle:

Phase 2: Initial Compromise

A

Usually launches Phishing Attacks to gain access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Phases of
Attack Life Cycle

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Phases of The Attack Life Cycle:

Phase 1: Initial Recon

A

Identifies victim and potential attack possibilities using open source intelligence and public sources

Example: social media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Phases of The Attack Life Cycle:

Phase 3: Establish a Foothold

A

Once the system is compromised, make sure to retain access to get back in when needed

15
Q

Phases of The Attack Life Cycle:

Phase 4: Escalate Privileges

A
  • Attacker needs admin privileges to move into the loop that happens
  • as they keep moving & gathering additional systems and credentials
16
Q

Phases of The Attack Life Cycle:

Phase 5: Internal Recon

A
  • Investigating connections within the system and with other systems in the network
  • Trying to identify other credentials that are known in the system
17
Q

Phases of The Attack Life Cycle:

Phase 6: Move Laterally

A
  • aka: East-West movement
  • Attackers need to know what systems there are: servers, workstations
18
Q

Phases of The Attack Life Cycle:

Phase 7: Maintain Presence

A
  • With every system the attacker gets access to, they need to maintain it
  • Any malware that is allowing access needs to remain running
19
Q

Phases of The Attack Life Cycle:

Phase 8: Complete Mission

A
  • Where data may be exfilitrated from the environment
  • May not be a 1 time thing, they may continue to find additional targets in the environment
20
Q

Security Testing Methodology:

MITRE ATT&CK Framework

A
  • Is a taxonomy of TTPs (techniques, tactics & procedures)
  • Real world TTPs organized into categories
  • Continually updates, no step-by-step instructions, only high-level descriptions of activities
21
Q

Stages of The
ATT&CK Framework

A
  1. Reconnaissance
  2. Resource Development
  3. Initial Access
  4. Execution
  5. Persistence
  6. Privilege Escalation
  7. Defense Evasion
  8. Credential Access
  9. Discovery
  10. Lateral Movement
  11. Collection
  12. Command & Control
  13. Exfiltration
  14. Impact
22
Q

Stages of The ATT&CK Framework:

A
23
Q

Methodology of Ethical Hacking

A
  • Reproduce what real-life attackers would do
  • Info Security is not just protection or prevention. You need to be able to detect all of these attacker activities
24
Q

Ethical Hacking Methodology:

Reconnaissance & Footprinting

A

Determine the size and scope of your test

  • Reconnaissance - gather info about your target to understand the scope up front to help you narrow your actions so you don’t do anything unethical
  • Footprinting - understanding the org’s footprint by identifying network blocks, hosts, locations & people
25
Q

Ethical Hacking Methodology:

Gaining Access

A
  • Many consider this to be the most important / interesting part of a pen test
  • Demonstrating where some services are potentially vulnerable by exploiting the service
26
Q

Ethical Hacking Methodology:

Scanning & Enumeration

A
  • After network blocks are identified, you want to identify systems that are accessible within those network blocks
  • Identify services running on any available host, these will be used as entry points.
  • Exposed network services: list of all open ports and identify service & software running behind each open port
  • The more info gathered here the easier the next stage will be
27
Q

Ethical Hacking Methodology:

Maintaining Access

A
  • Emulating common attack patterns
  • May need to install a rootkit, which gives backdoor access and obscure you actions and existence on the system.
  • Persistence - install software that reaches out to systems on the internet because inbound access is often blocked by a firewall.

Outbound access is often allowed from the inside of a network in a completely unrestricted manner

28
Q

Ethical Hacking Methodology:

Covering Tracks

A
  • Hide/delete all evidence of your access and continued access
  • Malware can ensure that your actions aren’t logged or can misreport info to the system
  • Sometimes your actions to cover your tracks can leave evidence of your actions