Cybersec Flashcards
Info gathering; OSINT
OSINT: Open Source Intelligence
Gather information from open sources (Google, job adverts, social media etc.)
Enumeration
Scanning a target to know more about technical properties (Scanning IP range for responding hosts, Look for open ports etc.)
Exploitation
-Try to get access to systems
-Often involves using or building exploits
Priv Esc - Horizontal - Vertical
Privilege Escalation - expanding system access
Horizontal - you gain access to another account with similar permissions
Vertical - gain access to accounts with different permissions (often higher)
Post-explotation
When a true attacker realise their attack objective
Evaluate if you can use your access to target other hosts (pivoting)
Any additional information we can gather
Cover tracks
Report
Black-box
Pentester have no knowledge about the attack target
Similar to real attack
Able to capture “reconnaissance” aspects of an attack
Time-consuming and expensive
Grey-box
Pentester have some knowledge about the attack target
Performed as an attack from the outside, but some knowledge given to the Pentester
Speeds up the test, cheaper
Can target certain aspects of the test target
White-box
Pentester have access to full knowledge such as internal documentation
Used for detailed testing
Allows for the entire attack surface to be evaluated
Describe the 3 Hacker hats
- A white-hat is someone who use their skills for good and stay within the law
- A gray-hat typically use their skill for their perception of good. They do not follow laws or ethical standards if that conflicts with their objectives
- A black-hat is a criminal who seek some kind of gain, typically at the expense of others
Pentest - ROE
Rules of engagement
- Permission to perform the test
- Scope of the test (machine, system)
- Rules (permitted or forbidden techniques or what the Pentester should do upon certain discoveries)
Attack tree
You model all possible ways to compromise a target
Allows you to create a map to try all possible attacks one by one
Neat way to report your pentest
Cyber kill chain
A model which outlines the phases of an attack
Developed by company Lockheed Martin
7 steps involved
Cyber kill chain step 1
Reconnaissance: Identify and select target, often includes OSINT and network scanning
Cyber kill chain step 2
Weaponization: Preparation of attack payload
Get or create weapons for the attack, such as downloading or develop a tool
Cyber kill chain step 3
Delivery: Find a way to deliver payload to target
Can be phishing, drive by download or direct network communication
Cyber kill chain step 4
Exploitation: Trigger payload
Have it run somehow, can be dependent on a user action (phishing) or using vulnerability in target
Cyber kill chain step 5
Installation: Installation of a backdoor or Remote Access Trojan to maintain access
Cyber kill chain step 6
Command and control(C2) : Establish infrastructure to enable C2 access to the compromised host
Cyber kill chain step 7
Actions on objectives: With access to target device the attacker can fulfil their original objectives
Ransom, data exfiltration etc.
MITRE ATT&CK
Described as a knowledge base and model for cyber adversary behaviour
Aims to reflect the phases and actions an attack may include
3 technology domains: Enterprise, Mobile, Industrial Control System (ICS)
Pentesting - Infection vectors
Paths taken to infect victims
The approach used to expose victims, or victim machines, to malicious content or actions
Malicious attachment
Deliver your payload as a message attachment
Black hat Search Engine Optimization (SEO)
You create malicious websites and make them appear high in search lists for tending keywords
Drive-By download
Exploit users web browsers to make them automatically download malicious content when visiting a web site
