WELCOME TO CIS 55
Hacker techniques, Exploits, and Incident Handling
Introductions!
Introductions ��
Vaibhav Bhandari
Director, Security @ Sentant, Lib13
Previous - Shape Security, Optum, Microsoft
Class schedule
Before we go further
Let’s make sure everyone understands the syllabus.
Discussion-based class, I don’t want to put you through 5 hours of inner monologue every week.
Please, participate!
Did everyone join discord? Merritt Cybersecurity Bang !Null server�(if you don’t have access, reach out to james_888 on Discord and ask to be added to the server and class CIS 55)
Grading: quizzes and labs
5 Labs, and I drop the lowest score
5 Quizzes and I drop the lowest score
Labs are always due before the class
Quizzes take place between 1pm Friday and Saturday midnight after the class
Labs
Labs will be a combination of essay questions and TryHackMe & Netlabs assignments.
Today, register at tryhackme.com. When registering, pick a username that is combination of your first and last name
Criminal Mind
As an infosec professional, you need to be able to think like a malicious individual in order to defend your org against malicious individuals.
Black Hats
White Hats
Grey Hats
CIA
Confidentiality: Ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access
Integrity: Ensuring that data have not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable
Availability: Ensuring that authorized users have timely, reliable access to resources when they are needed - networks, systems, and applications are up and running
What is penetration testing?
Penetration Testing is answering a simple question: “What would a cybercriminal do to harm my organization’ computer systems, applications, and network?“. It is the practice of testing a computer system, network or web application to find vulnerabilities that an attacker could exploit, simulating an attack against an organization’s IT assets.
Vulnerabilities could be due to multiple reasons, few basic ones being:
�
Phases of penetration testing
Penetration tester usually begins by gathering as much information about the target as possible.
Then he identifies the possible vulnerabilities in the system by scanning.
After which he launches an attack.
Post-attack he analyses each vulnerability and the risk involved.
Finally, a detailed report is submitted to higher authorities summarizing the results of the penetration test.
Reconnaissance
The first phase is planning. Here, the attacker gathers as much information about the target as possible.
The data can be IP addresses, domain details, mail servers, network topology, etc.
In this phase, he also defines the scope and goals of a test, including the systems to be addressed and the testing methods to be used.
An expert penetration tester will spend most of the time in this phase, this will help with further phases of the attack.
Scanning
Based on the data collected in the first step, the attacker will interact with the target with an aim to identify the vulnerabilities. This helps a penetration tester to launch attacks using vulnerabilities in the system. This phase includes the use of tools such as port scanners, ping tools, vulnerability scanners, and network mappers.
While testing web applications, the scanning part can be either dynamic or static.
Actual Exploit
This is the crucial phase that has to be performed with due care.
This is the step where the actual damage is done.
Penetration Tester needs to have some special skills and techniques to launch an attack on the target system.
Using these techniques an attacker will try to get the data, compromise the system, launch dos attacks, etc. to check to what extent the computer system or application or a network can be compromised.
Risk Analysis and Recommendations
After the penetration test is complete, the final goal is to collect the evidence of the exploited vulnerabilities.
This step mostly considers all the steps discussed above and an evaluation of the vulnerabilities present in the form of potential risks.
Sometimes, in this step pen-tester also provides some useful recommendations to implement in order to improve security levels.
Report Generation
Now, this is the final and the most important step. In this step, the results of the penetration test are compiled into a detailed report. This report usually has the following details:
TYPES OF PEN TESTING
Types of Penetration Testing
If the penetration test is conducted from outside the network, it is referred to as external penetration testing
Suppose, the attacker is present inside the network, simulation of this scenario is referred to as internal penetration testing
Targeted testing is usually performed by the organization’s IT team and the Penetration Testing team working together
In a blind penetration test, the penetration tester is provided with no prior information except the organization name
In a double-blind test, at max, only one or two people within the organization might be aware that a test is being conducted
Tools used
Nessus — It is a network and web application vulnerability scanner; it can perform different types of scans and help a penetration tester identify vulnerabilities.
Metasploit — It is an exploitation framework that has been packed with various capabilities. A skilled attacker can generate payloads, shellcodes, gain access, and perform privilege escalation attacks using Metasploit.
Nmap or network mapper — A port scanner that scans systems and networks for vulnerabilities linked to open ports.
Wireshark — It is a tool for profiling network traffic and for analyzing network packets.
Apart from the above ones, there are others like John the Ripper, Burp Suite, Cain and Abel, and many more popular tools.
Know thy enemy
Garden variety hackers
Hacktivists
Script kiddies
Ransomware groups
APTs
Insiders
Zero-day Vulnerabilities
Recommended reading: “This is how they tell me the world ends” by Nicole Perlroth
No system is perfectly secure
Common Attack Vectors�https://attack.mitre.org/
Social Engineering Attacks
Brute Force Attacks
Software vulnerability exploits
Device theft
Privileged access misuse
Denial of Service
Modern Network Defense mechanisms�https://securityonionsolutions.com/
Intrusion Detection/Prevention
Network Malware Prevention
Proxies
Firewall
Endpoint Defenses
Antivirus
Application whitelisting
Sandboxing
Data backup
Patch management
Vulnerability management
Glimpse into the future
Examples of first cyberattacks that had physical world consequences
Stuxnet
NotPetya
Cyberspace – fifth domain of warfare
Everything security
https://www.schneier.com/ �Bruce Schneier, computer security icon:�
“Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets – these and other everyday objects are all on the menu for getting smart”
As everything turns into computer, computer security becomes “everything security”
Discussion: What value can cyber analytics bring to an organization?�
Help prevent business disruption
Influence decision making
Prioritizing cybersecurity – align cyber to the mission
Understanding risk and risk management
Attribution
Safeguarding lives
What makes a good infosec professional?
Security is a team sport
80% process & communication,
20% technology
Knowing current trends and events
Only the paranoid survive
What resources do you use for security news?
My resources to stay updated
Schneier on Security
Krebs on Security
Crowdstrike blog
Dark Reading
Daniel Miessler blog
Troy Hunt
CSO Online
There are hundreds of them..
Lab 1
In your lab doc, include the screenshots of each task, screenshot should include your username.
The End