.png)
Friday, March 3, 2023
Wednesday, January 18, 2023
Leveraging Threat Intel for Proactive Penetration Testing
With the rise of
sophisticated cyber threats, organisations now need to be proactive in order to
identify and mitigate potential risks. Leveraging threat intelligence for
penetration testing can provide a comprehensive picture of an organisation's
security posture. Proactive penetration tests can help detect issues before
they become an attack vector, enabling organisations to protect their
confidential data and intellectual property more effectively. This article will
explore the value of using threat intel for proactive pen tests, as well as
best practices for implementing it in your security strategy.
Benefits of Proactive Pen Tests
Penetration testing is
an essential security measure for any company, as it allows organisations to
identify and address potential vulnerabilities in their systems before
attackers can exploit them. Proactive penetration tests go a step further by
incorporating threat intelligence into the assessment process. This approach
provides companies with greater insight into their risks and offers improved
protection against malicious actors.
Proactive penetration
tests provide several distinct benefits to organisations that employ them. By
leveraging threat intelligence, such tests are able to identify potential
weaknesses from both a technical perspective as well as from the standpoint of
an attacker's mindset. This helps IT teams to gain visibility into how
malicious actors may attempt to access sensitive data, allowing them to take
comprehensive action towards reducing these risks.
How to Leverage Threat Intel
Threat intelligence is
a valuable tool for organisations trying to stay ahead of potential security
threats. Leveraging threat intel can help stop malicious actors before they
have the chance to breach an organisation's defences and cause irreparable
damage. Knowing how to effectively use threat intelligence can be the
difference between detecting a cyber-attack before it happens and being caught
off guard.
Organisations should
begin by understanding the different sources of threat intel, as well as what
type of information each source provides. Attack data from public sources, such
as open-source intelligence (OSINT) and malware repositories, provide insight
into ongoing attacks targeting similar organisations. Private sources,
including commercial services and honeypots, offer more in-depth analysis about
specific threats that may not be available through publicly accessible
channels.
Understanding Potential Risks
Information security
is an important part of any organisation's overall strategy for success. In
order to protect their valuable data and maintain critical operations,
organisations must understand the potential risks they face and take proactive
measures to mitigate them. Threat intelligence and penetration testing are key
components of a comprehensive risk assessment process.
Threat intelligence
involves identifying and analysing threats from outside sources that could
affect an organisation’s data or systems. Security teams use threat intel to
stay informed on the latest malicious activities, such as malware campaigns or
phishing attempts, so they can proactively defend against them. Penetration
testing focuses on assessing the strength of existing internal security
controls by simulating attacks similar to those used by real-world attackers.
By performing these tests regularly, organisations can discover weaknesses in
their security posture before they are exploited by malicious actors.
Implementing Security Controls
Implementing
appropriate security controls is essential for every organisation. Threat intel
and penetration testing can be used to identify vulnerabilities and protect
against malicious actors.
Threat intel combines
the use of technology, human analysis, and collaboration to detect threats
before they have a chance to cause damage. By collecting intelligence from
external sources, organisations can proactively monitor for malicious activity
on their networks. Additionally, threat intel helps organisations understand
the scope of an attack or breach in order to better respond and secure their
systems.
Penetration testing
simulates real-world attacks on an organisation’s infrastructure or
applications in order to identify weaknesses that could be exploited by
attackers. This type of testing typically focuses on identifying
vulnerabilities such as misconfiguration or unpatched software and evaluating
how well existing security controls are protecting the environment.
Conclusion
Organisations can
benefit from using threat intel to enhance their pen testing approach. By
utilising passive and active threat intelligence, pen testers are able to
identify the latest threats and develop proactive strategies for mitigating
potential risks. Additionally, organisations can gain insight into how
attackers may exploit their systems and utilise threat intel to prioritise
their test cases accordingly. Ultimately, proactively leveraging threat
intelligence allows pen testers to accurately detect weaknesses in an
environment’s security posture.
Monday, February 24, 2020
Security Awareness - Cyber Security while travelling
CAVEAT - this is a post I wrote in 2017 and never published most likely due to me forgetting about it.
Read it at your will, I doubt much has changed but I'm not going to update the article as I'm working on the my Azure learning post. I'm sure I'll get around to it again.
The post:
Most of us now have these wonderful smart devices, we use them to view our emails, check our social media and a whole lot more! What's happening even more now is we are connected to our workplace through these wonderful devices. These devices should be treated as very sensitive devices given the amount of data that can be stored and viewed through these devices.
So what do I mean by smart devices?
Blackberry (what?)
Smart Phones
Tablets
Laptops
Can't forget about smart watches and hell if you try hard enough you can hack your fridge [ WIRED.com ] and use it for business purposes!
Even more common lately, especially if you happen to work for a nice company, you now have the option to work on the go/work from home. This makes it a lot more important that you and all users become more aware of security and especially staying secure on the road/at home.
So now that we have an idea of what is meant by smart devices and their uses what can we do about ensuring their security?
Let's work under the presumption that the device you have is already hardened pretty well, you have a phone with MobileIron configured, or you have a laptop with state-of-the-art encryption and secure connections to your workplace. You as a user need to put in place some simple but effective practices to make security great again!
1. Make sure your device is up-to-date.
This my friendly users is so very important. Not only do I mean install the latest Operating System updates, but also to have the latest Anti-Virus protection, your browser updates, adobe/java updates. While this is critical in the normal workplace it is even more critical while on the move!
2. Take what you need.
You're gone for three days, you'll be working on a specific project for the most part and might get a chance to touch on one or two other things. If that's the case just bring those one or two things with you.
Your laptop is six years old, one day you're sitting in the airport bar where service is a little lax, you get up to get another drink and forget to lock the laptop, you turn around not thirty seconds later and the laptop is gone. When's the last time you went through that six-year-old laptop and cleaned it out? If your answer isn't this morning then you've potentially lost six years worth of sensitive data and now your company will be a tad bit angry with you.
Keep it clean and only bring what you need
Read it at your will, I doubt much has changed but I'm not going to update the article as I'm working on the my Azure learning post. I'm sure I'll get around to it again.
The post:
Most of us now have these wonderful smart devices, we use them to view our emails, check our social media and a whole lot more! What's happening even more now is we are connected to our workplace through these wonderful devices. These devices should be treated as very sensitive devices given the amount of data that can be stored and viewed through these devices.
So what do I mean by smart devices?
Blackberry (what?)
Smart Phones
Tablets
Laptops
Can't forget about smart watches and hell if you try hard enough you can hack your fridge [ WIRED.com ] and use it for business purposes!
Even more common lately, especially if you happen to work for a nice company, you now have the option to work on the go/work from home. This makes it a lot more important that you and all users become more aware of security and especially staying secure on the road/at home.
So now that we have an idea of what is meant by smart devices and their uses what can we do about ensuring their security?
Let's work under the presumption that the device you have is already hardened pretty well, you have a phone with MobileIron configured, or you have a laptop with state-of-the-art encryption and secure connections to your workplace. You as a user need to put in place some simple but effective practices to make security great again!
1. Make sure your device is up-to-date.
This my friendly users is so very important. Not only do I mean install the latest Operating System updates, but also to have the latest Anti-Virus protection, your browser updates, adobe/java updates. While this is critical in the normal workplace it is even more critical while on the move!
2. Take what you need.
You're gone for three days, you'll be working on a specific project for the most part and might get a chance to touch on one or two other things. If that's the case just bring those one or two things with you.
Your laptop is six years old, one day you're sitting in the airport bar where service is a little lax, you get up to get another drink and forget to lock the laptop, you turn around not thirty seconds later and the laptop is gone. When's the last time you went through that six-year-old laptop and cleaned it out? If your answer isn't this morning then you've potentially lost six years worth of sensitive data and now your company will be a tad bit angry with you.
Keep it clean and only bring what you need
Wednesday, February 26, 2014
Basic Setup for a Penetration testing lab
Ok so I am part of the college Ethical hacker society and becoming more active I have decided to run a weekly get together to practice pen testing & all things related. Below is the activity I described as a basic setup for someone with no knowledge of VM's or Kali/BackTrack.
###################################################################################
I recommend doing this for every file that you are given
a hash for just as standard practice so you know nothing has been compromised.
To read more on hashing check out: http://www.techopedia.com/definition/19744/hash-function
Install: Kali
Install: Backtrack (BT)
I recommend using virtualisation to host your Operating
Systems when Hacking as you may have tools on Windows that are not available on
BT & vice versa also you could have 2 BT’s open doing different things or
have BT & Kali open simultaneously. This again is my personal opinion but I
find a lot of security people would agree with this setup also.
Install: Metasploitable
###################################################################################
This is just a brief outline of the setup you will need
for the Hacker Soc meetings.
Software:
HashMyFiles: http://www.nirsoft.net/utils/hash_my_files.html
VMPlayer: http://www.truecrypt.org/downloads
OR
VMWorkstation (trial version): https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/10_0
OR
Virtual Box: https://www.virtualbox.org/wiki/Downloads
OR
Backtrack: http://www.backtrack-linux.org/downloads/
Or both
Metasploitable: http://sourceforge.net/projects/metasploitable/
TrueCrypt: http://www.truecrypt.org/downloads
Guide:
HashMyFiles
HashMyFiles is a hash checker. This is used to check the
integrity of the files you have just downloaded.
Usually before downloading you should see a MD5 or SHA
number, take note of this. This is your hash, hashes are a random string of
numbers and letters that are specific to the file you are about to download.
Once the file has been downloaded, load it into
HashMyFiles and wait for it to compute the hash. If the hashes match then
you’re downloads integrity hasn’t been compromised.
VMPlayer/VMWorkstation/Virtual
Box
These tools are virtualisation software used to host your
machines such as Kali/BackTrack which we will get to later.
Personally I use VMWorkstation, I find it really easy to
load VM’s, create new VM’s & generally work with & I used VMPlayer for
a couple of years before hand so it was natural progression.
If you like VMPlayer I recommend using VMWorkstation to
see what more you can do. I can provide support for most things with these programs;
the alternate option is to use Virtual Box (VBox). There is no issue in using
this and from experience it is used a lot more in industry than VMWare but I
will only be able to help out so much before I run into issues.
If you have any issues with these there are loads of
guides and tutorial on googles.
Install: Kali
Kali (not the Indian goddess) is a Debian Linux
Distribution designed for Digital Forensic & Penetration Testing. It is a
continuation of Backtrack; it includes most of the tool you will need for
testing/hacking.
For the purpose of the guide I will be using
VMWorkstation to install Kali but I will release a VMPlayer & VBox guide in
the future.
I recommend using virtualisation to host your Operating
Systems when Hacking as you may have tools on Windows that are not available on
Kali & vice versa also you could have 2 Kali’s open doing different things.
This again is my personal opinion but I find a lot of security people would
agree with this setup also.
So firstly you need to create the Kali VM in
VMWorkstation. To do this go to File > New Virtual Machine.
Select:
>Typical (recommended)
>Installer disk image file (ISO):
>Browse
>Navigate to where you have downloaded Kali
>Open
>Next
>Enter name for your VM
>Select a location for your VM(leave untouched if you
want it to be saved in the standard place)
>Next
>Enter in the size you want to give to your
installation (recommended: 20GB //can be changed in the future if needed)
>Store virtual disk as a single file
>Next
>Now click the Customize hardware button
>Click Memory and increase that. I recommend half of
what your laptop currently has (recommended minimum 2GB). **Do not give the VM
to much RAM as you will slow down your host machine and your laptop could
potentially, to put it in technical terms, crap out**
>Click processors and give it the same amount of
processors that your laptop has (It will give you a error if it is too much)
>Click cores per processors and give it the same
amount of processors that your laptop has (It will give you a error if it is
too much)
>You can configure your Network Adaptors here also;
Leave it as NAT for now.
>Close
>Finish
Your Kali system will now boot up...
>Click into the VM
>Go to Graphical Install
>Press Enter
Kali’s installation wizard will now load.
>Select “English - English” (or appropriate)
>Select “Ireland” (or appropriate)
>Select “Irish” (or appropriate)
This will start the initial installation of Kali, may
take a while depending how much RAM you have given to the machine.
>Enter the hostname for you VM
>You will probably have no domain name so just press
Continue
>Enter your password(for standard we use “ toor “ as
the password)
>Continue
More auto setup
>Partition disks select Guided – use entire disk
>Continue
>Continue
>Continue
>Yes
>Continue (talk about a goto fail eh?)
Installation will continue.
>You will be asked to configure the packet manager
>If you are using a proxy you need to configure it
here, if not click YES and continue
Installation will continue.
>You will be asked to install the GRUB boot loader
(googles for more info)
>Select Yes
>Continue
Installation will continue.
>Installation will complete and click Continue
Instillation has now completed, to access the system you
will need the username and password.
Username: root
Password: toor
Install: Backtrack (BT)
Backtrack is a Debian Linux Distribution designed for
Digital Forensic & Penetration Testing. It is the old version of Kali; it
includes most of the tool you will need for testing/hacking.
For the purpose of the guide I will be using
VMWorkstation to install BT but I will release a VMPlayer & VBox guide in
the future.
So firstly you need to create the BT VM in VMWorkstation.
To do this go to File > New Virtual Machine.
Select:
>Typical (recommended)
>Installer disk image file (ISO):
>Browse
>Navigate to where you have downloaded BT
>Open
>Next
>Enter name for your VM
>Select a location for your VM (leave untouched if you
want it to be saved in the standard place)
>Next
>Enter in the size you want to give to your
installation (recommended: 20GB //can be changed in the future if needed)
>Store virtual disk as a single file
>Next
>Now click the Customize hardware button
>Click Memory and increase that. I recommend half of
what your laptop currently has (recommended minimum 2GB). **Do not give the VM
to much RAM as you will slow down your host machine and your laptop could
potentially, to put it in technical terms, crap out**
>Click processors and give it the same amount of
processors that your laptop has (It will give you a error if it is too much)
>Click cores per processors and give it the same
amount of processors that your laptop has (It will give you a error if it is
too much)
>You can configure your Network Adaptors here also;
Leave it as NAT for now.
>Close
>Finish
Your BT system will now boot up...
>Click into the VM
>Go to BackTrack Text – Default Boot Text Mode
It will take a little bit and you will be presented with:
root@bt:
>Enter “ startx ”
>Press enter
>There will be an icon on the desktop called ”Install
BackTrack”, double click this.
Select:
>English (or appropriate)
>Forward
>The time zone should configure itself, if not select
Ireland on the map (or appropriate)
>Again the keyboard layout should auto config if not
select Ireland – Ireland (or appropriate)
>Forward
>Make sure erase and use the entire disk is selected
>Forward
>Check your settings are correct & select Install
Installation will commence
The next message you will get is to restart. Click the
restart button.
Instillation has now completed, to access the system you
will need the username and password.
Username: root
Password: toor
TO start: startx
Install: Metasploitable
Metasploitable is an intentionally vulnerable Linux
distribution.
This is a great starting point for anyone looking to try
out there skills. There are plenty of guides on the googles of how to exploit
it but I recommend taking a look at it fist and trying out different thing
before you go reading a walkthrough. Its one thing reading but actually
learning how to do it is 10x better!
To load Metasploitable in VMWorkstation you need to go to:
>File
>Open
>Metasploitable.vmx
>Power on this VM
>Select I copied it
Your Metasploitable system will now boot up...
Leave it alone and go to your Kali/BT machine and start
testing against it.
Install: VMTools
VMWare give you the option of install VMWare Tools which
is used to drag things from your host machine to your Kali/BT box. I recommend
doing this so you won’t be constantly plugging in & out a USB drive.
To do this you should select VM > Install VMTools
The VMTools folder will popup.
Now for the mad Linux skillz KFed style...
Drag the VMTools folder to the desktop.
Enter the following commands:
**HINT: if you type VM and then press tab it should auto
fill the rest of it.
Now the fun bit:
Press:
>Enter
>Enter
>Enter
>Enter
>Enter
>y
>Enter
>Enter
>y
>Enter
>y
>Enter
>n
>Enter
>n
>Enter
>y
>Enter
>y
>Enter
>n
>Enter
AHHH It all went black!!!
Phew...
Now reboot your system and test... It may take a second
so be patient!
Install: TrueCrypt
Download,
Install,
Read the guides on the googles...
The only reason I threw this in here is because it is
good practice encrypting your stuff. I have my USB encrypted via TrueCrypt so
if any of you want anything from me you will need it too.
Kali & BT come with it pre installed so just get it
for your windows if you haven’t already.
That is my basic setup guide, a few things to do in Kali
& BackTrack once started would be to open a terminal & enter:
apt-get update;apt-get dist-upgrade
That command will update the OS.
Also:
apt-get install armitage
Saturday, July 27, 2013
DDoS (Distributed Denial of Service) attacks.
DDoS
is when a person or many people attempt to bring down a server or website by
overloading the server with requests. When this is done it essentially prevents
other people for accessing the website or service.
--------------------------------------------------------------------------
What
to expect?
Now
if you attempt this attack by yourself there are a few outcomes that you could
expect:
The
first outcome is if you attempt to deny service to a big website such as Google
or Wikipedia you won’t even make a dent and they will shrug you off like you
were never there.
The
second outcome is if you attempt to deny service to a medium sized website such
as small to medium sized companies who host their own websites. You may slow
them down or even take them down for a few minutes, but eventually all will be
rectified and they will hopefully know better next time. [How to prevent DDoS
attacks article coming soon]
The
third outcome is if you attempt to deny service to a small website, something
like your friend’s website or a personal website. These can be taken down very
easy depending on your own connection.
There
are many other things that can happen but these would be the main ones, DDoS
attacks are more likely to succeed if you are doing them at the same time or set
up botnet or zombie computers, more on them in my forthcoming articles.
--------------------------------------------------------------------------
Big
Attacks in the past:
On
March 18th the largest DDoS attack occurred, this attack was against
Spamhaus, A not-for-profit anti-spam organisation. It began at 10Gbps and
quickly escalated only to peak at 90Gbps. All was quiet for a few days until
March 22nd when the attack resumed and peaks at 120Gbps. This was
the biggest(at the time of writing) attack ever preformed...
But
did it “break the internet” like it was intended? No, Spamhaus had measures in
place to prevent such attacks which kept the systems online, Now not to say
that it wasn't a valiant effort but unfortunately this time it didn't succeed.
--------------------------------------------------------------------------
How
to attack using DDoS?
Most
people use a program to perform their DDoS attacks these days, but I’ll show
you that in a moment, the old way to do things would be as follows:
1. Open your command line
2. Type: "ping [website or IP]
-l 5120 -n 100000 -w 1"
The
website or IP allows you to type one or the other, so for instance it could be www.google.com
or 74.125.24.147.
The “5120”
is the size of the packet your want to send, in this example it is 5KB, this
must not surpass your own capabilities or you could deny your service and not
anyone else’s.
Then
the “100000” is the amount of packets you wish to send to the target, this can
be as many or as little as you want, the more you send the longer the attack
will last.
Finally
the “–w 1” is the amount of time you wish to wait before the next packet is
sent, this can also be altered to suit the individual attack.
Now
that the basic ways are covered I will move onto the programs that people use,
there are many programs out there that can be used but be warned that a lot of
these programs contain backdoors which will allow the backdoor maker access to
your computer, you are best to get clean programs from sources. Some programs
will appear to be infected according to your anti-virus but that is expected,
and is up to your own judgment whether you wish to use it or not.
A lot
of people swear by the LOIC or the Low Orbit Ion Cannon as it was so funnily
called. The LOIC is a program created by anonymous members from the website www.4chan.org.
All that is needed to do is you type in the website name that you wish to
attack, lock on, set thread count(9001 max) and then hit the “IMMA CHARGIN MAH
LAZAR!” button and the attack will be started.
Any
attack has a greater success rate if carried out simultaneously by multiple
people. This can be accomplished by getting friends to do this with you or by
using botnets. Also when carrying out these attacks it is recommended to use a
VPN either paid or free.
------------------------------------------------------------------------------------------------------------
Disclaimer:
All
methods shown in this article are for educational use only, This website will
not be held responsible for your actions (but if you do something stupid feel
free to let us know so we can have a giggle ;) )
Subscribe to:
Posts (Atom)