whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

more info

This commit is contained in:
whackx 2023-08-16 11:54:56 +02:00
parent 6911784f26
commit f6375eddd9
1 changed files with 67 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
README.md
View File

@ -1,14 +1,30 @@
# KillChain Compendium - A Concise Security Handbook # KillChain Compendium - A Concise Security Handbook
The "KillChain Compendium" is a steadily growing, organized collection of in-depth resources, insights, and practical guidance, structured within the framework of the Kill Chain methodology. It serves as a comprehensive reference manual, offering knowledge and strategies for navigating the world of hacking, penetration testing, and cybersecurity. Whether you're an aspiring hacker, a seasoned security professional, or anyone seeking to delve into the intricacies of securing digital systems, the "KillChain Compendium" provides insights into each stage of the cyber kill chain while offering notes, actionable advice and real-world examples to bolster your understanding and capabilities in this complex field. The "KillChain Compendium" is a steadily growing, organized collection of
in-depth resources, insights, and practical guidance, structured within the
framework of the Kill Chain methodology. It serves as a comprehensive reference
manual, offering knowledge and strategies for navigating the world of hacking,
penetration testing, and cybersecurity. Whether you're an aspiring hacker, a
seasoned security professional, or anyone seeking to delve into the intricacies
of securing digital systems, the "KillChain Compendium" provides insights into
each stage of the cyber kill chain while offering notes, actionable advice and
real-world examples to bolster your understanding and capabilities in this
complex field.
## Penetration Testing ## Penetration Testing
Penetration testing, often referred to as pen testing, is a systematic and controlled process of evaluating the security of computer systems, networks, applications, and environments. The primary objective of penetration testing is simulate real-world cyberattacks to identify vulnerabilities and weaknesses that could potentially be exploited by malicious actors. Penetration testing, often referred to as pen testing, is a systematic and
controlled process of evaluating the security of computer systems, networks,
applications, and environments. The primary objective of penetration testing is
simulate real-world cyberattacks to identify vulnerabilities and weaknesses
that could potentially be exploited by malicious actors.
## Pentetration Testing Standards ## Pentetration Testing Standards
Penetration Testing Standards are guidelines and frameworks that provide best practices and methodologies for conducting thorough and effective penetraton testing activities. These Standards help ensure consistency, quality, and rigor in the penetration testing process. Penetration Testing Standards are guidelines and frameworks that provide best
practices and methodologies for conducting thorough and effective penetraton
testing activities. These Standards help ensure consistency, quality, and rigor
in the penetration testing process.
The [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Main_Page) provides the following sections for penetration testing execution The [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Main_Page) provides the following sections for penetration testing execution
@ -23,7 +39,13 @@ The [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Ma
## Rules of Engagement (RoE) ## Rules of Engagement (RoE)
Rules of Engagement (RoE) in the context of penetration testing refer to guidelines, boundaries, and limitations that are established and agreed upon between the penetration testing team (red team) and the organization or client requesting the testing. These rules ensure that the testing is conducted in a controlled manner. They define the scope, targets, and acceptable activities for the engagement. RoE help prevent misunderstandings, conflicts, and unintended consequences dduring the testing process. Rules of Engagement (RoE) in the context of penetration testing refer to
guidelines, boundaries, and limitations that are established and agreed upon
between the penetration testing team (red team) and the organization or client
requesting the testing. These rules ensure that the testing is conducted in a
controlled manner. They define the scope, targets, and acceptable activities
for the engagement. RoE help prevent misunderstandings, conflicts, and
unintended consequences dduring the testing process.
A brief summary of the steps included in the RoE are the following A brief summary of the steps included in the RoE are the following
@ -34,10 +56,12 @@ A brief summary of the steps included in the RoE are the following
In practical terms there is a [Rules of Engagement -- Worksheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?) provided by [SANS](https://www.sans.org/) and [a sample of RoEs](https://redteam.guide/docs/templates/roe_template/) provided by the [RedTeam.Guide](https://redteam.guide). In practical terms there is a [Rules of Engagement -- Worksheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?) provided by [SANS](https://www.sans.org/) and [a sample of RoEs](https://redteam.guide/docs/templates/roe_template/) provided by the [RedTeam.Guide](https://redteam.guide).
## Penetration Testing Campaign ## Penetration Testing Campaign
A penetration testing campaign is a planned and organized series of penetration tests conducted on a specific target, like a computer system, network, or application. It involves a structured approach to identifying and addressing vulnerabilities in order to improve the overall security posture of the target. A penetration testing campaign is a planned and organized series of penetration
tests conducted on a specific target, like a computer system, network, or
application. It involves a structured approach to identifying and addressing
vulnerabilities in order to improve the overall security posture of the target.
A brief summary of the steps included are the following A brief summary of the steps included are the following
@ -45,9 +69,11 @@ A brief summary of the steps included are the following
* **Operations** includes vulnerability scanning, manual testing, analysis an communication with the client * **Operations** includes vulnerability scanning, manual testing, analysis an communication with the client
* **Remediation** includes fixing the identified vulnerabilities, validation by re-testing, the final reporting and the lessons learned * **Remediation** includes fixing the identified vulnerabilities, validation by re-testing, the final reporting and the lessons learned
To support your engagement, a [campaing
checklist](https://redteam.guide/docs/checklists/red-team-checklist/) is
To support your engagement, a [campaing checklist](https://redteam.guide/docs/checklists/red-team-checklist/) is provided by [RedTeam.Guide](https://redteam.guide/). A tool to support the organization of teams in an engagement is [vectr](https://github.com/SecurityRiskAdvisors/VECTR). provided by [RedTeam.Guide](https://redteam.guide/). A tool to support the
organization of teams in an engagement is
[vectr](https://github.com/SecurityRiskAdvisors/VECTR).
## Penetration Testing Methodology ## Penetration Testing Methodology
@ -88,31 +114,49 @@ specific services.
### Gaining Access ### Gaining Access
**Exploitation** is the attempt to exploit identified vulnerabilities in order to gain unauthorized access to systems or applications. This might involve using known exploits, custom scripts, or socail engineering techniques. **Exploitation** is the attempt to exploit identified vulnerabilities in order
to gain unauthorized access to systems or applications. This might involve
using known exploits, custom scripts, or socail engineering techniques.
**Password Attacks** describes the attempt of trying to crack passwords or gain unauthorized access by exploiting weak or default credentials. **Password Attacks** describes the attempt of trying to crack passwords or gain
unauthorized access by exploiting weak or default credentials.
### Privilege Escalation ### Privilege Escalation
**Vertical Movement** is the attempt to gain higher levels of access within the system, potentially through exploiting misconfigurations or vulnerabilities that allow for privilege elevation. **Vertical Movement** is the attempt to gain higher levels of access within the
system, potentially through exploiting misconfigurations or vulnerabilities
that allow for privilege elevation.
**Lateral Movement** is the attempt to move laterally within a computer system to compromise additional systems, potentially exploiting trust relationships or shared vulnerabilites. **Lateral Movement** is the attempt to move laterally within a computer system
to compromise additional systems, potentially exploiting trust relationships or
shared vulnerabilites.
### Covering Tracks ### Covering Tracks
**Removing Evidence** describes taking steps to erase or alter any traces of the penetration testing activities to avoid detection. This might involve deleting logs, altering timestamps, or other techniques to hide the tester's presence. **Removing Evidence** describes taking steps to erase or alter any traces of
the penetration testing activities to avoid detection. This might involve
deleting logs, altering timestamps, or other techniques to hide the tester's
presence.
**Backdooring** is the introduction of backoors to persistent access points to maintain access. **Backdooring** is the introduction of backoors to persistent access points to
maintain access.
### Reporting ### Reporting
**Findings Documentation** includes detail of the vulnerabilities that were successfully exploited, the impact of each vulnerability, and the steps taken to exploit them. **Findings Documentation** includes detail of the vulnerabilities that were
successfully exploited, the impact of each vulnerability, and the steps taken
to exploit them.
**Risk Assessment** is the assessment of potential business impact of each vulnerability, considering factors such as data exposure, service disruption, and financial consequences. **Risk Assessment** is the assessment of potential business impact of each
vulnerability, considering factors such as data exposure, service disruption,
and financial consequences.
**Recommendations** provide actionable remmediation, including prioritization of vulnerabilities based on their severity and potential impact. **Recommendations** provide actionable remmediation, including prioritization
of vulnerabilities based on their severity and potential impact.
**Lessons Learned** reflect on the testing process and provide insights int o the organization's security posture, including areas of strengths and improvements. **Lessons Learned** reflect on the testing process and provide insights into
the organization's security posture, including areas of strengths and
improvements.
## References ## References
@ -121,5 +165,8 @@ specific services.
* [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf) * [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf)
* [CREST](https://www.redscan.com/news/a-guide-to-crest-penetration-testing/) * [CREST](https://www.redscan.com/news/a-guide-to-crest-penetration-testing/)
* [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance) * [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance)
* [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team) as a practical approach * [MITRE ATT&CK](https://tryhackme.com/room/mitre)
* [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team)
* [TIBER-EU](https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html)
* [Red Team Handbook](https://usacac.army.mil/sites/default/files/documents/RT_Handbook_v6.pdf) * [Red Team Handbook](https://usacac.army.mil/sites/default/files/documents/RT_Handbook_v6.pdf)
* [Adversary Emulation Library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library.git)