gurkenhabicht 5be2a146ef | ||
---|---|---|
Cryptography | ||
Enumeration | ||
Exfiltration | ||
Exploits | ||
Forensics | ||
Miscellaneous | ||
Open Source Intelligence | ||
Persistence | ||
Post Exploitation | ||
Reverse Engineering | ||
Reverse Shells | ||
Steganography | ||
README.md |
README.md
KillChain Compendium - A Concise Security Handbook
The "KillChain Compendium" is a steadily growing, organized collection of in-depth resources, insights, and practical guidance, structured within the framework of the Kill Chain methodology. It serves as a comprehensive reference manual, offering knowledge and strategies for navigating the world of hacking, penetration testing, and cybersecurity. Whether you're an aspiring hacker, a seasoned security professional, or anyone seeking to delve into the intricacies of securing digital systems, the "KillChain Compendium" provides insights into each stage of the cyber kill chain while offering notes, actionable advice and real-world examples to bolster your understanding and capabilities in this complex field.
Penetration Testing
Penetration testing, often referred to as pen testing, is a systematic and controlled process of evaluating the security of computer systems, networks, applications, and environments. The primary objective of penetration testing is simulate real-world cyberattacks to identify vulnerabilities and weaknesses that could potentially be exploited by malicious actors.
Pentetration Testing Standards
Penetration Testing Standards are guidelines and frameworks that provide best practices and methodologies for conducting thorough and effective penetraton testing activities. These Standards help ensure consistency, quality, and rigor in the penetration testing process.
The Pentesting Execution Standard provides the following sections for penetration testing execution
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
- Authorized audit of security systems of computers and networks.
Rules of Engagement (RoE)
Rules of Engagement (RoE) in the context of penetration testing refer to guidelines, boundaries, and limitations that are established and agreed upon between the penetration testing team (red team) and the organization or client requesting the testing. These rules ensure that the testing is conducted in a controlled manner. They define the scope, targets, and acceptable activities for the engagement. RoE help prevent misunderstandings, conflicts, and unintended consequences dduring the testing process.
A brief summary of the steps included in the RoE are the following
- Permissions of the penetration testing team
- How the Engagement is done, e.g. internal/external pentest or adversary emulation of advanced persistent threads
- Scope of how the tests are going to be executed, e.g. networks, IPs, exfilration of data, which stage, downtime, DDoS
- Non-Disclosure Agreement (NDA) as a contract describes how knowledge about sensitive data is handled
In practical terms there is a Rules of Engagement -- Worksheet provided by SANS and a sample of RoEs provided by the RedTeam.Guide.
Penetration Testing Campaign
A penetration testing campaign is a planned and organized series of penetration tests conducted on a specific target, like a computer system, network, or application. It involves a structured approach to identifying and addressing vulnerabilities in order to improve the overall security posture of the target.
A brief summary of the steps included are the following
- Engagement includes the planning and information gathering
- Operations includes vulnerability scanning, manual testing, analysis an communication with the client
- Remediation includes fixing the identified vulnerabilities, validation by re-testing, the final reporting and the lessons learned
To support your engagement, a campaing checklist is provided by RedTeam.Guide. A tool to support the organization of teams in an engagement is vectr.
Penetration Testing Methodology
Penetration testing methodologies typically follow a structured approach to systematically identify and exploit vulnerabilities.
Included steps are the following
- Reconnaissance
- Enumeration/Scanning
- Gaining Access
- Privilege Escalation
- Covering Tracks
- Reporting
Reconnaissance
Passive Reconnaissance describes the gathering of information about the target system or organization without directly interacting with it. This involves searching for publicly available data, such as domains names, IP addresses and employee information.
Active Reconnaissance describes the interaction with the target system to collect more detailed information, using tools like WHOIS lookups, DNS enumeration, and network scanning. The goal is to map out the target's network and identify potential entry points.
Enumeration/Scanning
Network Scanning is the identification of active hosts, open ports, and services runing on these ports. This helps the penetration tester understand the network's architecture and potential attack vectors.
Service Enumeration is the gathering of detailed information about services running on open ports, such as version numbers and configurations. This information can be sued to identify known vulnerabilities associated with specific services.
Gaining Access
Exploitation is the attempt to exploit identified vulnerabilities in order to gain unauthorized access to systems or applications. This might involve using known exploits, custom scripts, or socail engineering techniques.
Password Attacks describes the attempt of trying to crack passwords or gain unauthorized access by exploiting weak or default credentials.
Privilege Escalation
Vertical Movement is the attempt to gain higher levels of access within the system, potentially through exploiting misconfigurations or vulnerabilities that allow for privilege elevation.
Lateral Movement is the attempt to move laterally within a computer system to compromise additional systems, potentially exploiting trust relationships or shared vulnerabilites.
Covering Tracks
Removing Evidence describes taking steps to erase or alter any traces of the penetration testing activities to avoid detection. This might involve deleting logs, altering timestamps, or other techniques to hide the tester's presence.
Backdooring is the introduction of backoors to persistent access points to maintain access.
Reporting
Findings Documentation includes detail of the vulnerabilities that were successfully exploited, the impact of each vulnerability, and the steps taken to exploit them.
Risk Assessment is the assessment of potential business impact of each vulnerability, considering factors such as data exposure, service disruption, and financial consequences.
Recommendations provide actionable remmediation, including prioritization of vulnerabilities based on their severity and potential impact.
Lessons Learned reflect on the testing process and provide insights into the organization's security posture, including areas of strengths and improvements.