Skip to content

Latest commit

 

History

History
302 lines (275 loc) · 39.2 KB

README.md

File metadata and controls

302 lines (275 loc) · 39.2 KB

Security Tool Chest

Anticipating and mitigating security threats is critical during software development. This paper is going to detail and investigate security vulnerabilities and mitigation strategies to help software developers build secure applications and prevent operating system leaks. This paper examines common vulnerabilities, and provides relevant mitigation strategies, from several relevant perspectives. This paper hopes to encompasses the cyber Kill chain as part of the five stage compramision stages, displaying relevant tools, books and strategies at each stage.


Contents

Reconnaissance

Active Intelligence Gathering

Under this method, the targeted organization may become aware of the ongoing reconnaissance process since the pentester is actively engaging with the target. During this phase, he takes an active part in mapping network infrastructure, then he enumerates and/or scans the open services for vulnerabilities, and eventually searches for unpublished directories, files and servers. Other similar activities include OS Fingerprinting, Banner grabbing, and Web server application scan.

Passive Intelligence Gathering

This option is under discussion provided that there is an explicit demand for the gathering activities not to be detected by the target. In this regard, the pentester cannot use tools that send traffic to the targeted company neither from his host nor an “anonymous” one across the Internet. Not only will that be technically burdening but also the person who performs the pentest will have to substantiate his findings with whatever he can dig out from archived or stored information, which is at times not up to date and incorrect because it has been limited to inquiries collected from third parties.

Frameworks

In computer programming, a software framework is an abstraction in which software providing generic functionality can be selectively changed by additional user-written code, thus providing application-specific software. A software framework provides a standard way to build and deploy applications.

Social Engineering in the Context of Intelligence Gathering

Social engineering is deemed one of the most widespread avenues for gathering information on a particular individual or a firm. A lot of information is out there – just check the popular social media websites. Also, websites like Pipl, PeekYou, and Spokeo may come in handy as they will provide access to email addresses, locations, phone numbers, and even family tree information.

  • Eavesdropping
  • Shoulder Surfing

Weaponization

The cyber attacker does not interact with the intended victim. Instead, they create their attack. For example, the attacker may create an infected Microsoft Office document paired with a customized phishing email, or perhaps they create a new strain of self-replicating malware to be distributed via USB drive. There are few security controls, including security awareness, that may impact or neutralize this stage, unless the cyber attacker does some limited testing on the intended target.

Delivery

Transmission of the attack to the intended victim(s). For example, this would be sending the actual phishing email or distributing the infected USB drives at a local coffee shop or cafe. While there is an entire technical industry dedicated to stopping this stage, people also play a critical role.

Phishing

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

Command and Control

Remote Access Tools

In computing, the term remote desktop refers to a software or operating system feature that allows a personal computer's desktop environment to be run remotely on one system, while being displayed on a separate client device. Remote desktop applications have varying features.

Staging

Lateral Movement

Establish Foothold

Privilege Escalation

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

Local Escalation

Data Exfiltration

Data exfiltration occurs when malware and/or a malicious actor carries out an unauthorized data transfer from a computer. It is also commonly called data extrusion or data exportation. Data exfiltration is also considered a form of data theft.

Software For Team Communication

  • RocketChat is free, unlimited and open source. Replace email & Slack with the ultimate team chat software solution. https://rocket.chat
  • Etherpad is an open source, web-based collaborative real-time editor, allowing authors to simultaneously edit a text document https://etherpad.net

Log Aggregation

Log aggregation is a valuable tool, but it isn't normally a good tool for time-series data. A log aggregation system is a great place for collecting event data. These are irregular activities that are significant. An example might be access logs for a web service.

DLL Architecture

Dynamic linking is a mechanism that links applications to libraries at run time. The libraries remain in their own files and are not copied into the executable files of the applications. DLLs link to an application when the application is run, rather than when it is created.

Kernel32.dll

This is a very common DLL that contains core functionality, such as access and manipulation of memory, files, and hardware.

Advapi32.dll

This DLL provides access to advanced core Windows components such as the Service Manager and Registry.

User32.dll

This DLL contains all the user-interface components, such as buttons, scroll bars, and components for controlling and responding to user actions.

Gdi32.dll

This DLL contains functions for displaying and manipulating graphics.

Ntdll.dll

This DLL is the interface to the Windows kernel.

WSock32.dll and Ws2_32.dll

These are networking DLLs. A program that accesses either of these most likely connects to a network or performs network-related tasks.

Wininet.dll

This DLL contains higher-level networking functions.

Best Tools

  • Dissasembler – IDA Pro
  • Debugger – OllyDbg, WinDbg
  • System Monitor – Process Monitor, RegShot. Process Explorer
  • Network Monitor – TCP View, Wireshark
  • Packer Identifier – PEID
  • Unpacking Tools – Qunpack. GUNPacker
  • Binary Analysis Tools – PE Explorer, Malcode Analysts Pack
  • Code Analysis Tools – LordPE, ImpRec

X86 Architecture

The x86 architecture is an instruction set architecture. It is a set of computer processors that were developed by the Intel Corporation. x86 architecture defines how a processor handles and executes different instructions on a computer by setting standards on application execution.

  • **EAX:**Extended Accumulator Register
  • EBX: Extended Base Register
  • ECD: Extended Counter Register
  • EDX: Extended Data Register
  • ESI: Extended Source Index
  • EDI: Extended Destination Index
  • EBP: Extended Base Pointer
  • ESP: Extended Stack Pointer

The POP instruction pops a value or memory address which is the name in the stack. Additionally it also increments the stack pointer to point to the new top of the stack. The PUSH instruction pushes a value to the stack and decrements the stack pointer to point to the new top.

References

License

License: GPL v3