Penetration Testing Fundamentals -1 E-Book

Penetration Testing Fundamentals -1

Penetration Testing Study Guide To Breaking Into Systems

Table of Content

This eBook is based on Penetration Testing Fundamentals-1 that has been collected from different sources and people. For more information about this ebook. Kindly write to [email protected]. I will happy to help you.

Copyright 2023 by Devi Prasad

This eBook is a guide and serves as a first guide. This book has been written on the advice of many experts and sources who have good command over Ethical hacking, network an programming. They are listed at the end of this book.All images used in this book are taken from the LAB which is created by experts. All rights reserved, including the right to reproduce this book or portions thereof in any form whatsoever. For any query reach out to the author through email.

Advanced Persistent Threat (APT)

An APT distinguishes itself from more traditional intrusions by its strong focus on specific goals. The attacker is driven by a clear objective, such as obtaining proprietary data, and is willing to exhibit extreme patience to achieve it. While breaking down complex processes into simple lists or flowcharts is not recommended, APTs generally exhibit the following characteristics:

Initial Compromise:

Typically carried out or aided by social engineering techniques.

Attacks on clients involve a core technical element (e.g., a Java applet), but success often depends on a convincing pretext tailored to the target and its employees.

Indiscriminate approaches, like casting a wide net, are not effective in modeling APTs and do not align with the strategies employed by adversaries.

Establish Beachhead:

Ensure future access to compromised assets without the need for a repeated initial intrusion.

Involves the use of Command & Control (C2), ideally a custom-created system that offers security and customization capabilities.

Emphasizes the importance of secure C2, while ensuring the traffic appears legitimate.

Escalate Privileges:

Attain local and, eventually, domain administrator access.

Explores various methods, dedicating considerable space to reliable approaches and subtle concepts.

Internal Reconnaissance:

Gather information on the surrounding infrastructure, trust relationships, and the Windows domain structure.

Highlights the critical role of situational awareness in APT success.

Network Colonization:

Expand control to other network assets using harvested administrative credentials or alternative attacks.

Described as lateral movement, involving the spreading of influence across the infrastructure and exploiting other hosts.

Persist:

Ensure ongoing control through Command & Control.

Persistence involves maintaining access to the target regardless of machine reboots.

Complete Mission:

Exfiltrate stolen data, the crucial objective of any APT.

Emphasizes that APTs are focused on well-defined targets, usually proprietary data, and success is achieved when the targeted data is located and liberated.

The author, a penetration tester with extensive experience, argues that conventional penetration testing is inadequate for protecting organizations against targeted APT attacks. The book advocates for moving beyond the limitations of contemporary penetration testing methodologies to effectively counter potential adversaries, including organized crime and nation-states engaged in industrial espionage. Foreign intelligence agencies are highlighted as significant players in such activities, operating not only against hostile nations but also in broader contexts.

Next-Generation Technology

There are numerous technologies in the market claiming to prevent Advanced Persistent Threats (APTs) by effectively blocking unknown malware. Some of these products offer additional security layers by incorporating behavioural analysis, such as identifying a Metasploit callback based on the actions of an executable rather than relying on antivirus signatures, which can be easily circumvented. Despite their merit, these technologies are easily modelled due to their well-understood behaviour. Genuine APTs are orchestrated by skilled threat actors with the capability to develop their own tools, demonstrating a profound understanding of modern intrusion detection and prevention systems.

In the discussion of modelling techniques, the SSH protocol is heavily emphasized for its effectiveness in solving multiple issues. It not only conceals activity from monitoring systems but also presents the appearance of legitimate traffic. It is essential to clarify what an APT is not. Misconceptions abound, and some organizations, both commercial and otherwise, provide advice and services based on flawed understandings of APTs. The following article from InfoWorld addresses and refutes some prevalent myths:

Myth 1: Elevated Log-ons Late at Night

APT attackers, once they compromise a target, do not need audited login methods, as they deploy their Command & Control infrastructure.

Skilled attackers can easily circumvent auditing logs, rendering mechanisms like elevated log-ons ineffective.

Myth 2: Widespread Backdoor Trojans