TRYHACKME

PASTA framework

(Process for Attack Simulation and Threat Analysis)

STRIDE Framework

(Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service and Elevation of privileges)

Privilege Access Management (PAM)

A solution that helps protect the privilege accounts within a domain. manages the privileges a system access role has

the biba model

An access control model used to ensure integrity. It uses two primary rules: no read down and no write up. Compare to BellLaPadula model.

Denial of Service

Applications and services use up system resources, these two things should have measures in place so that abuse of the application/service won't result in bringing the whole system down.

Information Disclosure

Applications or services that handle information of multiple users need to be appropriately configured to only show information relevant to the owner is shown.

Tampering

By providing anti-tampering measures to a system or application, you help provide integrity to the data. Data that is accessed must be kept integral and accurate.

Post-exploitation/lateral discovery/spread

This stage involves a few sub-stages: 1. What other hosts can be targeted (pivoting) 2. What additional information can we gather from the host now that we are a privileged user 3. Covering your tracks 4. Reporting

information gathering

This stage involves collecting as much publicly accessible information about a target/organization as possible, for example, OSINT and research. Note: This does not involve scanning any systems.

Enumeration/Scanning

This stage involves discovering applications and services running on the systems. For example, finding a web server that may be potentially vulnerable.

Exploitation

This stage involves leveraging vulnerabilities discovered on a system or application. This stage can involve the use of public exploits or exploiting application logic.

OWASP (Open Web Application Security Project)

a community-driven and frequently updated framework used solely to test the security of web applications and services. An organization that maintains a list of the top 10 errors found in web applications.

The Open-Source Security Testing Methodology Manual (OSSTMM)

provides a detailed framework of testing strategies for systems, software, applications, communications and the human aspect of cybersecurity.

Confidentiality

the act of holding information in confidence, not to be released to unauthorized individuals

Threat Modeling

the process of reviewing, improving, and testing the security protocols in place in an organisation's information technology infrastructure and services. The principles all return to: Preparation Identification Mitigations Review

Integrity (CIA Triad)

Ensuring the accuracy and validity of information. Common ways to maintain data integrity are to store it securely, control access to it, and encrypt it.

Rules of Engagement (ROE) (PENTEST STAGE 1)

Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test and gives the test team authority to conduct defined activities without the need for additional permissions. outlines the permission, test scope, and rules

Privilege Identity Management (PIM)

Giving certain users roles/responsibilities within an organization

Grey Box Testing

Gray-box testing is a combination of white-box testing and black-box testing. The tester will have some limited knowledge of the internal components of the application or piece of software. Aim of this testing is to search for the defects if any due to improper structure or improper usage of applications. In the context of the CEH this also means an internal test of company networks.

Bell-LaPadula Model

The Bell-La Padula Model is used to achieve confidentiality. The model works by granting access to pieces of data (called objects) on a strictly need to know basis. This model uses the rule "no write down, no read up". A combination of DAC and MAC, primarily concerned with the confidentiality of the resource. - 2 security properties define how information can flow to and from the resource: the simple security property and the * property

Exploitation (STAGE 4)

The exploitation stage involves the knowledge from your enumeration to now identify and exploit vulnerabilities in any of their applications (that are in scope). Exploitation is the use of a vulnerability discovered to gain un-authorised access to an information security system or data.

Enumeration & Scanning (PENTEST STAGE 3)

The goal of this stage is to get a complete picture of your target. A penetration tester will try to identify user accounts, machines on their network, network shares, applications etc. Information gathered from stage 2, and the engagement scope document will help in enumerating your target. The enumeration phase is very important as your findings are used to exploit your target's systems (stage 4).

information gathering (PENTEST STAGE 2)

The information gathering stage of an engagement is often undervalued. This stage involves using publicly accessible channels to collect intel on your target.

elevation of privilege

This is the worst-case scenario for an application or service. It means that a user was able to escalate their authorization to that of a higher level i.e. an administrator. This scenario often leads to further exploitation or information disclosure.

Post-exploitation/lateral discovery/spread (STAGE 5)

The post exploitation stage starts when you've gained unauthorised access to a system. At this stage of the engagement, your main goals will be to maintain access to the system and escalate your privileges within the system to a super user or administrator user. After doing this, you'll be extracting sensitive information from the system and attacking other components in the environment (e.g. if the system is part of a network, you will attempt to gain access to other machines in the network).

Privilege Escalation

The process of gaining elevated rights and permissions. Malware typically uses a variety of techniques to gain elevated privileges. You can escalate horizontally and vertically, horizontally is accessing another account of the same permission group (i.e. another user), whereas vertically is that of another permission group (i.e. an administrator).

White Box Testing

The tester will have full knowledge of the application and its expected behaviour and is much more time consuming than black-box testing. Testing based on an analysis of the internal structure of the component or system.

repudiation

This principle dictates the use of services such as logging of activity for a system or application to track.

Pentest Report & Clearing-up (STAGE 6)

This stage usually occurs at the end of a penetration test. As a penetration tester, you will have to explain the results of your engagement to the client. This is usually done in the form of a report that contains details regarding any security issues you've found and how to mitigate them. The client will use this report to understand the security issues and fix the flaws in the technology stack that was tested. It's also best practice to clean up the environment you've been testing (where possible). For example, if you were provided access to machines or tooling by the client, you need to delete any artefacts that have been created as a result of testing

Black Box Testing

This testing process is a high-level process where the tester is not given any information about the inner workings of the application or service.

NIST Cybersecurity Framework

a popular framework used to improve an organisations cybersecurity standards and manage the risk of cyber threats. provides guidelines on security controls & benchmarks for success for organisations from critical infrastructure (power plants, etc.) all through to commercial. There is a limited section on a standard guideline for the methodology a penetration tester should take.

Spoofing

a technique intruders use to make their network or internet transmission appear legitimate to a victim computer or network This principle requires you to authenticate requests and users accessing a system. Spoofing involves a malicious party falsely identifying itself as another. Access keys (such as API keys) or signatures via encryption helps remediate this threat.

availablity

accessibility of systems for delivering, storing, and processing electronic protected health information

NCSC CAF

an extensive framework of fourteen principles used to assess the risk of various cyber threats and an organization's defenses against these. The framework applies to organizations considered to perform "vitally important services and activities" such as critical infrastructure, banking, and the likes. The framework mainly focuses on and assesses the following topics: Data security System security Identity and access control Resiliency Monitoring Response and recovery planning

CIA triad (Confidentiality, Integrity, Availability)

an information security model that is used in consideration throughout creating a security policy. This model has an extensive background, ranging from being used in 1998.

Defense in Depth

employing multiple layers of controls to avoid a single point-of-failure