Remember to STAY IN SCOPE!!!
Server architecture
Please see slides here
Intro to Pentesting
Please STAY IN SCOPE!
Red v. Blue
- Red team is the traditional penetration testing term
- Blue team is the traditional defender team
- Comes from military concepts
- Relatively new: Purple team - combination of red and blue
Traditionally, a red team pentest is conducted with no insider knowledge of the attacking
enviornment (i.e., they pretend to be actual malicious hackers to gain access to your systems).
Purple team pentests work with the blue teams to establish targets, helps add defenses to “steps
along the way” and provide more specific goals.
Advantages of purple teaming – If an organization does excellently at preventing initial access,
purple team can still provide benefits to an org as they can bypass inital security checks.
Advantages of red teaming – Harder to overlook low-hanging vulnerabilities since they are literally
coming from the perspective of attackers. Blue team won’t tell you what is “easy” or “hard” to break
into!
Playbook
- Reconnaissance
- Talk to your clients!
- OSINT (passive and/or active)
- Intelligence gathering
- Scanning / Vulnerability Assessment
- Answer: What’s available to be attacked? What sorts of vulnerabilities should I be considering?
- nmap
- nessus
- metasploit
- Exploitation
- Attack phase!
- Look at CVEs, known vulnerabilities
- Eternalblue (windows)
- Mimikatz
- Metasploit is also useful here
- MITRE ATT&CK frameworks
- Post-Exploitation
- More in depth attacking & cleanup
- Command and control, laternal movement, privilege escalations
- Make sure you cleanup! Don’t leave your client’s systems in a mess!
- Report
- No report == nothing being done
In class example
We went through the Cap Machine on HackTheBox as a demo.
Resources
Remember to STAY IN SCOPE!!!
Recording