Lecture 13: More on Offense and Intro to Defense

In depth notes to be posted post lecture.

Metasploit plugins

https://docs.metasploit.com/docs/using-metasploit/intermediate/how-to-use-plugins.html

SQLMAP

For HW3, here are some options you could’ve run to get more in-depth results. I suggest looking into them for future assignments.

1
msf > sqlmap -u "http://10.3.10.237:3000/questions?search=12" --cookie="token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IkJvYiIsImlhdCI6MTc3ODU2MDE1M30.rAFAWXDdELrmfDY6moR5hoov0nNtJ-BiVVtAh2k9OUw" -v 3 --risk=3 --dump --level=2

Others

There are numerous other plugins that are supported (nessus as an example is a great scanning tool).

Password Cracking

I recommend Hashcat for most operations, especially if you have access to a GPU. Password cracking is done on the hashes and the salts (along with the hashing algorithm) and to apply patterns (if any) to aid in finding the right password.

• https://hashcat.net/hashcat/
• Wiki
• Applying more rules for better speedup
• https://github.com/openwall/john - a popular alternative to Hashcat

Intro to Cyber Defense

Tactics Techniques and Procedures

Here’s a Splunk article that will explain TTP better than my own words: https://www.splunk.com/en_us/blog/learn/ttp-tactics-techniques-procedures.html

Essentially, TTP is a way for us to describe how an attacker (threat actor) behaves and helps inform us (as defendors) on how to best protect systems from an attack.

Defense in Depth and Risk

Defense in depth (or the swiss cheese model) essentially describes having multiple layers of protection in order to block off more attacks. We know that every layer of security will always have holes in them (just like swiss cheese). No software written is perfect so instead of relying on a single point of failure, we want to have layers of protection to prevent people from relying on one vulnerability to compromise our systems. Like a stack of swiss cheese, the more pieces of cheese we have, the less likely we will be able to find a directy path from the top all the way to the bottom. I’ve included a diagram from Wikipedia visualization purposes. Ideally, we would try to stack more layers that don’t have overlapping holes (the more layers, the more likely there will be layer that blocks an attack).

References

• https://github.com/ticarpi/jwt_tool/wiki
• https://github.com/sqlmapproject/sqlmap/wiki/usage
• https://sqlmap.org/
• https://csrc.nist.gov/glossary/term/tactics_techniques_and_procedures
• https://askubuntu.com/questions/911525/difference-between-systemctl-init-d-and-service

Recording