01 Dec 2022
Frameworks Someone’s coming to town!Frameworks is referring to security frameworks, in this case namely NIST Cybersecurity Framework, ISO 27000 series of standards, MITRE ATT&CK framework, the Cyber Kill Chain, and the Unified Kill Chain.
NIST CSF has five essential functions: Identify -> Protect -> Detect -> Respond -> Recover. This helps prioritize cybersecurity investments and make continuous improvement.
27001 and 27002 are known for cybersecurity. ISMS means information security management system. These standards can be used to asses an instituion’s ability to meet set infosec requirements through application of risk management.
Knowledge base of TTPs (tactics, techniques, and procedures) to help identify patterns. Structure similar to periodic table, maps techniques against phases of attack chain and references systems exploited.
Kill chain describes structure of attack; consists of target identification, descision and order to attack the target, then target destruction. CKC developed by Lockheed Martin. Seven stages: Recon -> Weaponization -> Delivery -> Exploitation -> Installation -> Command & Control -> Actions on Objectives. IDing stages helps to understand adversary’s TTP and defend against it.
Unification of MITRE ATT&CK and CKC frameworks. Provides model to defend agains cyber attacks from adversary’s perspective. 18 phases of attack based on TTPs. Phases can be combined to form bigger goals.
Gain access to system or network. Cycle can be a loop while trying to maintain access. Typical critical steps: Recon - research target using public info Weaponisation - setup needed infrastructure Delivery - payloads delivered (i.e. phishing, supply chain attacks, etc) SE - trick target into performing untrusted/unsafe actions on payload Exploitation - Make use of found existing vulnerabilities Persistence - leave behind fallback presence to maintain foothold Defence Evasion - disable and avoid security defence mechanisms. Delete evidence of presence Command & Control - Establish communication channel to compromised system
Gain more access and privileges. Repeat until satisfied. Pivoting - compromised system can be launchpad to other systems Discovery - gather as much data as possible (users, data, vulns, assets) Priv Esc - get higher privs Execution - execute malicious code from elevated priv Credential Access - Find login creds in data extracted Lateral movement - change systems and such
Compromise Confidentiality, Integrity, and Availability (CIA). Motives are Money, fame, sabotage. Cause as much damage and run without being detected. Collection - aggregate data and info gained. Compromise confidentiality of trade secrets, financial info, PII Exfiltration - Get data out without suspicion Impact - Use aquired privs to manipulate, interrupt, sabotage Objectives - Defining and understanding apparent objectinve/goals in social or technical lanscape helps to defend
Solve puzzles on static site. Recommended rooms after the answers: UKC, CKC, MITRE, or Cyber Defence Framework module. And just like that day one is completed.