26 Dec 2022
Attack Surface Reduction Threats are failing all around meTwo to go…
Tool, technique, or method used to attack a computer system or network. Attacks include but not limited to:
Surface area of the victim of an attack that can be impacted by an attack vector and cause damage. Attack surfaces generally contain:
Surface can not be eliminated without fleeing battlefield, but can be reduced. Consider Greek Phalanx - front of defending army covered by shields, walls/geography cover sides, leaving no room for attacker. In cybersecurity most secure computer is one that is shut down with cables removed. Need to focus on reduction, not elimination.
Based on AoC occurences:
Website defaced because of open SSH port, closed the port
SSH port was protected by password, but not strong enough to resist brute-forcing. Make brute-forcing more expensive and less feasible by implementing stronger password and timeout after X failed attempts.
GitHub repo with sensitive info, including credentials. Made information private, best practice to ensure credentials and sensitive info not committed to GitHub repos.
Phishing emails when no phishing protection enabled. Enable filtering on server so mail identified as apoofed or phishing was dropped instead of delivered.
Delivered phishing email contained doc with malicious macros. Mitigate the risk by disabling macros on end-user machines to avoid malicious macro-based attacks.
Strenghtened network as whole, then used MS’s Attack Surface Reduction rules built into Defender for Endpoint to build similar rules for own EDR (Endpoint Detection and Response) platform.
Further strengthened by carryingout vuln scans highlighting vulns in internet-facing infrastructure. Patched the vulns.
Get the flag by answering questions on static site and increasing defences.
Task done, fun quiz, moving on.