Dear PenTest Readers,
In the current issue, we focus on the topic of MITRE ATT&CK. There is no doubt that this non-profit, globally-accessible base of knowledge of adversary tactics and techniques is crucial for being up-to-date and effective as an information security specialist, especially during red and blue teaming practice. Our contributors present you with a comprehensive perspective of using this helpful framework - from a general overview of how MITRE should be understood and used, through the context of Threat Hunting, honeypots, attack simulation, to the benefits for enterprise. No matter if you’re experienced in applying this methodology in your everyday pentesting work, or if you’re just getting started learning about MITRE, you’ll definitely find something to enhance your knowledge!
As usual, apart from the main topic, you will find various content on offensive security and interesting tools.
Without further ado,
Let’s dive in the reading!
PenTest Magazine’s Editorial Team
Table of Contents
Adversary Emulation And The ATT&CK Matrix
by prof. Fabrizio Baiardi and Emilio Panti
We discuss the strengths and weaknesses of adversary emulation to assess the security of a system. Then, we show how it can avoid some of the problems that arise when adopting a penetration test, a popular assessment strategy. Lastly, we describe the MITRE ATT&CK matrix that supplies the inputs of an adversary simulation as it defines the tactics and the techniques an attacker may adopt.
Role of MITRE ATT&CK in Cybersecurity Operations and Threat Hunting during the COVID-19 Outbreak
by Jalasutram Sai Praveen Kumar
According to NTT Ltd.’s monthly threat report for April, a continuing increase has been observed in phishing campaigns, which are currently the most observed threats employing the COVID-19 theme. It was also observed that the tactics and strategy of the threat actors are becoming more sophisticated and more focused. It was noticed that an extensive number of threat actors are leveraging techniques from phishing campaigns to malware infrastructures like TrickBot and Lokibot to deliver malware globally. Apart from the prior-mentioned, Gamaredon APT Group, PoetRAT, BABYSHARK, etc., are some of the other phishing campaigns that are actively exploiting organizations across the globe.
by Harpreet Singh
Within each tactic there are multiple techniques and sub-techniques, this is the way the adversary can achieve that objective. Each technique is specific to the type of target and the specific adversary group that used it. The framework is not only targeted to simulate the attacks but also provides mitigation strategy to protect against a behavior. Armed with this knowledge we can be better prepared for how an adversary will prepare and launch an attack.
MITRE and Honeypots [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]
by Mikael Vingaard
This article will give you an introduction to honeypots seen both from an attacker and defender point of view. While honeypots are a well-matured defense concept, only very mature organizations seem to have such creatures implemented – mostly due to the lack of knowledge on the power of the honeypot! Join us for an introduction and see how defenders can benefit from deployment of honeypots and how everything can be mapped up to the MITRE ATT&CK framework.
Adopting MITRE ATT&CK Framework
by Sandeep Jayashankar and Subin Thayyile Kandy
The “real world observations” is what differentiates the ATT&CK framework from the rest of its predecessors. Thus, the framework aims to enhance any security decisions, be it adversary detection, remediation actions, or future roadmap planning, which always relies on the attacker’s perspective and the current attack trends. This article defines the adoption of the ATT&CK framework in enterprise environments and how the framework can be leveraged across multiple disciplines in an organization, including Blue Team, Red Team, Risk Management, Security Architecture, and Stakeholders.
Pivoting - As an Attack Weapon
by Filipi Pires
When conducting a web application penetration test there are times when you want to be able to pivot through a system to which you have gained access to other systems in order to continue testing. There are many channels that can be used as avenues for pivoting. This paper examines the most commonly used channels for pivoting, like SSH local port forwarding, and during one of my activities, I talked to a friend who presented me with an excellent tool for executing the pivoting technique; this tool is known as Chisel.
CRYPTO - The Virtual Ethical Hacker
by Staford Titus
Nowadays, hackers have become a worldwide menace. Cybersecurity has acquireda phenomenal role in today’s scenario where we can fight against these cyber-attacks. The implementation of the security techniques on their own is a tedious task. It takes a lot of time and work. Thus, hopefully this article aided in depicting my approach to integrate security services in an AI assistant, making it an intelligent security buddy or the World’s First Virtual Ethical Hacker.
by Joshua Cajetan Rebelo
Now that the coronavirus/COVID-19 has been declared a pandemic by WHO, threat actors will continue to prey on misinformation and fear to trick unwitting users into clicking links or opening attachments that claim to offer information about it or a cure for it. We encourage users to exercise caution when doing searches, clicking on links, or opening attachments (in emails) with a coronavirus/COVID-19-related subject line.
Meaningless Comparison of Different Authenticators
by Hitoshi Kokumai
“Pandemic-resistant Teleworking” - we started to use this phrase five years ago as a use case of the expanded password system that provides ‘hard-to-forget’, ‘hard-to-break’ and ‘panic-proof’ digital identity authentication platform, though it was no more than a hypothetical statement at that time. We now witness the pandemic assaulting us before we get ready. We were unfortunately late for the current Covid-19. When, not if, the next one hits us in 5, 10 or 20 years ahead, humans will probably be yet more heavily dependent on Digital Identity. We or our successors will hopefully be able to make a meaningful contribution to the safe and resilient cyber life.
Response in Pandemic Time via Telework
by Ahmed Mostafa
When a pandemic has occurred and an outbreak happens, most factories have been closed, which affects employees, which affects products, which affects sales and markets - that’s as simple as we can put it; it’s like play dominos, when the first one moves, the others will drop. So to save your company, you need to focus on what your clients NEED as there is much need nowadays, especially in e-commerce and trading online, which will lead to people needing to complete some applications to satisfy their need. You need to make sure your organization is still working online to stay alive and get through this pandemic time safely.