Dear PenTest Readers,
Due to intensifying ransomware attacks over the recent months, we take a closer look into this notorious type of threat in the current edition, making it the main focus of the issue. Observing the dangerous trend of holding companies and public institutions for ransom successfully performed by malicious actors, our contributors decided to share their expertise on the topic, presenting it from many different security angles.
Inside, you will find both practical tutorials and case studies, as well as more theoretical analyses of ransomware. To start with, you will explore the methodology of getting the cryptographic keys, and see what to do to avoid the damage caused by such attacks. Then, you will read an interesting case study report on how to encrypt a victim machine using a delay between server and sensor communication. If you are into Machine Learning and using it for ransomware detection, we have a great, more theoretical piece for you in the issue. Also, you will find an interesting article on looking at this type of attacks from a threat intelligence perspective, and you can dive into another interesting case study on the usage of a Breach & Attack Simulation (BAS) tool.
If you’re looking for more tool-related articles, not necessarily in the context of ransomware prevention, they are also here! AttackPwn, an adversary emulation tool that helps using the techniques of MITRE ATT&CK framework, and two parts of the academic presentation of Crypto - the Virtual Ethical Hacker, are waiting for you to be discovered!
There is also another case study in this month’s edition - you have an opportunity to read a professional report on engine problems in threat hunting labs.
Last but not least, you will read a great article on training yourself to manually find vulnerabilities in apps, in the case of writing an insecure Django app.
Without further ado,
Enjoy the reading!
PenTest Magazine's Editorial Team
Table of Contents
Ransomware Prevention and Advanced Analysis
by Washington Almeida
When the ransomware WannaCry infested devices around the globe, in one of the biggest attacks in history, few professionals knew what to do to reach the cryptographic keys of the infection process. In this article, I invite PenTest Mag readers to follow me exploring the methodology to get the cryptographic keys and see what to do to avoid the damage caused by such attacks.
Infection with Ransomware Using Delay in Applying Policies
by Filipi Pires
The purpose of this document is to report on the execution of several efficiency and detection tests in our endpoint solution, provided by Cybereason. This document presents the result of the defensive security analysis with an offensive mindset performing a ransomware to encrypt the victim machine using a delay between server and sensor communication.
Leveraging Machine Learning Techniques for Ransomware Detection & Classification
by Tatyana Stojnic
Through utilizing machine learning we can pre-empt ransomware attacks before they happen and improve upon existing software used to combat malware. Of course, that doesn’t mean that machine learning algorithms themselves are hacker-proof but that’s a whole topic in itself. The best algorithm to use really depends on the situation and your objective, but random forest trees, k-nearest neighbour, binary classifiers and clustering techniques, such as EM and k-means, are commonly used.
Managed Pentesting Using Breach & Attack Simulation: Ransomware Case Study
by John Snyder
Ransomware simulation and mitigation is likely to be the element of MPT that even companies with limited security awareness find most compelling. The local business news in most markets rarely go a week without announcing that some retailer or municipal government has been crippled by a ransomware attack. This style of managed service allows traditional pentesting providers to, for the first time, offer security services to small customers on a continuous basis. But it may give those providers a different kind of security: cash-flow security.
Ransomware - A Threat Intelligence Perspective
by Aaron Roberts
What is very clear when it comes to ransomware, is that the threat isn’t going away, and it’s only going to get more involved and challenging to stop. As an industry, we need to continue pushing for improved patching of vulnerabilities, ensure employees have appropriate training in detecting phishing emails and that all best practices are followed. You could be the victim of the next Tesla insider-threat approach, or you could find Ransomware actors charging you twice not to sell your data online in addition to having encrypted an entire network. We must collaborate, and we must support each other to stop Ransomware. This is not a threat that’s going to disappear until we stop making it so easy and profitable for the villains. Let’s do that together.
ATTPwn - Adversary Emulation Tool
by Pablo Gonzalez Perez and Fran Ramirez
ATTPwn is a tool designed to emulate opponents. The tool's goal is to bring emulation of a real threat closer to implementations using the techniques and tactics outlined in the MITRE ATT&CK framework. The idea is to emulate how a threat operates in an intrusion scenario, where the threat has succeeded. The application is geared towards Microsoft Windows systems by using the PowerShell command line, allowing the different techniques based on MITRE ATT&CK to be applied. Furthermore, the tool is designed to allow the emulation of adversaries for a Red Team exercise and to be able to verify the effectiveness and efficiency of controls in the organization in response to a real threat.
Threat Hunting Labs Engines Problems in Cybereason AV [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]
by Filipi Pires
There are a large number of cyber threats today. Many of these cyber threats can be based on malicious code and one type of code is known as malware (malicious software or maldoc - malicious document) to refer these kinds of threats. The term malware is a generic term that covers all types of programs specifically developed to perform malicious actions on a computer, thus the term malware has become the name for any type of program specifically developed to perform harmful actions and malicious activities on a compromised system. This paper presents how it is possible to execute several efficiency and detection tests in an endpoint solution, provided by Cybereason, this document presents the result of the defensive security analysis with an offensive mindset performed in the execution of 42 different malware in a controlled environment, using three different techniques simulating a real-attack, with the final result, the front responsible for the product will have an instrument capable of guiding a process of mitigation and/or correction, as well as optimized improvement, based on the criticality of risks.
Writing Insecure Django App
by Dinesh Sharma
I will be writing an insecure Django app, but since the article has a limit and I can’t write the complete app in it, I will be writing only vulnerable SQL injection code and then I will keep the rest app as a task for you to do. Don’t worry, I will also put my code for other vulnerabilities in Github and you can always take reference from it. My own vulnerable app is still under development.
Crypto - Project Report - Part 1
Stafford Titus, Vignesh G
Nowadays, hackers have become a worldwide menace. Cybersecurity has acquired a phenomenal role in today’s scenario where we can fight against cyberattacks. The implementation of security techniques on their own is a tedious task. It takes a lot of time and work. Thus, in this proposal, our approach is to integrate security services in an AI assistant, making it an intelligent security buddy. It would thus provide several security features such as network scanning, DDOS scanning, etc., as a part of the assistant’s characteristics. Thus, the assistant not only serves as a personal assistant per se but also as a Smart Firewall and a Virtual Ethical Hacker.
Crypto - Project Report - Part 2
Stafford Titus, Vignesh G
In the project, we presented an unparalleled smart defence system that is able to perform the real-time analysis and detect threats and vulnerabilities. This provides intuition as to how Artificial Intelligence can be better designed to improve the security of the system, thus making it an intelligent security buddy.