当前位置：网站首页>On the self-cultivation of an excellent red team member

On the self-cultivation of an excellent red team member

2022-06-25 03:50:00 【InfoQ】

In the attack and defense drill , To be an excellent red team member, you need to master many skills , Different abilities , The degree of difficulty in learning and mastering is different . The difficulty of skills is the primary factor of ability grading . From low to high, it is divided into basic capabilities 、 Advanced capabilities and advanced capabilities .

One 、 Basic ability

Basic capabilities mainly include Web Vulnerability utilization capability and basic security tool utilization capability .

Web Vulnerability exploitation capability

It is using Web The ability of a system or program to implement a network attack . because Web System is the construction form of most institutional business systems or external service systems , therefore Web Vulnerability exploitation is also the most common 、 One of the most basic forms of network attack .

Basic security tool utilization capability

It mainly includes Burp Suite、sqlmap、AppScan、AWVS、Nmap、Wireshark、MSF、Cobalt Strike And other basic security tools . Skilled tool utilization ability is the guarantee for efficient penetration work .

Two 、 Advanced ability

Advanced capabilities mainly include Web Vulnerability mining 、Web Development and programming 、 To write PoC or EXP And so on 、 There are four types of social worker fishing .

Web Vulnerability mining

It's mainly about Web The ability of a system or software to exploit vulnerabilities . In the excavation Web Application vulnerability , A common form of vulnerability is command execution 、 Code execution 、 Parsing vulnerabilities 、XSS、 Weak password 、 Upload files 、SQL Inject 、 Logical loopholes 、 Information disclosure 、 Configuration error 、 Deserialization 、 Authority bypass, etc .

Web Development and programming

Master one or more programming languages , It is the red team personnel who dig deeply Web Application vulnerability 、 analysis Web Important basic capabilities of site and business system operation mechanism . In the actual attack and defense drill , The blue team most often meets 、 The programming languages you need to master are Java、PHP、Python、C/C++、Go etc. .

To write PoC or EXP And so on

PoC yes Proof of Concept Abbreviation , Proof of concept , It refers to the code written to verify the existence of the vulnerability . Sometimes it is also used as 0day、Exploit（ Exploit ） Another name for .EXP yes Exploit Abbreviation , Exploit code . Generally speaking , There are loopholes, not necessarily EXP, But there is EXP, There must be a loophole .

Social workers go fishing

It is a combat technique often used in actual combat attack and defense drills , It is also the most common attack method used by gangs or hacker organizations . In many cases , It is much easier to attack people than to attack systems . There are many ways and means for social workers to fish . In the actual attack and defense drill , Most commonly used , There are four main skills that are also the most practical ：

Open source intelligence gathering

、

The social work library collects

、

Harpoon mail

and

Social fishing

. among , The first two are intelligence gathering capabilities , The latter two belong to the interactive ability of attack and defense .

3、 ... and 、 Higher level capabilities

High level capabilities mainly include system layer vulnerability utilization and protection 、 System layer vulnerability mining 、 Identity hiding 、 Intranet penetration 、 master CPU Instruction set 、 Advanced security tools 、 To write PoC or EXP Such as advanced utilization and team collaboration .

System layer vulnerability utilization and protection

In response to a variety of network attacks , There are many underlying security mechanisms within the operating system . And every security mechanism , All correspond to certain forms of network attack methods . For the red team , Learn and master the underlying system security mechanism , Discover defects or vulnerabilities in the design of security mechanisms in programs or systems , It is an important foundation to realize high-level network attack . In the actual attack and defense drill , The most practical and commonly used system layer security mechanisms are 7 Kind of ：

SafeSEH、DEP（Data Execution Protection, Data execution protection ）、PIE（Position-Independent Executable, Address independent executable ）、NX（No-eXecute, Unenforceable ）、ASLR（Address Space Layout Randomization, Address space randomization ）、SEHOP(Structured Exception Handler Overwrite Protection Structured exception handling covers protection )、GS( Buffer security check )

System layer vulnerability mining

System level vulnerability mining requires many relatively advanced vulnerability mining methods . From a practical point of view , this 6 This method is the most practical ：

Code tracking 、 Dynamic debugging 、Fuzzing technology 、 Patch comparison 、 Software reverse static analysis 、 System security mechanism analysis

Identity hiding

To avoid your own truth IP、 physical position 、 Equipment characteristics and other information are recorded by network security equipment in the process of remote intrusion , Even traced to the source , Attackers usually use various methods to hide their identities . In the actual attack and defense drill , The identity hiding technologies adopted mainly include the following categories ：

Anonymous networks 、 Steal from others ID/ account number 、 Use the springboard machine 、 The identity of others is falsely used and the proxy server is used

etc. .

Intranet penetration

It means that the red team has completed the border breakthrough , After successfully invading the internal network of the company , Implement further penetration attacks in the organization's internal network , Break through the internal security protection mechanism layer by layer , The attack process of expanding the outcome or eventually taking the target system . In the actual attack and defense drill , More practical intranet penetration capabilities include

Workgroup or domain context penetration 、 Intranet permission maintenance / Raise the right 、 Horizontal expansion 、 Data theft and immunity

etc. .

master CPU Instruction set

CPU Instruction set , namely CPU A set of instructions used to calculate and control a computer system . Each of these CPU In the design, there will be a series of instruction systems matching with other hardware circuits . The instruction system includes instruction formats 、 Addressing mode and data form . The instruction system of a computer reflects all the functions of the computer . Different machine types , Its instruction set is also different . And the red team is right CPU Command set mastery , It will directly determine the blue team's ability to mine and exploit system level vulnerabilities . at present , The most common CPU The instruction set has

x86、MIPS、ARM and PowerPC

Advanced security tools

But these tools have higher basic skill requirements for users , It's hard for beginners to master . In a practical environment , The most commonly used tools are

IDA、Ghidra、Binwalk、OllyDbg、Peach Fuzzer

etc. .

To write PoC or EXP And so on

In a practical environment , Frequently used network security equipment and systems include IP Cipher machine 、 Security router 、 Line cipher machine 、 A firewall 、 Security server 、 Public key infrastructure （PKI） System 、 Certificate of Authorization （CA） System 、 Safe operating system 、 Antivirus software 、 The Internet / System scan system 、 intrusion detection system 、 Network security early warning and audit system, etc . Network security equipment itself will also have various security vulnerabilities , In the actual attack and defense drills in recent years , Such vulnerabilities are being exploited more and more . Here, network security devices refer to finding vulnerabilities in various network security devices and using them to write PoC or EXP The ability of .

Teamwork

The attack team mainly consists of

Operation commander in chief 、 Intelligence gatherers 、 Weapons and equipment manufacturers 、 Manage the implementation personnel 、 Social workers and fishermen 、 Intranet penetration personnel

Wait for the character . With the deepening of the actual attack and defense drill , The overall ability of the defensive team continues to improve , This makes it less and less likely that the attack team members will win by themselves . And by the 3～5 An attack team of people , The mode of efficiently completing attack actions through division of labor and cooperation is becoming more and more mature . Do you have experience in teamwork , What roles each member of the team plays , It is an important indicator of the actual combat ability of the attack team .

原网站

版权声明
本文为[InfoQ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/176/202206250043247754.html