« Previous 1 2 3 4
Discovering indicators of compromise
Reconnaissance
Summary
Now you have a good idea of what an exploit looks from both the attacker's and the defender's perspective. I value the defender's perspective the most; the blue team worker is the one, at least in my mind, who accomplishes that essential step of customizing various security controls, such as IDS and SIEM systems.
Of course, you can automate the process of discovering and even responding to these types of changes. Well-known exploits are already preprogrammed in host- and network-based IDS solutions, but a good security analyst knows that hackers are always changing their tactics and techniques. Therefore, an IT administrator or security worker must know how to investigate and review these types of attacks with the use of non-automated tools.
Once you know how to view an attack from both perspectives, you can take this relatively simple example and trace more activities related to the hacker process, and you can discover more IoCs and use this information to make your IDS and SIEM tools work more efficiently.
Infos
- "Open Source Intelligence Tools for Pen Testing" by James Stanger, ADMIN , issue 45, 2018, pg. 20, http://www.admin-magazine.com/Archive/2018/45/Open-source-intelligence-tools-for-pen-testing
- "Improved defense through pen testing" by James Stanger, ADMIN , issue 48, 2018, pg. 54, http://www.admin-magazine.com/Archive/2018/48/Improved-defense-through-pen-testing
- Edmond Locard: https://en.wikipedia.org/wiki/Edmond_Locard
- Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
- Mitre ATT&CK: https://attack.mitre.org
- Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
- Wireshark: http://www.wireshark.org
- CrackStation: http://crackstation.net
- GPUHash.me: https://hashkiller.co.uk
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.