Penetration Testing with Kali Linux OffSec

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
47 
enables a system to split access authorization requirements between multiple systems or 
persons. With this in place, we can design a system so that no one person has the root 
credentials. 
3.4.5
Threat Modelling and Threat Intelligence 
After we’ve completed an inventory for both systems and software and we understand our 
organization’s requirements, we’re ready to begin researching potential threats. Security teams 
research (or leverage vendor research about) threats to different industries and software. We can 
use this information in our 
Threat Modelling
.
77
Threat modelling describes taking data from real-
world adversaries and evaluating those attack patterns and techniques against our people, 
processes, systems, and software. It is important to consider how the compromise of one system 
in our network might impact others. 
Threat Intelligence
78
is data that has been refined in the 
context
of the organization: actionable 
information that an organization has gathered via threat modelling about a valid threat to that 
organization’s success. Information isn’t considered threat intelligence unless it results in an 
action item
for the organization. The existence of an exploit is not threat intelligence; however, it 
is
potentially useful information that might lead to threat intelligence. 
An example of threat intelligence occurs when a relevant adversary’s attack patterns are learned, 
and
those attack patterns could defeat the current controls in the organization, 
and
when that 
adversary is a potential threat to the organization. The difference between security information 
and threat intelligence is often that security information has only been studied out of context for 
the specific organization. When real threat intelligence is gathered, an organization can take 
informed action to improve their processes, procedures, tactics, and controls. 
3.4.6
Table-Top Tactics 
After concerning threat intelligence or other important information is received, enterprises may 
benefit from immediately scheduling a 
cross organization
discussion. One type of discussion is 
known as a 
table-top
, which brings together engineers, stakeholders, and security professionals to 
discuss how the organization might react to various types of disasters and attacks. Conducting 
regular table-tops to evaluate different systems and environments is a great way to ensure that all 
teams know the 
Tactics, Techniques, and Procedures
(TTPs)
79
for handling various scenarios. 
Often organizations don’t build out proper TTPs, resulting in longer incident response times. 
Table-top discussions help organizations raise cross-team awareness, helping teams understand 
weaknesses and gaps in controls so they can better plan for such scenarios in their tactics, 
procedures, and systems designs. Having engineers and specialists involved in table-tops might 
help other teams find solutions to security issues, or vice-versa. 
Let’s imagine a scenario in which we learn that a phishing email attack on an administrator would 
represent a complete company compromise. To build up our defensive controls, we may decide 
to create an email access portal for administrators that is physically isolated. When the 
administrators view their email, they would do so through a screen displaying a client view into a 
77
(NIST, 2022), https://csrc.nist.gov/glossary/term/threat_modeling 
78
(NIST, 2022), https://csrc.nist.gov/glossary/term/threat_intelligence 
79
(NIST, 2022), https://csrc.nist.gov/glossary/term/tactics_techniques_and_procedures 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
48 
heavily-secured email sandbox. This way, emails are opened up inside a sandboxed machine on 
separate hardware, instead of on administrative workstations that have production access. 
Table-top security sessions are part of 

Yüklə

Dostları ilə paylaş: