Penetration Testing with Kali Linux OffSec
|
|
critical
component of cybersecurity. Another important aspect of security is that it usually involves reasoning under uncertainty . Although we have plenty of deductive skills, we are by no means mentally omniscient. We cannot determine everything that follows from a given truth, and we cannot know or remember an infinite number of facts. Consider how a game like chess is different from a game like poker. In chess, you know everything that your opponent does about the game state (and vice versa). You may not know what they are thinking, but you can make predictions about their next move based on the exact same information that they are using to determine it. Playing poker, however, you do not have all of the information that your opponent possesses, so you must make predictions based on incomplete data. When considering the mental perspectives of attackers and defenders, information security is a lot closer to poker than chess. For example, when we simulate an attack, we will never know everything there is to know about the machine/system/network/organization we are targeting. We therefore must make assumptions and estimate probabilities - sometimes implicitly and sometimes explicitly. Conversely, as the defender, we will not be aware of every potential attack vector or vulnerability we might be exposed to. We therefore need to hedge our bets and make sure that our attack surfaces that are most likely to be vulnerable are adequately protected. The problem of the intelligent adversary and the problem of uncertainty both suggest that understanding cybersecurity necessitates learning more about how we think as human agents, and how to solve problems. This means we’ll need to adopt and nurture specific mindsets that will help us as we learn and apply our skills. 3.1.2 A Word on Mindsets Security is not only about understanding technology and code, but also about understanding your own mind and that of your adversary. We tend to think of a mindset as a set of beliefs that inform our personal perspective on something. Two contrasting examples of well-known mindsets are the fixed mindset and the growth mindset. An individual with a fixed mindset believes that their skill/talent/capacity to learn is what it is, and that there is no gain to be made by trying to improve. On the other hand, a growth mindset encourages the belief that mental ability is flexible and adaptable, and that one can grow their capacity to learn over time. Research suggests that, for example, a mindset in which we believe ourselves capable of recovering from a mistake 18 makes us measurably better at doing so. This is just one aspect of the growth mindset, but it’s an important one, since security requires us to make mistakes and learn from them - to be constantly learning and re-evaluating. 18 (APS, 2011), https://www.psychologicalscience.org/news/releases/how-the-brain-reacts-to-mistakes.html Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 32 Another extremely valuable mindset is the aptly-coined security mindset . Proposed by security researcher Bruce Schneier, 19 this mindset encourages a constant questioning of how one can attack (or defend) a system. If we can begin to ask this question automatically when encountering a novel idea, machine, system, network, or object, we can start noticing a wide array of recurring patterns. At OffSec, we encourage learners to adopt the Try Harder 20 mindset. To better understand this mindset, let’s quickly consider two potential perspectives in a moment of “failure.” 1. If my attack or defense fails, it represents a truth about my current skills/processes/configurations/approach as much as it is a truth about the system. 2. If my attack or defense fails, this allows me to learn something new, change my approach, and do something differently. These two perspectives help provide someone with the mental fortitude to make mistakes and learn from them, which is absolutely essential in any cybersecurity sub-field. More information about how to learn and the Try Harder mindset can be found in the “Effective Learning Strategies” Module that is part of this introductory Learning Path. 3.1.3 On Emulating the Minds of our Opponents It’s worth pausing to consider the particular attention that we will give to the offensive 21 side of security, even in many of our defensive courses and Modules. One might wonder why a cybersecurity professional whose primary interest and goal is defending a network, organization, or government should also learn offense. Let’s take the analogy of a medieval monarch building a castle. If the monarch learns that their enemy has catapults capable of hurling large boulders, they might design their castle to have thicker walls. Similarly, if their enemy is equipped with ladders, the monarch might give their troops tools to push the ladders off the walls. The more this monarch knows about their would-be attacker and the more they can think like an attacker , the better defense they can build. The monarch might engage in “offensive” types of activities or audits to understand the gaps in their own defenses. For example, they could conduct “war-games” where they direct their own soldiers to mock-battle each other, helping them fully understand the capabilities and destructive potential of a real attacker. In cybersecurity, enterprises might hire an individual or a firm to perform a penetration test - also known as a pentest A penetration tester takes on the role of an attacker to better understand the system’s vulnerabilities and exposed weaknesses. Leveraging the skill-sets and mindsets of an attacker allows us to better answer questions like “How might an attacker gain access?”, “What can they do with that access?”, and “What are the worst possible outcomes from an attack?”. While learning hacking skills is (of course) essential for aspiring penetration testers, we also believe that defenders, system administrators, and developers will greatly benefit from at least a cursory education in offensive techniques and technologies as well. 19 (Schneier, 2008), https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html 20 (OffSec, 2021), https://www.offsec.com/offsec/what-it-means-to-try-harder/ 21 (Kranch, 2019), https://mjkranch.com/2019/02/why_we_should_teach_offense_first/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 33 Conversely, it’s been our experience that many of the best penetration testers and web application hackers are those who have had extensive exposure to defending networks, building web applications, or administrating systems. 3.2 Threats and Threat Actors This Learning Unit covers the following Learning Objectives: • Understand how attackers and defenders learn from each other • Understand the differences between risks, threats, vulnerabilities, and exploits • List and describe different classes of threat actors • Recognize some recent cybersecurity attacks • Learn how malicious attacks and threats can impact an organization and individuals The term cybersecurity came to mainstream use from a military origin. For clarity, we’ll use cybersecurity to describe the protection of access and information specifically on the Internet or other digital networks. While included within the broader context of cybersecurity, information security also examines the protection of physical information-storing assets, such as physical servers or vaults. As we explore various threats and threat actors throughout this Module, we’ll mainly consider their online capabilities. Therefore, we’ll generally use the term cybersecurity here, but won’t be too concerned about using information security as a synonym. 3.2.1 The Evolution of Attack and Defense Cybersecurity can be especially fascinating because it involves multiple agents trying to achieve mutually exclusive outcomes. In the most basic example, a defender wants to control access to an asset they own, and an attacker wants to gain control over the same asset. This is interesting because both roles, defender and attacker, subsist on the continued persistence of the other. In Yüklə Dostları ilə paylaş:
|