You're reading from Cybersecurity Attacks ‚Äì Red Team Strategies A practical guide to building a penetration testing program having homefield advantage

Product type Paperback

Published in Mar 2020

Publisher Packt

ISBN-13 9781838828868

Length 524 pages

Edition 1st Edition

Tools

Neo4j

Concepts

Cybersecurity

Author (1):

Johann Rehberger

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Embracing the Red

2. Chapter 1: Establishing an Offensive Security Program FREE CHAPTER

3. Chapter 2: Managing an Offensive Security Team

4. Chapter 3: Measuring an Offensive Security Program

5. Chapter 4: Progressive Red Teaming Operations

6. Section 2: Tactics and Techniques

7. Chapter 5: Situational Awareness – Mapping Out the Homefield Using Graph Databases

8. Chapter 6: Building a Comprehensive Knowledge Graph

9. Chapter 7: Hunting for Credentials

10. Chapter 8: Advanced Credential Hunting

11. Chapter 9: Powerful Automation

12. Chapter 10: Protecting the Pen Tester

13. Chapter 11: Traps, Deceptions, and Honeypots

14. Chapter 12: Blue Team Tactics for the Red Team

15. Assessments

16. Another Book You May Enjoy

Leave a review - let other readers know what you think

Hunting for ciphertext and hashes

It's quite common to find ciphertext or hashes stored in widely accessible locations; for instance, inside deployment configuration files, or sometimes hardcoded in the source directly. Let's look at these two cases in more detail, starting with ciphertext.

Hunting for ciphertext

Storing ciphertext is slightly better than storing clear text credentials. But this approach has its weaknesses. An adversary can exfiltrate the ciphertext, and then perform an offline brute-force attack to attempt to recover the clear text. If the ciphertext was encrypted using a simpler password, then an adversary might be successful quickly. This is one example of an attack, but there are more.

Also, if you identify ciphertext in code, then always parse the surrounding code to see where the key to decrypt the ciphertext is located. There have been countless times in my career where the key is basically co-located in the same file or directory.

Typical...