Tools & Training To ‘Hack Yourself’ To Security

Uploaded on 2016-08-11 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.

Perhaps you’ve purchased the best cybersecurity technology available. Maybe you’ve brought in a red team (or have one in-house). You feel prepared in case of a cyber-attack. However, there’s another step to attaining the proper level of preparation for today’s sophisticated cyber-attacks: making sure your blue team knows how attackers operate.

If you can implement a “hack-yourself” program effectively, you can improve the effectiveness of your defense-in-depth strategies by having a blue team capable of carrying out red team exercises to gain a better awareness of how attackers might approach certain network vulnerabilities.

When your network is under attack, your most valuable asset is time. The faster you understand you’re being attacked and the quicker you understand what’s happening, the faster you can identify where the attackers are and what they’re doing. Responding to attacks quickly and efficiently requires an advanced level of preparation that many security teams haven’t yet achieved.

The first step in improving preparation is theoretical training in the latest tools, techniques and procedures. Cybersecurity conferences such as Black Hat, DefCon, BSides and the Chaos Communication Conference can provide the higher-level, theoretical learning to get your security team moving toward proper awareness and preparation. The next step is to introduce red team exercises.

Red team exercises with third-party consultants can help large enterprises spot critical vulnerabilities in their networks. However, many companies rely on these red team exercises to the point that they don’t maintain the proper level of internal cybersecurity awareness. External red team exercises offer a level of expertise that most organization don’t have internally. But there is also real value in implementing a “hack-yourself” program to build your security posture from the inside, and arm your blue team with the necessary skills to think like the red team and improve your security posture.

More than simulations

Rather than having your security team practice hacking skills on third-party sites, internal red team exercises are carried out on your real network--they are not just simulations. But to get the most out of a “hack yourself” program and avoid causing damage to the network, your security team must have the proper training to identify vulnerabilities as it hunts for data, administrator credentials, or any other valuable assets on your servers.

One way to ensure your security team has the proper training to carry out an advanced “hack-yourself” program is to invest in the Cyber Guardians program from the SANS Institute. The Cyber Guardians program consists of four core courses and corresponding certificates.

The program is meant to provide security professionals with knowledge about all kinds of cyber-attacks and how to respond to them accordingly. After your security team has achieved Cyber Guardian status, you’ll know that they are capable of understanding many techniques attackers might use to maneuver through your network.

Once your internal red team is trained to enact the “hack-yourself” program, you need to supply them with tools similar to those that attackers have at their disposal when launching threats. The following are two toolkits blue teams can use together for an effective “hack-yourself” program: Metasploit through Kali Linux and Cobalt Strike.

Metasploit

Metasploit, which has been labeled the Attacker’s Playbook by many in the cybersecurity community, offers a rich library of exploits you can run on a number of different servers. If your blue team can simulate the various steps of APT attacks, they will better be able to spot the attack paths and vulnerabilities that might have otherwise allowed major data breaches.

However, before your internal security team can start using Metasploit to its fullest potential, they’ll need specific training. Offensive Security offers a free training program for the toolkit called Metasploit Unleashed.

Cobalt Strike

Cobalt Strike is a tool used by red teams to emulate real network threats. You can use the tools within Cobalt Strike to conduct penetration testing. The toolkit’s website says the software includes functionality for:

  • Network reconnaissance
  • Attack packages for Java Applet, Microsoft Office, Microsoft Windows, website cloning and more
  • Spear phishing
  • Collaboration within the penetration team
  • Post exploitation (execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads)
  • Covert communications to evade security systems
  • Browser pivoting to avoid two-factor authentication
  • Reporting and logging to analyze the results of the exercise

While Metasploit offers a collection of exploits for blue teams to use, the tools and functionality in Cobalt Strike help blue teams gather information and move laterally without exploits. With the combination of an exploit toolkit and a set of tools reconnaissance and lateral movement, your trained security team can successfully carry out a “hack-yourself” program and uncover even the deepest layer of vulnerabilities.

Why "Hack Yourself?"

If you’ve never experienced a cyber-attack, you will likely think the first time will happen exactly as how you’ve studied. Consequently, you will be caught off guard when an attack actually occurs; there will be so much more information that it’s hard to understand what’s important, what isn’t important, and what to investigate further. The more you practice internally, the better prepared you’ll be when the time comes that you’re actually under attack.

Dark Reading: http://ubm.io/2a1mxJe

 

« DDoS Attacks Shuts Down Pro-ISIS Websites
Top Tips To Protect Email Accounts From Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

FedRAMP

FedRAMP

FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

LuJam Cyber

LuJam Cyber

LuJam Cyber is a cybersecurity company that provides protection to SME Networks.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

SOSA

SOSA

SOSA facilitates new growth opportunities by connecting the dots between industry verticals and innovation ecosystems around the world.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

SignalSEC

SignalSEC

SignalSEC provides vulnerability intelligence, malware analysis, penetration testing and associated training services.

Xoriant

Xoriant

Xoriant is a technology leader and execution partner throughout the Build, Run and Transform lifecycle for companies that create and use technology products.

Secjur

Secjur

Secjur is a provider of AI-based compliance tools that aim to put compliance, data protection, information security and whistleblowing on autopilot.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.