Tools & Training To ‘Hack Yourself’ To Security

Uploaded on 2016-08-11 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.

Perhaps you’ve purchased the best cybersecurity technology available. Maybe you’ve brought in a red team (or have one in-house). You feel prepared in case of a cyber-attack. However, there’s another step to attaining the proper level of preparation for today’s sophisticated cyber-attacks: making sure your blue team knows how attackers operate.

If you can implement a “hack-yourself” program effectively, you can improve the effectiveness of your defense-in-depth strategies by having a blue team capable of carrying out red team exercises to gain a better awareness of how attackers might approach certain network vulnerabilities.

When your network is under attack, your most valuable asset is time. The faster you understand you’re being attacked and the quicker you understand what’s happening, the faster you can identify where the attackers are and what they’re doing. Responding to attacks quickly and efficiently requires an advanced level of preparation that many security teams haven’t yet achieved.

The first step in improving preparation is theoretical training in the latest tools, techniques and procedures. Cybersecurity conferences such as Black Hat, DefCon, BSides and the Chaos Communication Conference can provide the higher-level, theoretical learning to get your security team moving toward proper awareness and preparation. The next step is to introduce red team exercises.

Red team exercises with third-party consultants can help large enterprises spot critical vulnerabilities in their networks. However, many companies rely on these red team exercises to the point that they don’t maintain the proper level of internal cybersecurity awareness. External red team exercises offer a level of expertise that most organization don’t have internally. But there is also real value in implementing a “hack-yourself” program to build your security posture from the inside, and arm your blue team with the necessary skills to think like the red team and improve your security posture.

More than simulations

Rather than having your security team practice hacking skills on third-party sites, internal red team exercises are carried out on your real network--they are not just simulations. But to get the most out of a “hack yourself” program and avoid causing damage to the network, your security team must have the proper training to identify vulnerabilities as it hunts for data, administrator credentials, or any other valuable assets on your servers.

One way to ensure your security team has the proper training to carry out an advanced “hack-yourself” program is to invest in the Cyber Guardians program from the SANS Institute. The Cyber Guardians program consists of four core courses and corresponding certificates.

The program is meant to provide security professionals with knowledge about all kinds of cyber-attacks and how to respond to them accordingly. After your security team has achieved Cyber Guardian status, you’ll know that they are capable of understanding many techniques attackers might use to maneuver through your network.

Once your internal red team is trained to enact the “hack-yourself” program, you need to supply them with tools similar to those that attackers have at their disposal when launching threats. The following are two toolkits blue teams can use together for an effective “hack-yourself” program: Metasploit through Kali Linux and Cobalt Strike.

Metasploit

Metasploit, which has been labeled the Attacker’s Playbook by many in the cybersecurity community, offers a rich library of exploits you can run on a number of different servers. If your blue team can simulate the various steps of APT attacks, they will better be able to spot the attack paths and vulnerabilities that might have otherwise allowed major data breaches.

However, before your internal security team can start using Metasploit to its fullest potential, they’ll need specific training. Offensive Security offers a free training program for the toolkit called Metasploit Unleashed.

Cobalt Strike

Cobalt Strike is a tool used by red teams to emulate real network threats. You can use the tools within Cobalt Strike to conduct penetration testing. The toolkit’s website says the software includes functionality for:

  • Network reconnaissance
  • Attack packages for Java Applet, Microsoft Office, Microsoft Windows, website cloning and more
  • Spear phishing
  • Collaboration within the penetration team
  • Post exploitation (execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads)
  • Covert communications to evade security systems
  • Browser pivoting to avoid two-factor authentication
  • Reporting and logging to analyze the results of the exercise

While Metasploit offers a collection of exploits for blue teams to use, the tools and functionality in Cobalt Strike help blue teams gather information and move laterally without exploits. With the combination of an exploit toolkit and a set of tools reconnaissance and lateral movement, your trained security team can successfully carry out a “hack-yourself” program and uncover even the deepest layer of vulnerabilities.

Why "Hack Yourself?"

If you’ve never experienced a cyber-attack, you will likely think the first time will happen exactly as how you’ve studied. Consequently, you will be caught off guard when an attack actually occurs; there will be so much more information that it’s hard to understand what’s important, what isn’t important, and what to investigate further. The more you practice internally, the better prepared you’ll be when the time comes that you’re actually under attack.

Dark Reading: http://ubm.io/2a1mxJe

 

« DDoS Attacks Shuts Down Pro-ISIS Websites
Top Tips To Protect Email Accounts From Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

Entrust

Entrust

Entrust is a global leader in digital security, identities, payments, and data protection.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.

Vivid Computing Solutions

Vivid Computing Solutions

At Vivid Computing Solutions we provide comprehensive solutions that keep your business running efficiently and securely.