Attack Infra

• Penetration testing Planning
  • Fill the planning gap
  • Attack Infrastructure/C2
  • Recon
  • Social Engineering
  • Weaponization
• Initial Access/foothold
• Network Propagation
• Action on Objectives

Mitre Attack Framework

Pre attack framework is to be followed. The MITRE ATT&CK™ framework is a comprehensive matrix of tactics and techniques used by threat hunters, red teamers, and defenders to better classify attacks and assess an organization’s risk

Infrastructure Requirements

• An External Hosting provider should be selected and procured like E2E Networks etc
• Domain names purchase similar to the target organization should be procured, some organizations do also block similar names called Domain squirting so care should be given while purchasing domains.
• Domain certificate generation, SSL Cert should be procured or enabled from free providers for those domains.
• Mail Server setups with DKIM, SPF, and DMARC configured for additional reputation.
• Phishing and Credential Theft sites setup, lookalike domain, and lookalike mail portals or websites should be created.
• Reputation and categorization confirmation of all domains and IP’s, DKIM, SPF, and DMARC should be configured for domains as many organizations nowadays enforce DMARC Reject policy. also, many times organizations’ web proxies do block domains that came into existence less than 30 days in such cased domains at sale can be utilized.
• Set up long and short-haul C2 Infra
• Custom c2 tooling configuration
• External C2 Communication Schemes testing

Baseline of Attack infra

• Hardware
  • VM Images
• Software
  • Windows and Linux both
  • Attack tools
• Network Infra
  • Cloud providers

Open Source Adversary Emulation Tools

• Metasploit
• Empire

Commercials

• Cobalt Strike
• Innuendo
• Core Impact

C2 Matrix

Thec2matrix.com

Cloud Providers

• Aws
• Azure
• GCP

Domain Purchase and categorize Direct Access to IP is blocked Outbound proxies block sites on basis of category Register and get them categorized Else purchase categorized domains which are expired

• Expireddomains.net
• Domainhuntergatherer.com

Categorization sites

• Bright cloud brightcloud.com/tools/url-ip-lookup.php
• Fortiguard fortiguard.com/webfilter
• MacAfee trustedsource.org
• Palo alto urlfiltering.paloaltonetworks.com/query/
• Symantec/bluecoat web pulse sitereview.bluecoat.com

Digital certificates Lets Encrypt Cloudflare Financial sites SSL isn’t decrypted mostly

Redirectors

Disposable Options Socat pot redirect on Linux Crontab -e @reboot /usr/bin/socat TCP-LISTEN:443, fork TCP:192.168.10.1:443& Netsh port redirect on windows Netsh interface portproxy add v4tov4 listenprort=443 Listenaddress=8.8.8.8 connectionport=443 connectaddress=192.168.10.1 Other options: iptables, apache mod_rewrite, Nginx, domain fronting