steam, punk, steampunk-3160715.jpg
OfffensivePenetration Testing

Penetration testing Attack Infrastructure

Staff
512

Attack Infra

  • Penetration testing Planning
    • Fill the planning gap
    • Attack Infrastructure/C2
    • Recon
    • Social Engineering
    • Weaponization
  • Initial Access/foothold
  • Network Propagation
  • Action on Objectives

Mitre Attack Framework

Pre attack framework is to be followed. The MITRE ATT&CK™ framework is a comprehensive matrix of tactics and techniques used by threat hunters, red teamers, and defenders to better classify attacks and assess an organization’s risk

Infrastructure Requirements

  • An External Hosting provider should be selected and procured like E2E Networks etc
  • Domain names purchase similar to the target organization should be procured, some organizations do also block similar names called Domain squirting so care should be given while purchasing domains.
  • Domain certificate generation, SSL Cert should be procured or enabled from free providers for those domains.
  • Mail Server setups with DKIM, SPF, and DMARC configured for additional reputation.
  • Phishing and Credential Theft sites setup, lookalike domain, and lookalike mail portals or websites should be created.
  • Reputation and categorization confirmation of all domains and IP’s, DKIM, SPF, and DMARC should be configured for domains as many organizations nowadays enforce DMARC Reject policy. also, many times organizations’ web proxies do block domains that came into existence less than 30 days in such cased domains at sale can be utilized.
  • Set up long and short-haul C2 Infra
  • Custom c2 tooling configuration
  • External C2 Communication Schemes testing

Baseline of Attack infra

  • Hardware
    • VM Images
  • Software
    • Windows and Linux both
    • Attack tools
  • Network Infra
    • Cloud providers

Open Source Adversary Emulation Tools

  • Metasploit
  • Empire

Commercials

  • Cobalt Strike
  • Innuendo
  • Core Impact

C2 Matrix

Thec2matrix.com

Cloud Providers

  • Aws
  • Azure
  • GCP

Domain Purchase and categorize

Direct Access to IP is blocked

Outbound proxies block sites on basis of category

Register and get them categorized

Else purchase categorized domains which are expired

  • Expireddomains.net
  • Domainhuntergatherer.com

Categorization sites

  • Bright cloud brightcloud.com/tools/url-ip-lookup.php
  • Fortiguard  fortiguard.com/webfilter
  • MacAfee trustedsource.org
  • Palo alto urlfiltering.paloaltonetworks.com/query/
  • Symantec/bluecoat web pulse sitereview.bluecoat.com

Digital certificates

Lets Encrypt

Cloudflare

Financial sites SSL isn’t decrypted mostly

Redirectors

Disposable

Options

Socat pot redirect on Linux

                Crontab -e

                @reboot /usr/bin/socat TCP-LISTEN:443, fork TCP:192.168.10.1:443&

Netsh port redirect on windows

                Netsh interface portproxy add v4tov4 listenprort=443

                Listenaddress=8.8.8.8 connectionport=443 connectaddress=192.168.10.1

Other options: iptables, apache mod_rewrite, Nginx, domain fronting 

You May Also Like

MITRE ATT&CK® Released Updates in Oct 2021 With Additional Techniques and Structuring

Staff

Micro Emulation Plans by MITRE-Engenuity

Staff

Gartner EDRs are not perfect, fail against common attacks

Staff

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.