Source Offensive
Totaly Pavlina
Chagolla-Christensen told us that Nemesis aggregates data from several C2 platforms (e.g., Cobalt Strike, Mythic, Sliver, etc.) to a central location, where it then analyzes, enriches and provides collaborative UI interfaces for the data. Nemesis right now primarily focuses on analyzing downloaded files, and notable features include:
Document processing: Converts all documents to a PDF accessible in a browser, extracts text from the documents and makes them searchable, scans all the text in all documents/files for credentials, and attempts to crack password-protected documents.
Software vulnerability analysis: Extracts and stores common features from executable files (e.g., PE imports and exports, version/signature details, .NET metadata, section information), decompiles .NET code, scans .NET executables for potential vulnerabilities, and indexes source code so easily searchable/viewable.
One of the harder cybersecurity areas to develop and maintain a skill base for is the red team. For those on the offense side of the security equation -- for example, penetration testers -- it can be challenging to establish an initial set of skills and keep them sharp over the long term.
Other than large companies, few organizations can afford full-time red teams. So, unless you're employed by a service provider such as a consultancy or MSSP that offers offense-based services to clients, there are few positions relative to defenders.
Offensive skills training is also somewhat niche as the skills taught are less directly applicable to blue teamers. Additionally, specialized training can be expensive. This translates into organizations being reluctant to hire and train someone as opposed to hiring someone with a fully developed skill base.
Here are five popular open source offensive security tools to consider. There are many great commercial tools out there, but these open source options are accessible to everyone. This enables cybersecurity professionals to start practicing and build up their skill base immediately.
One important caveat: Just as these tools can help build fundamental and necessary skills in a lawful and ethical manner, so too can they be used for unlawful, unethical purposes. The onus is on users to make sure that their usage is both lawful and ethical.
The Metasploit Framework provides a common, standardized interface to many services of interest to pen testers, researchers and red teams. It includes working with exploits and payloads, as well as auxiliary tasks that don't use a payload.
Vulnerability researchers historically wrote exploitation scripts or proof-of-concept code for exploits they discovered. This often lead to usability challenges because some scripts were minimally documented, included nonstandardized usage conventions or were unreliable when it came to using them as a test harness to validate issues. The Metasploit Framework helped remedy these issues.
Metasploit is the de facto standard interface for working with exploit code and payloads. It normalizes how red teams and pen testers interact with exploit code. From the red team's point of view, it streamlines work by providing important services such as payloads -- i.e., shellcode -- so the red team can focus on the vulnerability itself. For the tester, it likewise provides a standard way to interact so they can concentrate on the issue they're testing and not the minutia of running the exploit code itself.
Offense involves more than just being able to run exploits. Particularly with web applications, it's important to be able to see and manipulate requests that occur between a browser and a web server. One category of tools that facilitate this are attack proxies. These tools sit between a browser and a remote web server so users can examine and even manipulate traffic between those devices. Likewise, attack proxies often contain automated mapping and crawling tools, automated website scanning tools and informational tools such as URL, hex and Base64 encoders and decoders.
An attack proxy is great for exercising the functionality of a remote website, but what if you want to attack a given user more directly? For example, to test the resilience of users' browser habits or test whether they would notice warning signs of being part of an attack chain.
One way to do this is by using tools that hook one or more tabs within a target's browser and provide some level of control to an attacker. This in turn can be used as a forward "staging area" by an attacker to gain further traction within an environment or move laterally. The Browser Exploitation Framework (BeEF) enables red teams to do exactly that.
The Atomic Red Team project is a set of scripts that can be used to simulate attacker activity. The project provides a set of portable tests, each mapped to the Mitre ATT&CK framework, which can be used to exercise protections and hardening strategies in an organization.
Atomic Red Team is a useful tool for red and blue team members. For the blue team, it's a helpful way to validate the controls protecting the environment. On the offense side, deconstructing attack techniques can help red teams understand how those techniques work and how to apply them.
One often-overlooked area is testing the resilience of users against manipulation, coercion and trickery. The Social-Engineer Toolkit (SET) provides mechanisms to quickly create artifacts that might appear legitimate to a user and that can be used to test different scenarios. With it, red teams can send a legitimate-looking emails to target users, attempt a spear phishing attack containing malicious attachments and spoof SMS messages.
These five are a tiny subset of the many fantastic tools available. Some other offensive security tools to learn include Wireshark to help examine network activity and special-purpose tools like Mimikatz and Molehunt.
To dig beyond this list, look to pen testing-focused Linux distributions such as Kali, BlackArch or Parrot. These distributions pull together hundreds of specialized tools all in one place, which can help red teams learn which tools do what.
I teach a law curriculum to an almost exclusively African-American student body. I teach the Intro to Constitutional Principles course to sophomores and teach it almost exclusively with the primary sources of US Reports. Each year we deal with Dred Scott v Sanford to introduce the due process/equal protection units. As you can imagine, during that time my classroom is a volcano of barely suppressed anger. Have I mentioned that my skin is nearly as white as my hair?
Get aggressive with the material! Challenge your children to assess and analyze the changes they perceive in 2011 from 1857, even if they argue there are none. The dialog is difficult to manage but not impossible and invariably gives light, not heat.
I do the same with the Terrorism cases with my seniors. Analyze the cases in the context of the times. What is/was going on? What does it tell us about the American experience, politically, morally, ethically and/or socially.
I never shy away from sensitive content because I believe we need to promote critical thinking around primary sources, no matter how ugly. That said, we should be aware of the age and maturity levels of our particular students when selecting primary sources.
when you begining to teach difficult sbject ,please ,first to make impact of mine of subject and continue and add many concept to subject for example i want to teaching about information literacy ,first i say about information what is information what is difference between information with nowledge or science andcontinue explaniation about secound subject :lieracy ,what is literacy after i explained this matter i want show many documents about information literacy and ask all student search about new documents about information literacy
Several years ago I read the book,
Nigger: The strange career of a troublesome word.
It took a very OED point of view on the latin origin of the word and the historical transformations from label to insult to racial epithet. I particularly liked the discussion of modern pop culture assuming control of the word and possible motives for doing so.
These blogs are governed by the general rules of respectful civil discourse. By commenting on our blogs, you are fully responsible for everything that you post. The content of all comments is released into the public domain unless clearly stated otherwise. The Library of Congress does not control the content posted. Nevertheless, the Library of Congress may monitor any user-generated content as it chooses and reserves the right to remove content for any reason whatever, without consent. Gratuitous links to sites are viewed as spam and may result in removed comments. We further reserve the right, in our sole discretion, to remove a user's privilege to post content on the Library site. Read our Comment and Posting Policy.
Links to external Internet sites on Library of Congress Web pages do not constitute the Library's endorsement of the content of their Web sites or of their policies or products. Please read our Standard Disclaimer.
The research, presented by Paul Litvak of Israeli start-up Intezer at the VB2020 localhost conference last week, informs the long-running debate on whether the development and publication of offensive security tools is beneficial or harmful to security as a whole.
Critics argue that offensive security tools give miscreants an advantage over the security community. Those on the other side of the argument contend that offensive security tools help defenders to mitigate newly discovered techniques and probe their own defenses for flaws.
"It's a hard question really, and I don't think we still have the full picture (hard data for the benefits of OST projects)," Litvak told The Daily Swig. "We can see that some classes of OSTs like C2 frameworks and RATs are more commonly used than other tools, and pack a bigger punch since these kinds of tools pack all the features you need for your next intrusion, so I have my doubts regarding how beneficial these kinds of tools are."
c80f0f1006