Pentesting Project Considerations
Below Original png is FROM: https://github.com/Orange-Cyberdefense/arsenal/blob/master/mindmap/pentest_ad.png
Requirements for consideration
• Utilized this approach: MITRE Framework for Adversary Tactics, Techniques, and common knowledge (ATT&CK).
• Persistence, PrivEsc, Defense Evasion, Credential Access, Discovery, Lateral Movement, Execution, Collection, Ex-filtration, Command and Control.
• Reporting design to train/help Blue Teams.
• Based off the MITRE ATT&CK framework
• Able to attack Web and Network devices.
• Able to attack from inside and outside environment
• Infrastructure for pentesting
• Metasploit Pro (inside/outside Azure) for Web App/ Network Exploitation.
• Kali (inside/outside Azure)
• Empire (PowerShell Post Exploitation)
• Ngrok
• ProxyChains
• WPScan (WordPress Vuln Scanner)
• Nikto (Web App Vuln scanner)
• Responder (Windows Hash harvesting)
• John (password cracking)
• Hydra (password guessing/BruteForce)
• Cobalt Strike (Commercial product), Mythic (OpenSource), Sliver
• Custom Widows box for exploitation
• DLL Side Loading
• WinPEAS, LINPEAS
• PingCastle, GoodHound, PurpleKnight
https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review
https://github.com/Neo23x0/Loki
• Ad-Find
• SpecterOps tools (GhostPack, etc)
• BloodHound
• https://www.slideshare.net/RusselVanTuyl/powershell-for-cyber-warriors-bsides-knoxville-2016
• Custom Mac box for OSX exploitation
• Rainbow tables -Password Cracking/Guessing
• Spear Phishing (Metasploit Pro)
• Burp Suite Pro (inside/outside Web Application)
• WiFi Pinapple
• Physical access will be in-scope such as getting into Data Centers or work-spaces (cubicles, etc)
• Team Foundations for (exploit) code repository (free up to 5 people and hosted on o365)
• HaveIBeenPwned API to check Password reuse.
• Scripts to perform parts of the MITRE ATT&CK framework.
• Pentesting Lab with VMware Workstation to create replicate Org Environment to perform testing, Join random computer to domain.
• Test exploits on Operating systems
• Test Evasion methods on Anti-Virus
• Test MITRE ATT&CK approach
• Test automation
• Pentest standards: http://www.pentest-standard.org/index.php/Main_Page
Assumptions
• Written permission from CISO/Department/Organization to perform pentest.
• Appropriate Rules of Engagement and Scoping performed before Pentesting/Red Team Ops.
• Pentest/Red team Ops plan
• Asset Inventory either in IP Addresses or more broadly the domains.
• Feed results into Risk Team
• Feed results into DFIR/Detection Teams with IoC identified and added to Mandiant IOCe
• Management of reporting/measurements of results
• Primary Prioritized required by Risk teams recommendations
• Secondary prioritization required by management needs