Maxie Reynolds

The Art of Attack


Скачать книгу

agility—you cannot use information agilely if you cannot first parse it. Self-awareness is the ability to use yourself in a way that is beneficial for the objective.

      Before we dive into the components of the mindset, it is worthwhile to categorize it into its offensive and defensive sides. In this chapter, we will briefly look at what offensive and defensive security is and how they differ from each other. Then we will look at the offensive and defensive side of the mindset and what each side brings to its security counterpart in terms of skill and functionality.

      Many millions of dollars in public and private investment have been spent on new technologies, usually for defensive measures rather than offensive. Offensive security is a proactive and an oppositional approach to protecting computer systems, networks, and individuals from attacks. The offensive part of the attacker mindset is also oppositional and dogged.

      Defensive security, however, uses a reactive approach that focuses on prevention and detection of attacks. The defensive mode of your AMs will allow you to be reactive, helping you see ways in which you might be caught and hopefully circumventing those defenses with the help of your offensive prowess. Afterward, your defensive AMs will allow you to see ways to prevent attacks, making you extremely valuable to any client.

      Both offensive and defensive securities have their purpose, and each is important from a business standpoint. Offensive cybersecurity strategies shrink the chance of attacks by promoting a permanent state of readiness and actively analyzing the environment; they can and should be critical in keeping people like me out, which is a big win when undergoing testing, and the malicious digital pentesters, too.

      Defensive security relies on a comprehensive understanding of an environment and being able to analyze it in order to detect latent flaws. The barrier to perpetual, effective defensive security is the inability to always accurately predict the future.

      Defensive cybersecurity deals with the prevention of attacks and the strengthening of the defenses that keep them at bay. These defensive measures often follow a successful offensive attack—hence the constant lag and uneven playing field. If a metaphorical hurricane hits a business, they have to quickly address the points of failure, put in place short-term mitigations, and find ways to make their environment more resilient and less vulnerable to malicious damage. That reality means it's imperative for the business to start preparing immediately to protect its employees, infrastructure, and revenue from those future catastrophes.

      Offensive security mainly refers to penetration testing, for which a broad definition has been given already, and physical testing, which is a main focus of this book. Threat hunting, which traditionally is the proactive seeking and destroying of cybersecurity threats before they compromise an organization, may also be considered as a form of offensive security. For the purposes of this book, threat hunting is a core component of AMs and, in particular, the offensive part of the mindset; instead of seeking and destroying threats to the company, an ethical attacker (EA) will seek out information or gaps and turn them into threats. It's an alternative way of thinking about threat hunting, and it only applies through the lens of this book and context. The defensive side intersects here because it seeks out defenses to first circumvent them and then, after the attack, to patch and bolster them. Offensive security doesn't just build protections and resistance. It sees pervasive penetrations for what they are—an active form of asymmetric warfare that threatens security at the highest levels. Offensive security thus aims not just to defend against threats, but to neutralize them.

      The overview I will start with is this: both are needed, and one cannot exclude the other. The defensive attacker mindset (DAMs) minimizes how long a mitigating control or interference can obstruct you from achieving your objective by identifying defenses. The offensive attacker mindset (OAMs) promotes a permanent state of readiness, allowing constant analyzation of your environment and the ability to detect vulnerabilities and impose costs on those defenses.

      The offensive attacker mindset (OAMs) allows you as an EA to direct an event in the direction of the objective. More specifically, it allows you insights normally invisible to others (namely defense). It is always scanning for vulnerabilities and creating them from information. OAMs is oppositional and unyielding, and it uses information and environments only to further your position. It does not care about anything outside of its focus, which is always the objective. Typically, your objective as a pentester is access to an asset, information, or place within a building(s) or on a network.

      In another example, you may believe due to your scope and objective that the NOC is the thing the company wants to protect most. However, upon entering an environment, you may figure out that actually they are preparing for a market-disrupting move that executives are meeting for, talking about, and writing about. This is valuable information—it doesn't change your scope or objective, but it is worth noting in your report or directly to your point of contact