Penetration
Examples
- Denial-of-service attack
- Downgrade attack to impose usage of weaker protection. For example POODLE attack.
- Brute-force attack
- Exploit vulnerabilities
- Crack authorization
- Cracking of wireless networks
- Session hijacking by theft of a session key
- Spoofing attacks: DNS spoofing, ARP spoofing, MAC spoofing
- Fuzzing to crack trust boundaries
- Man-in-the-middle attack.
- Privilege escalation
Stages of The unified kill chain related to penetration stage:
- 3. Delivery - Techniques resulting in the transmission of a weaponized object to the targeted environment.
- 4. Social engineering - Techniques aimed at the manipulation of people to perform unsafe actions.
- 6. Persistence - Any access, action or change to a system that gives an attacker persistent presence on the system.
- 7. Defense evasion - Techniques an attacker may specifically use for evading detection or avoiding other defenses.
- 8. Command & control - Techniques that allow attackers to communicate with controlled systems within a target network.
- 11. Privilege escalation - The result of techniques that provide an attacker with higher permissions on a system or network.
- 12. Execution - Techniques that result in execution of attacker-controlled code on a local or remote system.
- 13. Credential access - Techniques resulting in the access of, or control over, system, service or domain credentials.
- 14. Lateral movement - Techniques that enable an adversary to horizontally access and control other remote systems.
Tools:
- https://docs.rapid7.com/metasploit/listeners
- https://www.bettercap.org/modules/ethernet/spoofers/
- https://www.bettercap.org/modules/ethernet/proxies/
- bettercap net.fuzz
See also: