Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,330 --> 00:00:01,770
Instructor: Every penetration test
2
00:00:01,770 --> 00:00:04,440
should follow a specific methodology.
3
00:00:04,440 --> 00:00:07,380
Now, a methodology is defined as a system of methods
4
00:00:07,380 --> 00:00:10,530
used in a particular area of study or activity.
5
00:00:10,530 --> 00:00:12,480
In terms of penetration testing,
6
00:00:12,480 --> 00:00:14,310
it refers to the systematic approach
7
00:00:14,310 --> 00:00:17,160
that a penetration tester is gonna use before,
8
00:00:17,160 --> 00:00:20,790
during, and after a test, assessment, or engagement.
9
00:00:20,790 --> 00:00:23,190
Now notice I use three different terms here
10
00:00:23,190 --> 00:00:25,290
to talk about a penetration test.
11
00:00:25,290 --> 00:00:28,380
This is the term test, assessment, and engagement.
12
00:00:28,380 --> 00:00:30,930
All three of these are often used interchangeably
13
00:00:30,930 --> 00:00:33,210
both on the exam and in the industry.
14
00:00:33,210 --> 00:00:35,730
And you're gonna notice I use all three interchangeably
15
00:00:35,730 --> 00:00:37,560
throughout this course as well.
16
00:00:37,560 --> 00:00:40,140
A methodology is simply a structured approach
17
00:00:40,140 --> 00:00:43,110
to penetration testing with each step working to serve
18
00:00:43,110 --> 00:00:45,510
a unique purpose as you try to identify
19
00:00:45,510 --> 00:00:48,870
and exploit various vulnerabilities on a given system.
20
00:00:48,870 --> 00:00:50,850
There are many different penetration testing
21
00:00:50,850 --> 00:00:52,320
methodologies available,
22
00:00:52,320 --> 00:00:54,090
but the one this course is built around
23
00:00:54,090 --> 00:00:56,880
is the Comp TIA penetration testing process
24
00:00:56,880 --> 00:00:59,250
which includes four major steps or phases
25
00:00:59,250 --> 00:01:01,260
that occurred during an engagement.
26
00:01:01,260 --> 00:01:03,570
First, we have planning and scoping.
27
00:01:03,570 --> 00:01:05,670
Second, we have information gathering
28
00:01:05,670 --> 00:01:07,500
and vulnerability scanning.
29
00:01:07,500 --> 00:01:09,960
Third, we have attack and exploit.
30
00:01:09,960 --> 00:01:13,080
And fourth, we have reporting and communicating.
31
00:01:13,080 --> 00:01:14,670
In fact, you may have noticed
32
00:01:14,670 --> 00:01:17,040
that these four steps match up perfectly
33
00:01:17,040 --> 00:01:20,310
with the first four domains of the PenTest+ exam.
34
00:01:20,310 --> 00:01:24,180
The fifth domain tools and code analysis doesn't fit cleanly
35
00:01:24,180 --> 00:01:25,740
into a single phase though,
36
00:01:25,740 --> 00:01:27,750
because we're gonna use different tools and code
37
00:01:27,750 --> 00:01:30,750
during all of the phases of a penetration test.
38
00:01:30,750 --> 00:01:32,790
Now, there are many other methodologies
39
00:01:32,790 --> 00:01:34,860
that a penetration tester can utilize
40
00:01:34,860 --> 00:01:36,900
when they're conducting their own assessments,
41
00:01:36,900 --> 00:01:39,120
and many have more steps since they're dividing
42
00:01:39,120 --> 00:01:42,270
up portions of the four phases that we just covered.
43
00:01:42,270 --> 00:01:45,600
For example, EC council presents an eight step model
44
00:01:45,600 --> 00:01:47,220
in their certified ethical hacker
45
00:01:47,220 --> 00:01:49,620
or CEH certification program.
46
00:01:49,620 --> 00:01:52,530
This involves permission, reconnaissance,
47
00:01:52,530 --> 00:01:55,830
scanning and enumeration, gaining access,
48
00:01:55,830 --> 00:01:57,630
escalation of privileges,
49
00:01:57,630 --> 00:02:00,210
maintaining access, covering your tracks
50
00:02:00,210 --> 00:02:03,750
and installing back doors, and of course, reporting.
51
00:02:03,750 --> 00:02:05,820
Even though the EC council methodology
52
00:02:05,820 --> 00:02:07,650
might seem to be more in depth,
53
00:02:07,650 --> 00:02:10,289
both methodologies are fairly equivalent.
54
00:02:10,289 --> 00:02:13,140
For example, the permission phase from CEH
55
00:02:13,140 --> 00:02:17,100
parallels the planning and scoping stage from PenTest+.
56
00:02:17,100 --> 00:02:19,620
The reconnaissance scanning and enumeration steps
57
00:02:19,620 --> 00:02:21,450
are gonna be combined from CEG
58
00:02:21,450 --> 00:02:22,950
into the information gathering
59
00:02:22,950 --> 00:02:26,460
and vulnerability identification inside of PenTest+.
60
00:02:26,460 --> 00:02:29,670
Whereas your attack and exploit phase inside PenTest+
61
00:02:29,670 --> 00:02:32,910
is actually broken down into several steps in CEH,
62
00:02:32,910 --> 00:02:34,530
including gaining access,
63
00:02:34,530 --> 00:02:37,290
escalation of privileges, maintaining access,
64
00:02:37,290 --> 00:02:40,170
covering your tracks, and installing back doors.
65
00:02:40,170 --> 00:02:42,660
Finally, the reporting and communication phase
66
00:02:42,660 --> 00:02:44,280
that we have in PenTest+
67
00:02:44,280 --> 00:02:47,730
is covered under reporting inside of CEH.
68
00:02:47,730 --> 00:02:50,040
As you can see, these similar methodologies
69
00:02:50,040 --> 00:02:52,950
only really differ by the amount of specification
70
00:02:52,950 --> 00:02:55,740
by combining or splitting apart different steps.
71
00:02:55,740 --> 00:02:58,470
For this reason, the PenTest+ methodology
72
00:02:58,470 --> 00:03:01,200
does tend to be a little bit easier to learn and implement
73
00:03:01,200 --> 00:03:04,440
in the real world because it is only four steps.
74
00:03:04,440 --> 00:03:05,760
Now, regardless of whether you follow
75
00:03:05,760 --> 00:03:07,650
the CompTIA four-step process,
76
00:03:07,650 --> 00:03:09,780
or the CEH eight-step process,
77
00:03:09,780 --> 00:03:11,850
it's important to remember that this is essentially
78
00:03:11,850 --> 00:03:13,800
the same steps that are being taken
79
00:03:13,800 --> 00:03:16,440
by a threat actor or unauthorized hacker
80
00:03:16,440 --> 00:03:18,780
when they attempt to break into your systems.
81
00:03:18,780 --> 00:03:20,280
The only real difference is
82
00:03:20,280 --> 00:03:22,110
that that threat actor doesn't ask
83
00:03:22,110 --> 00:03:24,300
for permission during the planning and scoping,
84
00:03:24,300 --> 00:03:26,310
and they don't bother to report or communicate
85
00:03:26,310 --> 00:03:28,950
to you about the exploits that they're able to achieve
86
00:03:28,950 --> 00:03:31,230
against your given vulnerabilities.
87
00:03:31,230 --> 00:03:34,530
Now, CompTIA and CEH are not the only two methodologies
88
00:03:34,530 --> 00:03:35,820
that are out there though.
89
00:03:35,820 --> 00:03:37,800
For example, the National Institute
90
00:03:37,800 --> 00:03:40,110
of Standards and Technology known as NIST
91
00:03:40,110 --> 00:03:42,090
has their own methodology that's published
92
00:03:42,090 --> 00:03:46,110
in the NIST special publication 800-115
93
00:03:46,110 --> 00:03:47,610
known as the Technical Guide
94
00:03:47,610 --> 00:03:50,430
to Information Security Testing and Assessment.
95
00:03:50,430 --> 00:03:53,190
This publication provides a recommended methodology
96
00:03:53,190 --> 00:03:54,960
for conducting penetration tests
97
00:03:54,960 --> 00:03:57,780
utilizing a four phase approach of plan,
98
00:03:57,780 --> 00:04:00,360
discover, attack, and report.
99
00:04:00,360 --> 00:04:03,150
And this methodology seems to be what CompTIA designed
100
00:04:03,150 --> 00:04:04,620
their methodology upon,
101
00:04:04,620 --> 00:04:06,990
because it clearly matches up to the four steps
102
00:04:06,990 --> 00:04:09,330
of the PenTest+ methodology.
103
00:04:09,330 --> 00:04:11,970
The NIST methodology is the industry standard use
104
00:04:11,970 --> 00:04:13,830
throughout the entire United States,
105
00:04:13,830 --> 00:04:15,420
especially, in the federal government
106
00:04:15,420 --> 00:04:16,649
and the Department of Defense
107
00:04:16,649 --> 00:04:18,990
for all their internal assessments.
108
00:04:18,990 --> 00:04:21,870
Now, sometimes when you're conducting an engagement,
109
00:04:21,870 --> 00:04:22,890
you're gonna be asked to do
110
00:04:22,890 --> 00:04:25,620
what is known as adversary emulation.
111
00:04:25,620 --> 00:04:28,050
Adversary emulation is a specialized type
112
00:04:28,050 --> 00:04:30,420
of penetration test where you're trying to mimic
113
00:04:30,420 --> 00:04:32,910
the tactics, techniques, and procedures
114
00:04:32,910 --> 00:04:36,270
of a real world threat actor in your penetration test.
115
00:04:36,270 --> 00:04:39,150
For example, maybe you're conducting a penetration test
116
00:04:39,150 --> 00:04:41,730
against a company that's gonna be expanding their operations
117
00:04:41,730 --> 00:04:43,590
into a new market, and they're worried that
118
00:04:43,590 --> 00:04:45,780
a nation state advanced persistent threat
119
00:04:45,780 --> 00:04:47,820
might wanna hack their networks.
120
00:04:47,820 --> 00:04:49,680
In this case, they may wanna train
121
00:04:49,680 --> 00:04:50,910
their cyber security analyst
122
00:04:50,910 --> 00:04:53,310
on what that type of attack is gonna look like
123
00:04:53,310 --> 00:04:55,470
by having you conduct a penetration test
124
00:04:55,470 --> 00:04:57,090
using the techniques associated
125
00:04:57,090 --> 00:04:59,100
with a specific threat actor.
126
00:04:59,100 --> 00:05:01,410
If you ever find yourself in this situation,
127
00:05:01,410 --> 00:05:04,260
you should definitely check out the MITRE ATT&CK framework
128
00:05:04,260 --> 00:05:06,780
when you research a specific threat actor.
129
00:05:06,780 --> 00:05:09,060
Now, unlike the methodologies we discussed earlier
130
00:05:09,060 --> 00:05:11,280
in this lesson, the MITRE ATT&CK framework
131
00:05:11,280 --> 00:05:13,020
is a knowledge base that's maintained
132
00:05:13,020 --> 00:05:14,370
by the MITRE Corporation
133
00:05:14,370 --> 00:05:17,490
for the listing and explaining of common adversary tactics
134
00:05:17,490 --> 00:05:20,400
and techniques that are observed in the real world.
135
00:05:20,400 --> 00:05:22,590
The word attack in the name of the framework
136
00:05:22,590 --> 00:05:23,910
is actually an acronym,
137
00:05:23,910 --> 00:05:25,830
and it stands for Adversarial Tactics,
138
00:05:25,830 --> 00:05:28,080
Techniques and Common Knowledge.
139
00:05:28,080 --> 00:05:30,360
If you would like to explore the attack framework
140
00:05:30,360 --> 00:05:34,950
you can visit attack.mitre.org.
141
00:05:34,950 --> 00:05:37,260
This is a free and open-source website
142
00:05:37,260 --> 00:05:38,910
that contains a matrix model
143
00:05:38,910 --> 00:05:40,380
that's gonna give you different columns
144
00:05:40,380 --> 00:05:43,560
for each type or category of attack that could occur.
145
00:05:43,560 --> 00:05:45,870
Basically, it's gonna map out each threat
146
00:05:45,870 --> 00:05:47,790
actor's methodologies that's gonna be used
147
00:05:47,790 --> 00:05:49,650
during different types of attacks.
148
00:05:49,650 --> 00:05:52,770
For example, there is columns for defensive evasion,
149
00:05:52,770 --> 00:05:54,930
credentialed access, discovery,
150
00:05:54,930 --> 00:05:57,270
lateral movement, and execution.
151
00:05:57,270 --> 00:05:59,670
Underneath each of these categories is a tactic
152
00:05:59,670 --> 00:06:01,800
or technique that could be used by an attacker
153
00:06:01,800 --> 00:06:04,050
to accomplish that particular goal.
154
00:06:04,050 --> 00:06:06,540
When you visit attack.mir.org
155
00:06:06,540 --> 00:06:08,400
you're gonna see the attack navigator
156
00:06:08,400 --> 00:06:10,650
where you're gonna select different tactics or techniques,
157
00:06:10,650 --> 00:06:13,020
and they'll be highlighted with different colors.
158
00:06:13,020 --> 00:06:14,370
Here you can see one example
159
00:06:14,370 --> 00:06:18,780
for APT 28 that's already been mapped out by the MITRE team.
160
00:06:18,780 --> 00:06:21,300
APT 28 is an advanced persistent threat
161
00:06:21,300 --> 00:06:22,770
that has been identified as being
162
00:06:22,770 --> 00:06:26,130
a Russian Cyber Espionage Group, likely associated with
163
00:06:26,130 --> 00:06:30,210
the Russian Military Intelligence Agency known as the GRU.
164
00:06:30,210 --> 00:06:33,390
You'll also hear this APT called Fancy Bear.
165
00:06:33,390 --> 00:06:37,170
Using the Attack Navigator, you can quickly see that APT 28
166
00:06:37,170 --> 00:06:40,590
or Fancy Bear uses 10 common reconnaissance techniques
167
00:06:40,590 --> 00:06:43,380
including vulnerability scanning, credential harvesting
168
00:06:43,380 --> 00:06:45,120
and phishing for information.
169
00:06:45,120 --> 00:06:47,670
They're also known for using spearfishing with attachments
170
00:06:47,670 --> 00:06:51,300
and links and exploiting public facing web applications.
171
00:06:51,300 --> 00:06:53,790
This attack matrix is a great way to visualize
172
00:06:53,790 --> 00:06:54,660
the different types of techniques
173
00:06:54,660 --> 00:06:57,180
that are used by a particular adversary.
174
00:06:57,180 --> 00:06:58,980
And it shows all the different capabilities
175
00:06:58,980 --> 00:07:02,190
and capacities that they're gonna use in their attacks.
176
00:07:02,190 --> 00:07:03,930
By learning what an adversary does
177
00:07:03,930 --> 00:07:06,570
and mimicking your penetration test to those techniques,
178
00:07:06,570 --> 00:07:08,790
you can provide exceptional levels of training
179
00:07:08,790 --> 00:07:10,200
to cyber defense personnel
180
00:07:10,200 --> 00:07:13,260
at your target organization during your engagements.
181
00:07:13,260 --> 00:07:14,970
Now, another use case for this tool
182
00:07:14,970 --> 00:07:16,410
is on the defensive side,
183
00:07:16,410 --> 00:07:18,780
if you're responding to an adversary response.
184
00:07:18,780 --> 00:07:20,670
By going through and mapping out the attack
185
00:07:20,670 --> 00:07:22,200
using the attack matrix,
186
00:07:22,200 --> 00:07:24,300
and then comparing it to determine which adversary
187
00:07:24,300 --> 00:07:25,800
is likely exploiting your network,
188
00:07:25,800 --> 00:07:29,370
you can identify who may be causing you all that pain.
189
00:07:29,370 --> 00:07:31,950
Another variation of the MITRE ATT&CK framework is
190
00:07:31,950 --> 00:07:36,240
called the Attack for Industrial Control Systems or ICS.
191
00:07:36,240 --> 00:07:38,730
This MITRE ATT&CK for ICS framework describes
192
00:07:38,730 --> 00:07:40,410
the set of tactics and techniques
193
00:07:40,410 --> 00:07:42,660
specific to industrial control systems
194
00:07:42,660 --> 00:07:43,980
and list the elements described
195
00:07:43,980 --> 00:07:47,640
in the attack for ICS knowledge base as another matrix.
196
00:07:47,640 --> 00:07:49,890
It works just like the regular attack matrix
197
00:07:49,890 --> 00:07:51,930
except this one is focused on techniques.
198
00:07:51,930 --> 00:07:54,123
They're used only for ICS devices.
15237
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.