Shulou(Shulou.com)06/01 Report--

"there are only two kinds of people in this world, * and those who have been."

Everything is achieved around one goal. Therefore, in this chapter, we will discuss the importance of goal-based testing and describe some classic failures of vulnerability scanning, testing, and red team exercises without goals. This chapter also makes a summary of security testing, introduces how to build a laboratory environment, and focuses on how to customize Kali to support some advanced content of testing. After reading this chapter, you will learn the following:

1. Overview of security testing

two。 Classic failure cases of vulnerability scanning, testing and red team practice

3. Update and organize Kali

4. Use BASH scripts to customize Kali

5. Set defined goals

6. Build a running environment

1.1 the concept of security testing

Every family, individual, public or private enterprise around the world has concerns in cyberspace, such as data loss, malware and cyberterrorism. It all revolves around a concept-protection. If you ask 100 different security consultants, "what is a security test?" You may hear different answers. The simplest explanation is that security testing is a process used to verify that information assets or systems are protected and that the protection function is performed as expected.

1.2 failure of classic vulnerability scanning, * tests and red team exercises

In this section, we will focus on traditional / classic vulnerability scanning, * tests, and red team exercises and explain their limitations. Now let's briefly explain the practical significance of these three methods and discuss their limitations:

Vulnerability scanning (Vulnerability scanning,Vscan): this is a process of identifying security vulnerabilities in a system or network. The limitation of vulnerability scanning is that only potential vulnerabilities are identified. This may include a large number of false positives, and for users, the existence of these vulnerabilities has little to do with risk assessment.

Penetration testing,Pentest: this is a process of securely exploiting vulnerabilities without affecting existing networks or businesses. After the tester tries and simulates vulnerability exploitation, the number of false positives is reduced. The deficiency of testing is that it can only take advantage of known public vulnerabilities, and most of them are project-focused tests. In * tests, we often hear "yeah! get access", but we never ask "what's next". There may be a variety of reasons, such as projects that restrict you from reporting high-risk issues to customers immediately, or customers who only care about part of the network and want you to compromise.

Red team training (Red Team Exercises,RTE): this is a process that evaluates an organization's effective defense against cyber threats and improves its security. During the RTE, we noticed that there are many ways to achieve project goals, such as full coverage of project goal activities, including phishing, wireless, discarded boxes, and physical testing. The disadvantage of using RTE is that they have time constraints, have predefined schemes, and they assume a virtual real environment.

In general, three different testing methods point to the terminology: * or cracking. We will take your network and expose its weaknesses, but do customers or business owners know that these networks have been hacked or cracked? How do we measure or crack it? What are the standards? When will we know that the network has been cracked or completely cracked? All these questions point to one thing-what is the main goal?

The main goal of the test / RTE is to determine the risk and assess the risk level of each asset, business, brand image, etc. This is not to assess how much they have, but to assess how much they are exposed. If the threat identified does not constitute a risk, no proof is required. For example, cross-site scripting (Cross-Site Scripting,XSS) to a brochure site may not have a significant impact on the business; however, clients may accept the use of Web Application Firewall (Web Application Firewall,WAF) to prevent XSS***.

1.3 Test methods

There is little consideration in the model as to why testing is done, or which data is business-critical data that needs to be protected. In the absence of this crucial step, the test failed to get to the point.

Many testers are reluctant to follow the off-the-shelf model approach, fearing that the model will hinder their creativity in the network. The test does not reflect the actual activities of the malicious person. Usually, customers want to see if you can get administrative access in a particular system ("can you open this box?" ). However, people may focus on how critical data is replicated-no underlying access is required, or a denial of service is caused.

In order to solve the inherent limitations of testing methods, it is necessary to integrate a framework-Rill chain from the perspective of * *.

In 2009, Lockheed Martin CERT's Mike Cloppert introduced this concept, which is now called "attacker kill chain". The steps taken by the "kill chain" when the person accesses the network. "kill chain" is not always presented as a linear stream, because some steps may occur in parallel. Multiple signals can instantly perform multiple tasks on the same target, and the steps may overlap at the same time.

In this book, we have modified Cloppert's kill chain to more accurately reflect how people apply these steps when using networks, applications, and data services.

Figure 1.1 shows a typical killer chain.

The typical kill chain of a person can be described as:

The reconnaissance phase. There is a maxim: "reconnaissance is never a waste of time." Most military organizations admit that it is best to know as much as possible about the enemy before attacking the enemy. Similarly, they will also carry out extensive reconnaissance of the target before. In fact, it is estimated that at least 70% of the "workload" for testing is reconnaissance! In general, two types of reconnaissance can be used:

Passive reconnaissance. This approach does not directly interact with the target in a hostile manner. For example, they will review publicly available websites, evaluate online media (especially social media sites), and try to determine the "surface" of the target.

A detailed task will produce a list of past and present employee names. These names will be the basis for trying brute force or password guessing. They are also used in social engineering.

This type of reconnaissance is difficult to distinguish from the behavior of ordinary users.

Active reconnaissance. This approach can be detected by the target, but it is difficult to distinguish the performance of most online organizations from the regular background.

Activities during active reconnaissance include physical access to the target front end, port scanning, and remote vulnerability scanning.

Delivery phase. Delivery is the selection and development of weapons, which are used to accomplish ongoing tasks. The precise choice of weapons depends on the intention of the person and the route of implementation (for example, through the network, through wireless, or through Web-based services). The impact of the delivery phase will be studied in the second part of this book.

Use or stage. A specific vulnerability is successfully exploited at a time when people achieve their goals. It may have happened in a specific scenario (for example, exploiting a security risk of a known operating system through a buffer overflow), or it may occur in multiple scenarios (for example, a person physically visits a company's residence, steals their phone book, and creates a portal login brute force list with the names of company employees. In addition, emails are sent to all employees to tempt them to click on an embedded link to download the generated PDF files that can endanger the employee's computer. When the villain targets a particular enterprise, multiple scenarios are the norm.

Post-utilization stage: action on the target. This is often referred to as the "exfiltration phase", which is wrong because it is generally understood that the sole purpose is to steal sensitive information (such as login information, personal information, and financial information); however, in general, people have different goals. For example, this phase must focus on many possible actions of the person.

The most common use activity is that people try to increase their access to the highest level (vertical upgrade) and crack as many accounts as possible (horizontal upgrade).

Late utilization: persistence. If a network or system is valuable, then that value is likely to continue to grow. This requires continuous communication between the requestor and the compromised system. From a guardian's point of view, this is the easiest part of the kill chain to detect.

Chain killing is a basic model of human behavior when trying to network or a specific data system. As a metamodel, it can absorb any private or commercial testing methods. However, unlike these methods, it emissaries focus on how to approach the network at a strategic level. This focused activity will guide the layout and content of the book.

1.4 introduction to Kali Linux-History and purpose

Kali Linux (Kali) inherits from the BackTrack test platform, and BackTrack is generally considered to be the actual standard toolkit for testing secure data and voice networks. It is a sexual security protection tool jointly developed by Mati Aharoni and Devon Kearns. The development of Kali is as follows:

In March 2013, Kali Linux, a new testing tool based on Debian GNU/Linux open source systems, replaced BackTrack.

Kali 1.1.0 (February 9, 2015): this is the first upgrade of kali in two years, with kernel patch changed to 3.18, with wireless injection patch and wireless driver support-there are about 58 fixed bug. Other versions such as Kali 1.1.0a can optionally install certain programs.

Kali 2. 0 (Aug. 11, 2015): this is a major version, now a rolling distribution, with major changes to UI. Can be updated from the old version to the new version of Kali 2.0.

Kali 2016.1 (January 21, 2016): the first Kali was launched. Kernel 4.3 and the latest release of Gnome 3.18.

Kali 2016.2 (August 31, 2016): the second rolling version of Kali. Kernel 4.6 and Gnome 3.20.2 updates fixed some bugs.

Other features of Kali 2.0 include:

Contains more than 300 testing, data forensics and defense tools. They are supported wirelessly by hardware and kernel patches, allowing some packets to be injected into the wireless.

Support for a variety of desktop environments, such as Gnome, KDE, LXDE and XFCE, as well as multiple languages.

Debian-compliant tools synchronize with the Debian repository at least four times a day, making it easier to update packages and support security fixes.

Packages and repurchase agreements with secure development environment and GPG signature.

Support for ISO customization, which allows users to build their own version of Kali. The bootstrapper function also performs an enterprise network installation, which can be automated with previous seed files.

As ARM-based systems become more common and cheaper, Kali that supports ARMEL and ARMHF can be installed on devices such as rk3306mk/ss808, Raspberry Pi, ODROID U2/X2, Samsung Chromebook, EfikaMX, Beaglebone Black, CuBox, and Galaxy Note 10.1.

Kali retains a free open source project. Most importantly, it is supported by an active online user base.

The purpose of Kali Linux is to protect and integrate all the tools and provide a unified platform for testers.

1.5 install and update Kali Linux

We mainly introduce the knowledge about kali***. Now we will give a more comprehensive introduction to the different installation methods and updated technologies of Kali Linux.

1.6 use of Kali Linux in portable devices

Installing Kali Linux into a portable device is fairly simple. In some cases, customers are not allowed to use external laptops within the security facility. In this case, the client usually provides a test computer to the vulnerability tester for scanning. When testing for vulnerabilities and RTE, running Kali Linux on a portable device has more benefits:

When using a USB or mobile device, the Kali is in your pocket.

Kali can be run directly without making any changes to the host operating system.

You can customize the construction of Kali Linux and even use solidified memory.

Converting USB from Windows PC to portable Kali is a simple process that involves three steps:

1) the official download URL of Kali Linux image is: http://docs.kali.org/introduction/download-official-kali-linux-images.

2) the download address of Win32Disk Imager is https://sourceforge.net/projects/win32diskimager/.

3) Open Win32Disk Imager as an administrator. Plug the USB drive into the available USB port of the PC and you can see the interface shown in figure 1.2. Select the correct drive name and click Write.

Once done, exit Win32Disk Imager and safely move out of USB. Kali Linux is now ready on portable devices and can be plugged into any laptop to boot directly. If the host operating system is Linux, it can be achieved through two standard commands,-- sudofdisk-1 and dd if=kali linux.iso of=/dev/nameofthedrive bs=512k. The former displays all disks installed on the drive; for the latter, if used for input files, the dd command line performs conversion and replication, of refers to the output file, and bs refers to the block size.

1.7 install Kali into a virtual machine

This section takes a closer look at how to install Kali into VMware Workstation Player and Oracle VirtualBox.

VMware Workstation Player

VMware Workstation Player, formerly known as VMware Player, is available for free use by individuals. In the host operating system, the VMware virtual machine exists as a desktop application and is allowed for commercial use. The application can be downloaded from URL http://www.vmware.com/products/player/playerpro-evaluation.html.

Next, I'll show you the process of gradually installing Kali Linux into VMware Workstation Player.

Once the file is downloaded to the host operating system, simply click Open the executable (Open executable) to see the screenshot shown in figure 1.3.

The next step is to accept the end user license agreement and click Next until you get the screen shown in figure 1.4, which shows that VMware has been successfully installed on the host operating system.

The next step is to install Kali Linux to VMware, now that we have downloaded the file from the official Kali Linux, click Create a NewVirtual machine (create a new virtual machine) and select Installer disc image file (iso) (install disk image file). Browse the downloaded ISO file, and then click Next. You can now enter the name of your choice (for example, HackBox) and select a custom location where you want to store the VMware image. Click Next, then specify the minimum disk capacity on which to run Kali (recommended as 10GB), and then click Next until all settings are complete. When you are done, you should see the screen shown in figure 1.5.

You can choose to install Kali Linux into the host operating system or run it as a live image. Once you have completed all the installation steps, you can successfully launch Kali Linux from VMware, as shown in figure 1.6.

Note: the Sana repository was removed from the new version of kali-linux 2016.2. Sana is the code name of the repository made up of packages. So it is recommended that the first step after installing / starting Kali Linux is to run apt-get update to update the sources.lst file.

VirtualBox

VirtualBox is similar to VMware Workstation Player in that it is a completely open source hypervisor and a free desktop application that runs any virtual machine from the host operating system. You can download VirtualBox from https://www.Virtualbox.org/wiki/Downloads.

Kali will now be installed on VirtualBox. Similar to VMware, the downloaded executable files will be executed, which will lead us to the screen shown in figure 1.7.

Once you click Next,VirtualBox, you should provide a custom option to choose a different storage mode. By default, we will select VirtualBox Application, as shown in figure 1.8.

Click Next to see the installation progress, as shown in figure 1.9.

Figure 1.10 provides confirmation of a successful installation of Oracle VirtualBox.

The next step is to install Kali Linux into VirtualBox. Click New in the menu, and the screen shown in figure 1.11 appears. You can enter the name of your choice and select the correct version of the platform. For example, depending on the ISO image we downloaded, choose 64-bit Debian or 32-bit Debian.

Click Next and provide the required RAM size for Kali. We recommend that RAM be at least 1GB. By clicking Next, a virtual hard disk will be created for Kali Linux on the host operating system. Click Next to select the hard disk file type, mostly VDI (Virtualbox Disk Image), as shown in figure 1.12.

Click Next to create the size of the hard drive, as shown in figure 1.13.

Finally, we must go to Hackbox | Settings and load the ISO image as an external driver, as shown in figure 1.14.

You should now see the following screenshot that Kali Linux to VirtualBox has been successfully installed, as shown in figure 1.15.

1.8 install Kali to a Docker device

Docker is an open source project designed to automate the deployment of software containers and applications in real time. Docker also provides an additional abstraction and automation layer for virtualization at the operating system level on Linux.

Docker is available for Windows,MacOS, Linux, AWS (Amazon Web Services), and Azure. In Windows, you can download Docker from https://download.docker.com/win/stable/InstallDocker.msi.

The following steps show how to install Docker in Windows 10, as shown in figure 1.16:

To install Docker to Windows, you need to use the Hyper-V feature on Microsoft Windows. If Hyper-V is not enabled, you will probably see the interface shown in figure 1.17.

Once you click Ok,Hyper-V, it will be enabled by the Docker application, and you can view the command prompt by simply entering the docker command, as shown in figure 1.18.

We have now installed the Docker device into the Windows host operating system. Install Kali Linux using a simple docker pull kalilinux/kalilinux-docker command, as shown in figure 1.19.

Once you download Kali Linux to the Docker application, you can immediately run run-t-i kalilinux/kal-linux-docker/bin/bash from the downloaded Kali Docker device, as shown in figure 1.20.

You should be able to run Kali Linux directly from Docker. Also, note that Docker uses the VirtualBox environment in the background. Therefore, it is a virtual machine running on VirtualBox through a Docker device.

1.9 install Kali to the cloud-create an instance of AWS

AWS is a cloud-based platform provided by Amazon. Amazon mainly provides customers with anytime, anywhere computing, storage and content delivery. Testers may be able to use AWS for * testing, and this section describes the easiest way to install Kali Linux into AWS, which will be convenient in the case of external commands and controls.

First of all, you need a valid AWS account. You can register by visiting https://console.aws.amazon.com/console/home.

After logging in to the AWS account, you can see all the AWS services, as shown in figure 1.21.

The second step is to start Kali Linux on AWS. We will customize Kali Linux by installing the Debian operating system. The open source community makes it easy to launch preconfigured Kali Linux 2016.2 directly in Amazon Marketplace. Https://aws.amazon.com/marketplace/pp/B01M26MMTT will enable us to launch Kali Linux directly within minutes.

When you visit the link, you can see what is shown in figure 1.22.

Click the Accept Software Terms&Launch with 1-Click (accept Software terms and launch) button, and then access your AWS console by visiting https://console.aws.amazon.com/ec2/v2/home?regin=us-east-1. You can now create an instance by selecting the Instance ID button on Launch Instance, as shown in figure 1.23.

To ensure that only you can access Kali Linux, you need to create a key-value pair. You can now log in to your AWS cloud using the private key generated in the key-value pair. Then log in by entering the following command from the command shell:

Figure 1.24 shows that Kali has been successfully installed on AWS.

All terms and conditions must be met in order to test with AWS. Legal terms and conditions must be complied with before initiating any CVM.

1.10 Summary

In this article, we introduce different testing methods and the organization of goal-based testing for real-time testing. We showed how testers use Kali Linux on several different platforms to evaluate the security of data systems and networks. We have installed Kali on different virtualization platforms and have seen the shortcut of running the Linux operating system using Docker on the Windows platform.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.