Tools & Training To ‘Hack Yourself’ To Security

How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.

Perhaps you’ve purchased the best cybersecurity technology available. Maybe you’ve brought in a red team (or have one in-house). You feel prepared in case of a cyber-attack. However, there’s another step to attaining the proper level of preparation for today’s sophisticated cyber-attacks: making sure your blue team knows how attackers operate.

If you can implement a “hack-yourself” program effectively, you can improve the effectiveness of your defense-in-depth strategies by having a blue team capable of carrying out red team exercises to gain a better awareness of how attackers might approach certain network vulnerabilities.

When your network is under attack, your most valuable asset is time. The faster you understand you’re being attacked and the quicker you understand what’s happening, the faster you can identify where the attackers are and what they’re doing. Responding to attacks quickly and efficiently requires an advanced level of preparation that many security teams haven’t yet achieved.

The first step in improving preparation is theoretical training in the latest tools, techniques and procedures. Cybersecurity conferences such as Black Hat, DefCon, BSides and the Chaos Communication Conference can provide the higher-level, theoretical learning to get your security team moving toward proper awareness and preparation. The next step is to introduce red team exercises.

Red team exercises with third-party consultants can help large enterprises spot critical vulnerabilities in their networks. However, many companies rely on these red team exercises to the point that they don’t maintain the proper level of internal cybersecurity awareness. External red team exercises offer a level of expertise that most organization don’t have internally. But there is also real value in implementing a “hack-yourself” program to build your security posture from the inside, and arm your blue team with the necessary skills to think like the red team and improve your security posture.

More than simulations

Rather than having your security team practice hacking skills on third-party sites, internal red team exercises are carried out on your real network--they are not just simulations. But to get the most out of a “hack yourself” program and avoid causing damage to the network, your security team must have the proper training to identify vulnerabilities as it hunts for data, administrator credentials, or any other valuable assets on your servers.

One way to ensure your security team has the proper training to carry out an advanced “hack-yourself” program is to invest in the Cyber Guardians program from the SANS Institute. The Cyber Guardians program consists of four core courses and corresponding certificates.

The program is meant to provide security professionals with knowledge about all kinds of cyber-attacks and how to respond to them accordingly. After your security team has achieved Cyber Guardian status, you’ll know that they are capable of understanding many techniques attackers might use to maneuver through your network.

Once your internal red team is trained to enact the “hack-yourself” program, you need to supply them with tools similar to those that attackers have at their disposal when launching threats. The following are two toolkits blue teams can use together for an effective “hack-yourself” program: Metasploit through Kali Linux and Cobalt Strike.

Metasploit

Metasploit, which has been labeled the Attacker’s Playbook by many in the cybersecurity community, offers a rich library of exploits you can run on a number of different servers. If your blue team can simulate the various steps of APT attacks, they will better be able to spot the attack paths and vulnerabilities that might have otherwise allowed major data breaches.

However, before your internal security team can start using Metasploit to its fullest potential, they’ll need specific training. Offensive Security offers a free training program for the toolkit called Metasploit Unleashed.

Cobalt Strike

Cobalt Strike is a tool used by red teams to emulate real network threats. You can use the tools within Cobalt Strike to conduct penetration testing. The toolkit’s website says the software includes functionality for:

  • Network reconnaissance
  • Attack packages for Java Applet, Microsoft Office, Microsoft Windows, website cloning and more
  • Spear phishing
  • Collaboration within the penetration team
  • Post exploitation (execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads)
  • Covert communications to evade security systems
  • Browser pivoting to avoid two-factor authentication
  • Reporting and logging to analyze the results of the exercise

While Metasploit offers a collection of exploits for blue teams to use, the tools and functionality in Cobalt Strike help blue teams gather information and move laterally without exploits. With the combination of an exploit toolkit and a set of tools reconnaissance and lateral movement, your trained security team can successfully carry out a “hack-yourself” program and uncover even the deepest layer of vulnerabilities.

Why "Hack Yourself?"

If you’ve never experienced a cyber-attack, you will likely think the first time will happen exactly as how you’ve studied. Consequently, you will be caught off guard when an attack actually occurs; there will be so much more information that it’s hard to understand what’s important, what isn’t important, and what to investigate further. The more you practice internally, the better prepared you’ll be when the time comes that you’re actually under attack.

Dark Reading: http://ubm.io/2a1mxJe

 

« DDoS Attacks Shuts Down Pro-ISIS Websites
Top Tips To Protect Email Accounts From Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

Clearwater Compliance

Clearwater Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

WebOrion

WebOrion

WebOrion is an All-in-One Web Security & Performance Suite. Fortify, accelerate and monitor your website today.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

1898 & Co

1898 & Co

1898 & Co., part of Burns & McDonnell, is a business, technology and security solutions consultancy where experience and foresight come together to unlock lasting advancements.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.