From 4f0cc90915fd1533e2e48f5ee830906caf58aaeb Mon Sep 17 00:00:00 2001 From: Valentin Giannini Date: Mon, 29 Jan 2018 09:26:00 +0100 Subject: [PATCH] add pentext taxonomy --- MANIFEST.json | 5 + pentest/machinetag.json | 253 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 258 insertions(+) create mode 100644 pentest/machinetag.json diff --git a/MANIFEST.json b/MANIFEST.json index bafb40e..c2942a7 100644 --- a/MANIFEST.json +++ b/MANIFEST.json @@ -200,6 +200,11 @@ "name": "passivetotal", "description": "Tags for RiskIQ's passivetotal service" }, + { + "version": 1, + "name": "pentest", + "description": "Pentest taxonomy" + }, { "version": 1, "name": "rt_event_status", diff --git a/pentest/machinetag.json b/pentest/machinetag.json new file mode 100644 index 0000000..54b62f5 --- /dev/null +++ b/pentest/machinetag.json @@ -0,0 +1,253 @@ +{ + "version": 1, + "namespace": "CERT-XLM", + "description": "CERT-XLM Pentest Classification.", + "values": [ + { + "predicate": "approach", + "entry": [ + { + "value": "blackbox", + "expanded": "Blackbox penetration test requires no prior information about the target network or application and is actually performed keeping it as a real world hacker attack scenario." + }, + { + "value": "greybox", + "expanded": "Gray box testing lies between black and white. Testers will have knowledge of some areas but not others. These areas are defined at the start of an engagement." + }, + { + "value": "whitebox", + "expanded": "White box, or authenticated tests, target the security of your underlying technology with full knowledge of your IT department. Information typically shared with the tester includes: network diagrams, IP addresses, system configurations and access credentials." + }, + { + "value": "vulnerability_scanning", + "expanded": "Vulnerability scanning is a security technique used to identify security weaknesses in a computer system." + }, + { + "value": "redteam", + "expanded": "A red team is an group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view without any predefined scope." + } + ] + }, + { + "predicate": "scan", + "entry": [ + { + "value": "vertical", + "expanded": "A scan against multiple ports of a single IP." + }, + { + "value": "horizontal", + "expanded": "A scan against a group of IPs for a single port." + }, + { + "value": "network_scan", + "expanded": "It is the discovery of networks and machines with services." + }, + { + "value": "vulnerability", + "expanded": "Vulnerability scanning is a security technique used to identify security weaknesses in a computer system." + } + ] + }, + { + "predicate": "exploit", + "entry": [ + { + "value": "type confusion", + "expanded": "When a piece of code doesn’t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion." + }, + { + "value": "format_strings", + "expanded": "The format string exploit occurs when the submitted data of an input string leads to arbitrary read or write in the memory. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system." + }, + { + "value": "stack_overflow", + "expanded": "In software, a stack overflow is type of buffer overflow that occurs if the call stack pointer exceeds the stack bound." + }, + { + "value": "heap_overflow", + "expanded": "A heap overflow is a type of buffer overflow that occurs in the heap data area." + }, + { + "value": "heap_spraying", + "expanded": "Heap spraying is a technique used in exploits to facilitate arbitrary code execution. In general, code that sprays the heap attempts to put a certain sequence of bytes at a predetermined location in the memory of a target process by having it allocate (large) blocks on the process's heap and fill the bytes in these blocks with the right values." + }, + { + "value": "fuzzing", + "expanded": "Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program." + }, + { + "value": "ROP", + "expanded": "The Return-Oriented Programming (ROP) is a computer security exploit technique in which the attacker uses control of the call stack to indirectly execute cherry-picked machine instructions or groups of machine instructions immediately prior to the return instruction in subroutines within the existing program code, in a way similar to the execution of a threaded code interpreter." + }, + { + "value": "null_pointer_dereference", + "expanded": "A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit." + } + ] + }, + { + "predicate": "post_exploitation", + "entry": [ + { + "value": "privilege_escalation", + "expanded": "Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user." + }, + { + "value": "pivoting", + "expanded": "Pivoting refers to a method used by penetration testers that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines." + }, + { + "value": "password_cracking", + "expanded": "Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system." + }, + { + "value": "persistence", + "expanded": "The persistence is when a penetration tester let him a way to keep its exploitation on a machine or a domain even if the system is rebooted." + }, + { + "value": "data_exfiltration", + "expanded": "After an exploitation of a machine, a penetration tester will try to exfiltrate sensitive data." + } + ] + }, + { + "predicate": "web", + "entry": [ + { + "value": "injection", + "expanded": "Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or \"inject\") code into a vulnerable computer program and change the course of execution." + }, + { + "value": "SQLi", + "expanded": "An SQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the SQL backend database. The malicious data then produces database query results or actions that should never have been executed." + }, + { + "value": "NoSQLi", + "expanded": "An NoSQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the NoSQL backend database. The malicious data then produces database query results or actions that should never have been executed." + }, + { + "value": "XML injection", + "expanded": "XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application. Further, XML injection can cause the insertion of malicious content into the resulting message/document." + }, + { + "value": "CSRF", + "expanded": "Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request." + }, + { + "value": "SSRF", + "expanded": "Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network." + }, + { + "value": "XSS", + "expanded": " Cross-site scripting (XSS) is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user's browser or by an application that has not protected itself against cross-site scripting." + }, + { + "value": "file_inclusion", + "expanded": "The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a \"dynamic file inclusion\" mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation." + }, + { + "value": "web_tree_discovery", + "expanded": "A web tree discovery is a brute force directories and files names on web/application server" + }, + { + "value": "bruteforce", + "expanded": "A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly." + }, + { + "value": "fuzzing", + "expanded": "Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. " + } + ] + }, + { + "predicate": "network", + "entry": [ + { + "value": "sniffing", + "expanded": "Sniffing involves capturing, decoding, inspecting and interpreting the information inside a network packet on a TCP/IP network." + }, + { + "value": "spoofing", + "expanded": "Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security." + }, + { + "value": "man_in_the_middle", + "expanded": "man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other." + }, + { + "value": "network_discovery", + "expanded": "It is the discovery of networks and machines with services." + } + ] + }, + { + "predicate": "social_engineering", + "entry": [ + { + "value": "phishing", + "expanded": "Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication" + }, + { + "value": "malware", + "expanded": "Malware, short for malicious software, is an umbrella term used to refer to a variety of forms of harmful or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs." + } + ] + }, + { + "predicate": "vulnerability", + "entry": [ + { + "value": "CWE", + "expanded": "Targeted to developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weakness types" + }, + { + "value": "CVE", + "expanded": "Common Vulnerabilities and Exposures (CVE) is a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures." + } + ] + } + ], + "predicates": [ + { + "value": "approach", + "expanded": "Approach", + "description": "This is group is dealing with differents types of pentest" + }, + { + "value": "scan", + "expanded": "Scan", + "description": "Automated tool that perform " + }, + { + "value": "exploit", + "expanded": "Exploit", + "description": "Exploitation of a vulnerability" + }, + { + "value": "post_exploitation", + "expanded": "Exploit", + "description": "Utilizing post exploitation techniques will ensure that a penetration tester maintains some level of access and can potentially lead to deeper footholds into the targets trusted infrastructure." + }, + { + "value": "web", + "expanded": "Web", + "description": "This is group is dealing with web vulnerabilities" + }, + { + "value": "network", + "expanded": "Network", + "description": "This is group is dealing with network vulnerabilities" + }, + { + "value": "social_engineering", + "expanded": "Social engineering", + "description": "Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. " + }, + { + "value": "vulnerability", + "expanded": "Vulnerability", + "description": "This is group is dealing with the classification of weaknesses and vulnerabilities" + } + ] +}