MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

MISP taxonomies updated

pull/3/head
Alexandre Dulaunoy 2018-01-31 15:18:58 +01:00
parent dbee5fe746
commit ad94d51958
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 12384 additions and 8513 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

269
taxonomies.html
View File

@ -481,6 +481,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_open_threat">open_threat</a></li>
<li><a href="#_osint">osint</a></li>
<li><a href="#_passivetotal">passivetotal</a></li>
<li><a href="#_pentest">pentest</a></li>
<li><a href="#_rt_event_status">rt_event_status</a></li>
<li><a href="#_runtime_packer">runtime-packer</a></li>
<li><a href="#_stealth_malware">stealth_malware</a></li>
@ -14111,6 +14112,272 @@ passivetotal namespace available in JSON format at <a href="https://github.com/M
</div>
</div>
<div class="sect1">
<h2 id="_pentest">pentest</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
pentest namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/pentest/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>pentest classification.</p>
</div>
<div class="sect2">
<h3 id="_approach">approach</h3>
<div class="paragraph">
<p>This is group is dealing with differents types of pentest</p>
</div>
<div class="sect3">
<h4 id="_pentest_approach_blackbox">pentest:approach="blackbox"</h4>
<div class="paragraph">
<p>Blackbox penetration test requires no prior information about the target network or application and is actually performed keeping it as a real world hacker attack scenario. (<a href="https://www.evolution-sec.com/en/products/blackbox-penetration-testing" class="bare">https://www.evolution-sec.com/en/products/blackbox-penetration-testing</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_approach_greybox">pentest:approach="greybox"</h4>
<div class="paragraph">
<p>Gray box testing lies between black and white. Testers will have knowledge of some areas but not others. These areas are defined at the start of an engagement.(<a href="https://www.intelisecure.com/security-assessments-pen-testing/approaches/" class="bare">https://www.intelisecure.com/security-assessments-pen-testing/approaches/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_approach_whitebox">pentest:approach="whitebox"</h4>
<div class="paragraph">
<p>White box, or authenticated tests, target the security of your underlying technology with full knowledge of your IT department. Information typically shared with the tester includes: network diagrams, IP addresses, system configurations and access credentials.(<a href="https://www.intelisecure.com/security-assessments-pen-testing/approaches/" class="bare">https://www.intelisecure.com/security-assessments-pen-testing/approaches/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_approach_vulnerability_scanning">pentest:approach="vulnerability_scanning"</h4>
<div class="paragraph">
<p>Vulnerability scanning is a security technique used to identify security weaknesses in a computer system. (<a href="https://www.techopedia.com/definition/4160/vulnerability-scanning" class="bare">https://www.techopedia.com/definition/4160/vulnerability-scanning</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_approach_redteam">pentest:approach="redteam"</h4>
<div class="paragraph">
<p>A red team is an group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view without any predefined scope. (<a href="https://en.wikipedia.org/wiki/Red_team" class="bare">https://en.wikipedia.org/wiki/Red_team</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_scan">scan</h3>
<div class="paragraph">
<p>Automated tool that perform network checks</p>
</div>
<div class="sect3">
<h4 id="_pentest_scan_vertical">pentest:scan="vertical"</h4>
<div class="paragraph">
<p>A scan against multiple ports of a single IP.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_scan_horizontal">pentest:scan="horizontal"</h4>
<div class="paragraph">
<p>A scan against a group of IPs for a single port.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_scan_network_scan">pentest:scan="network_scan"</h4>
<div class="paragraph">
<p>It is the discovery of networks and machines with services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_scan_vulnerability">pentest:scan="vulnerability"</h4>
<div class="paragraph">
<p>Vulnerability scanning is a security technique used to identify security weaknesses in a computer system. (<a href="https://www.techopedia.com/definition/4160/vulnerability-scanning" class="bare">https://www.techopedia.com/definition/4160/vulnerability-scanning</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_2">exploit</h3>
<div class="paragraph">
<p>Exploitation of a vulnerability</p>
</div>
</div>
<div class="sect2">
<h3 id="_post_exploitation">post_exploitation</h3>
<div class="paragraph">
<p>Utilizing post exploitation techniques will ensure that a penetration tester maintains some level of access and can potentially lead to deeper footholds into the targets trusted infrastructure. (<a href="https://www.offensive-security.com/metasploit-unleashed/msf-post-exploitation/" class="bare">https://www.offensive-security.com/metasploit-unleashed/msf-post-exploitation/</a>)</p>
</div>
<div class="sect3">
<h4 id="_pentest_post_exploitation_privilege_escalation">pentest:post_exploitation="privilege_escalation"</h4>
<div class="paragraph">
<p>Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. (<a href="https://en.wikipedia.org/wiki/Privilege_escalation" class="bare">https://en.wikipedia.org/wiki/Privilege_escalation</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_post_exploitation_pivoting">pentest:post_exploitation="pivoting"</h4>
<div class="paragraph">
<p>Pivoting refers to a method used by penetration testers that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines. (<a href="https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting" class="bare">https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_post_exploitation_password_cracking">pentest:post_exploitation="password_cracking"</h4>
<div class="paragraph">
<p>Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. (<a href="https://en.wikipedia.org/wiki/Password_cracking" class="bare">https://en.wikipedia.org/wiki/Password_cracking</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_post_exploitation_persistence">pentest:post_exploitation="persistence"</h4>
<div class="paragraph">
<p>The persistence is when a penetration tester let him a way to keep its exploitation on a machine or a domain even if the system is rebooted.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_post_exploitation_data_exfiltration">pentest:post_exploitation="data_exfiltration"</h4>
<div class="paragraph">
<p>After an exploitation of a machine, a penetration tester will try to exfiltrate sensitive data.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_web_2">web</h3>
<div class="paragraph">
<p>This is group is dealing with web vulnerabilities</p>
</div>
<div class="sect3">
<h4 id="_pentest_web_injection">pentest:web="injection"</h4>
<div class="paragraph">
<p>Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or "inject") code into a vulnerable computer program and change the course of execution. (<a href="https://en.wikipedia.org/wiki/Code_injection" class="bare">https://en.wikipedia.org/wiki/Code_injection</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_sqli">pentest:web="SQLi"</h4>
<div class="paragraph">
<p>An SQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the SQL backend database. The malicious data then produces database query results or actions that should never have been executed.(<a href="https://www.techopedia.com/definition/4126/sql-injection" class="bare">https://www.techopedia.com/definition/4126/sql-injection</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_nosqli">pentest:web="NoSQLi"</h4>
<div class="paragraph">
<p>An NoSQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the NoSQL backend database. The malicious data then produces database query results or actions that should never have been executed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_xml_injection">pentest:web="XML injection"</h4>
<div class="paragraph">
<p>XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application. Further, XML injection can cause the insertion of malicious content into the resulting message/document.(<a href="http://projects.webappsec.org/w/page/13247004/XML%20Injection" class="bare">http://projects.webappsec.org/w/page/13247004/XML%20Injection</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_csrf">pentest:web="CSRF"</h4>
<div class="paragraph">
<p>Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they&#8217;re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.(<a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)" class="bare">https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_ssrf">pentest:web="SSRF"</h4>
<div class="paragraph">
<p>Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network. (<a href="https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/" class="bare">https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_xss">pentest:web="XSS"</h4>
<div class="paragraph">
<p>Cross-site scripting (XSS) is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user&#8217;s browser or by an application that has not protected itself against cross-site scripting. (<a href="https://www.webopedia.com/TERM/X/XSS.html" class="bare">https://www.webopedia.com/TERM/X/XSS.html</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_file_inclusion">pentest:web="file_inclusion"</h4>
<div class="paragraph">
<p>The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. (<a href="https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion" class="bare">https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_web_tree_discovery">pentest:web="web_tree_discovery"</h4>
<div class="paragraph">
<p>A web tree discovery is a brute force directories and files names on web/application server</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_bruteforce">pentest:web="bruteforce"</h4>
<div class="paragraph">
<p>A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. (<a href="https://en.wikipedia.org/wiki/Brute-force_attack" class="bare">https://en.wikipedia.org/wiki/Brute-force_attack</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_web_fuzzing">pentest:web="fuzzing"</h4>
<div class="paragraph">
<p>Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. (<a href="https://en.wikipedia.org/wiki/Fuzzing" class="bare">https://en.wikipedia.org/wiki/Fuzzing</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_network">network</h3>
<div class="paragraph">
<p>This is group is dealing with network vulnerabilities</p>
</div>
<div class="sect3">
<h4 id="_pentest_network_sniffing">pentest:network="sniffing"</h4>
<div class="paragraph">
<p>Sniffing involves capturing, decoding, inspecting and interpreting the information inside a network packet on a TCP/IP network. (<a href="http://www.valencynetworks.com/articles/cyber-security-attacks-network-sniffing.html" class="bare">http://www.valencynetworks.com/articles/cyber-security-attacks-network-sniffing.html</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_network_spoofing">pentest:network="spoofing"</h4>
<div class="paragraph">
<p>Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security. (<a href="https://www.techopedia.com/definition/5398/spoofing" class="bare">https://www.techopedia.com/definition/5398/spoofing</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_network_man_in_the_middle">pentest:network="man_in_the_middle"</h4>
<div class="paragraph">
<p>man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. (<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack" class="bare">https://en.wikipedia.org/wiki/Man-in-the-middle_attack</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_network_network_discovery">pentest:network="network_discovery"</h4>
<div class="paragraph">
<p>It is the discovery of networks and machines with services.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_social_engineering">social_engineering</h3>
<div class="paragraph">
<p>Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. (<a href="https://krashconsulting.com/index.php/services/sea/" class="bare">https://krashconsulting.com/index.php/services/sea/</a>)</p>
</div>
<div class="sect3">
<h4 id="_pentest_social_engineering_phishing">pentest:social_engineering="phishing"</h4>
<div class="paragraph">
<p>Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. (<a href="https://en.wikipedia.org/wiki/Phishing" class="bare">https://en.wikipedia.org/wiki/Phishing</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_social_engineering_malware">pentest:social_engineering="malware"</h4>
<div class="paragraph">
<p>Malware, short for malicious software, is an umbrella term used to refer to a variety of forms of harmful or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. (<a href="https://en.wikipedia.org/wiki/Malware" class="bare">https://en.wikipedia.org/wiki/Malware</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vulnerability">vulnerability</h3>
<div class="paragraph">
<p>This is group is dealing with the classification of weaknesses and vulnerabilities</p>
</div>
<div class="sect3">
<h4 id="_pentest_vulnerability_cwe">pentest:vulnerability="CWE"</h4>
<div class="paragraph">
<p>Targeted to developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weakness types. (<a href="https://cwe.mitre.org/about/" class="bare">https://cwe.mitre.org/about/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentest_vulnerability_cve">pentest:vulnerability="CVE"</h4>
<div class="paragraph">
<p>Common Vulnerabilities and Exposures (CVE) is a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures. (<a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures" class="bare">https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures</a>)</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_rt_event_status">rt_event_status</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -21492,7 +21759,7 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
</div>
<div id="footer">
<div id="footer-text">
Last updated 2018-01-30 11:27:21 CET
Last updated 2018-01-31 15:18:20 CET
</div>
</div>
</body>

20628
taxonomies.pdf
View File

File diff suppressed because it is too large Load Diff