SecPro CommSecPro Community Wisdom #1: The most effective tools in Pentesting/Red Team Ops
Hey!
Hello and welcome to the first Community Wisdom issue of 2022!
Many of you might be familiar with important community conversations that were featured in past SecPro issues. Due to popular demand, we’ll highlight the most helpful and in-depth conversations in exclusive community issues, like this one, delivered straight to your inbox every first and third Thursday. This brings us a step closer to our mission of being community-led by sharing valuable insights from security professionals and practitioners like yourself with other members.
This was one of the most liked programs from feedback surveys and I’m delighted to be making it real and sharing actionable learning and community wisdom with you.
Cheers,
Kartikey Pandey
Editor-in-Chief
Top Questions This Week
1. Most effective tools in Pentesting
Q: Where do you find the latest and most effective tools in Pentesting/Red Team Ops? How do you check their authenticity and start utilizing them?
Siddharta, Red-Blue Teaming + Advanced Adversary Simulation
– My primary source is Twitter. Following these accounts will help a lot in keeping up with the pace of the latest resources, whether they be tools, zero-days, major security events, conferences, and so on. The Twitter accounts are @Dinosn and @CyberWarship. You can also look at kitploit.com
I usually don’t just git clone and start using the new tools, I have an arsenal of existing tools. The most important advice I can give is: to go after techniques, tactics, and procedures because tools come and go, they will be there always because someone is working to modify it, or someone has new ideas to implement. Many of my friends I know, make tools themselves and they’re highly customizable. So the choice of tools and their effectiveness lies in these two points:
- Is the tool enabling me to implement and exercise the latest techniques?
- Is the tool well built and well maintained if a tool? If it delivers a very specific need, no matter which type, or it’s outdated, then it’s better to read the source code (open-source) and customize it to current needs.
Another big thing is communities – Discord, Slack, Telegram, online forums, even LinkedIn, I prefer Discord. So there’s a community with common interests and goals in mind, and they are in their own journey, some are advanced users, some are at intermediate and some are mere beginners, but they’re all distinct. Whenever I seek help regarding the choice of tooling and even techniques, I often get relevant and genuine help.
Most effective tools in Pentesting
Pradeep, DevOps Engineer
– Our pentesting tools are decided based on how well they suit our needs. We extensively trial them to see if they match/exceed those needs. We are sure of their authenticity when they are acquired from the software maker. Some are free tools as well. In those cases, we check for how widely they are being used, the developers behind it, the community behind it, etc.
Kapil, Security Operations
– Mostly use open-source communities like Kali for PT.
Mirza, Testing
– Google for them or ask around in testing forums, like the Ministry of Testing Club.
2. Incident Response
Q: Can you talk about your experience with the Security incident response team? During an incident, what are the key things to do, and what is your quick plan of action?
Kapil, Security Operations
– Manage SOC 24×7, containment, and eradication along with lessons learned is key. Heavily invest in SIEM fine-tuning, SOP, and playbooks to respond to incidents.
Alex, Incident Response
- Incident business risk assessment
- Incident mitigation and execution plan
- Incident communication plan
- Post-incident learning and improvement plans to prevent similar incidents from happening again
Pradeep, DevOps Engineer
– The first step for an IR is being prepared for an incident. During an IR, we do the following, in the given order:
- Understand the incident
- Isolate the incident/contain the damage
- Remedy the incident
- Recover from the incident
- Post IR lessons learned
3. Data Security
Q: In the event of a data breach, what is your first step? Can cyber liability insurance protect you?
Anand
– To protect the data to be transmitted to host devices and stop the transmission anyhow if the credentials include confidential information and PII’s. Otherwise, if the data is regular monitoring data that we have kept a backup, then we can inject the payload that will contaminate the whole data that host gets the malicious data and hence, cannot harm the organization.
Alex, Incident Response
– The first step is to stay alert about the breach. reaching the target of victims with a communication plan is important and the breached company needs to send out notifications for customer awareness. Cyber liability insurance can only protect up to some extent and not include a loss in potential future profits that may be lost—due to reputation damage caused by a breach.
Wolfram, Software Developer
– Secure the environment as much as possible and tell it to the next higher responsible person. Escalate it.
Avishek, Data Scientist
– Follow protocols. No insurance can’t help.
4. IoT Security
Q: Have you met with Spectre or Meltdown vulnerabilities on IoT (Internet of Things) devices? What are your recommendations about encryption key management and identity management?
Andrew, Lead Developer
– I have not personally met with these issues. However, I am building a community-based Cyber security solution on top of IPFS and my platform QALB.
Anand
– Yes. Spectre or Meltdown are two different types of vulnerabilities states observed in the IoT devices at a hardware level. Spectre allows the attacker to exploit the random memory location and Meltdown allow to read the whole memory locations which means an attacker can read all the credentials and secret data stored on the processor even without leaving any evidence and logs which is quite risky and mostly ARM and AMD processors are prone to it. However, hardware-level fixes are still going on and it’s a part of R&D, and fixes are provided by the processor manufacturers to avoid these vulnerabilities.
Kapil, Security Operations
– IoT or Devices are next-level targets for adversaries so vulnerabilities management becomes more critical. 4 main pillars – Key management, IM, access (permission) management and sufficient logging and monitoring are key for any cyber program.
Mirza, Testing
– Haven’t had those, but a few years ago, in one of the companies I worked at, there was a CryptoLocker problem and the ransomware proved too much to handle so they paid what the hacker asked, and surprisingly the hacker kept their word. The company was an easy target as they didn’t invest in security at all, hope things are better now.