25 Sep, 2024

#threat #actors #cybersecurity #offsec #TH-200

Understanding Threat Actors: Insights from OffSec TH-200 Course module 2 section 1

In OffSec TH-200 Module 2, Section 1, key cybersecurity threat actors are explored, including cybercriminals like script kiddies, hacktivists, and ransomware groups, as well as sophisticated APTs and insider threats. Each group possesses distinct motivations and impacts on organizations, necessitating robust defense strategies.

Preston Zen

prestonzen.com

Understanding Threat Actors: Insights from OffSec TH-200 Course module 2 section 1

As I continue my journey through the OffSec TH-200 course, I’ve now reached Module 2, Section 1, which delves into some critical areas of cybersecurity: threat actors, ransomware groups, and an introduction to Advanced Persistent Threats (APTs). Given the depth of this module, I’ll be breaking down my learnings into smaller, more digestible parts to ensure a clear understanding.

In today’s digital landscape, organizations are constantly under threat from a variety of actors, each with unique motivations, objectives, and skill levels. These range from hobbyist attackers testing the waters to sophisticated, government-backed cyber operations. The consequences of failing to defend against these attacks can be severe, with potential damage to an organization’s reputation, financial losses, and legal implications.

Types of Threat Actors

Threat actors in cybersecurity can broadly be classified into three categories:

Cybercriminals
Advanced Persistent Threats (APTs)
Insider Threats

Threat Hunting Concepts and Practices - Insights from OffSec TH-200 Course module 1

Threat Hunting Concepts and Practices - Insights from OffSec TH-200 Course module 1

The Offsec TH-200 course's Module 1 covers threat hunting in cybersecurity, focusing on proactive detection of threats as opposed to reactive SOC alerts. Threat hunting is categorized into in-house teams and third-party services, which enhance security by offering various detection solutions. The Threat Hunting Maturity Model outlines five levels of implementation based on data collection and analysis sophistication. Effective threat hunting consists of triggering a hypothesis, investigating, and resolving threats.

Offsec - CyberSploit1 - Apr 20th 2023

Offsec - CyberSploit1 - Apr 20th 2023

The author scanned the target IP address using Nmap and found open ports for SSH and HTTP. They discovered a base64 encoded string and decoded it, which led them to a YouTube channel named 'cybersploit'. They also found a username and password for SSH and accessed the system. After finding a flag file, they discovered the OS version and checked for local exploits. They downloaded a C exploit and compiled it to gain root access.

Web-300 - Exam 3 - June 23 2024

Web-300 - Exam 3 - June 23 2024

The text provides connection information and instructions for two target machines. The goal is to bypass authentication and gain remote code execution. The tasks include identifying vulnerabilities, providing screenshots, and scripting exploits. Failure to follow instructions may result in zero points. The target machines are exact copies of debugging machines.

Offsec - Clue

The reconnaissance phase involved scanning the target IP address using Nmap, which revealed open ports and services. Further investigation focused on the web server and port 3000, which indicated the presence of a web application. Directory discovery techniques were used, including Dirbuster and Gobuster, which uncovered some directories with content. A remote file read exploit was found for Cassandra Web, allowing access to sensitive files. Passwords were revealed, but attempts to log in via SSH were unsuccessful. The Freeswitch service was also explored, but no successful exploits were found. Finally, using Samba, read permissions were obtained for backups, allowing access to archives of Cassandra and Freeswitch. The password for Freeswitch was obtained from a configuration file, but no further access was gained. Overall, the reconnaissance phase involved thorough scanning and exploitation of various services.

Offsec - Sumo - Jun 15th 2023

Offsec - Sumo - Jun 15th 2023

Scanning for targets on subnet using Nmap and HTTP enumeration tools such as gobuster and dirbuster to find open ports and directories. Discovered an open SSH port and an Apache HTTP server. Detected Linux OS. Used dirbuster to search for directories and found a CGI vulnerability called shellshock. Confirmed vulnerability with nikto.

DEL