Threat modeling for Penetration Testers Kali Linux

The passive and active reconnaissance phases map the target network and system and identify vulnerabilities that may be exploitable to achieve the attacker's objective. During this stage of the attacker's kill chain, there is a strong bias for action—testers want to immediately launch exploits and demonstrate that they can compromise the target. However, an unplanned attack may not be the most effective means of achieving the object, and it may sacrifice the stealth that is needed to achieve the objective of the attack. 

See Also:

Open Source Network and System Security Tools

Identifying the Target Passive Reconnaissance in Kali Linux

Linux System Administrators Acknowledgements (Types of attacks on Linux Server)

Penetration testers have adopted (formally or informally) a process known as threat modeling, which was originally developed by network planners to develop defensive countermeasures against an attack.

Penetration testers and attackers have turned the defensive threat modeling methodology on its head to improve the success of an attack. Offensive threat modeling is a formal approach that combines the results of reconnaissance and research to develop an attack strategy. An attacker has to consider the available

targets and identify the type of targets listed as follows: 

• Primary targets: These targets when compromised, these targets will immediately support the objective.

• Secondary targets: These targets may provide information (security controls, password and logging policies, and local and domain administrator names and passwords) to support an attack or allow access to a primary target.

• Tertiary targets: These targets may be unrelated to the testing or attack objective, but are relatively easy to compromise and may provide information or a distraction from the actual attack.

For each target type, the tester has to determine the approach to be used. A single vulnerability can be attacked using stealth techniques or multiple targets can be  attacked using a volume of attacks in order to rapidly exploit a target. If a large-scale attack is implemented, the noise in the defender's control devices will frequently cause them to minimize logging on the router and firewall or even fully disable them. 

The approach to be used will guide the selection of the exploit. Generally, attackers

follow an attack tree methodology when creating a threat model, as shown in this video:

 The attack tree approach allows the tester to easily visualize the attack options that are available and the alternative options that can be employed if a selected attack is not successful. Once an attack tree has been generated, the next step of the exploit phase is to identify the exploits that may be used to compromise vulnerabilities in the target.

Debian System Startup and shutdown / Run Levels

The proper startup and shutdown of services required for a system to function and fulfill its purpose is central to its management. While Unix init scripts (also known as System V or SysV scripts, due to their origin in Unix System V) have a long history and are in one form or another, common to all Unix and Linux systems, the way in which they are managed, sequenced, enabled, disabled, and the preferred script format often differs somewhat between distributions. The primary areas to be aware of for Debian startup and shutdown scripts include the purpose of run levels, dependency-based

sequencing, and utilities available for administering the boot sequence.

See also:

Run Levels in RedHat Enterprise Linux

Debian run levels

In Debian, as in nearly all Unix/Linux operating systems, run levels from 0 through 6 are available, defined as follows:

• 0: System Halt

• 1: Single User (maintenance)

• 2 to 5: Multi-User Modes

• 6: System Reboot  

Note that run levels 2 through 5 are identical in Debian. This is unlike some other

distributions, such as RedHat, Fedora, SuSE, or OpenSuSE, which give specific

purposes to some of these run levels. For example, run level 2 in these distributions

is often defined as one without network support, 3 with networking, 4 with file

sharing, and 5 includes a display manager which isn't active in the other run levels.

In most Debian systems, there is no difference between the multiuser run levels, and

all of the init scripts default to active in levels 2 through 5. This doesn't mean you

can't define your own purposes for different run levels. However, if you do choose

to do this, do not manually edit the various links to init scripts in the run level

directories. The update-rc.d command should be used instead. The reason for this

is that Debian now defaults to dependency based boot sequencing.

Displaying Memory Usage Information With “free” Command

Memory Usage Information With “free” Command

The free utility displays the amount of physical (RAM) and swap memory in the local system. It displays columns for total, used, and free memory as well as for kernel buffers. The column labeled shared is obsolete. This utility is not available under macOS; vm_stat performs a similar function.

In the following example, the –m option causes free to display memory sizes in megabytes and the –t option adds the line labeled Total to the end of the output. You can cause free to display memory sizes in gigabytes (–g), megabytes (–m), kilobytes   (–k; the default), or bytes (–b).

$ free -mt      total                used                free                 shared            buffers        cached

Mem:             2013                748                  1264                0                      110              383

-/+ buffers/cache:                 254                  1759

Swap:                                    2044                0                      2044

Total:             4058                748                  3309

 

 One of the ways Linux takes advantage of free memory is to allocate memory it is not otherwise using to buffers and cache. Thus, the value on the Mem line in the free column will be small and is not representative of the total available memory when the kernel is working properly. As the kernel needs more memory, it reallocates memory it had allocated to buffers and cache.

The –/+ buffers/cache line gives values assuming memory used for buffers and cache is free memory. The value in the used column on this line assumes buffers and cache (110 + 383 = 493 on the Mem line) are freed; thus, the value in the used column is 254 (~748 – 493) while the value in the free column value increases to 1759

(~1,264 + 493). Unlike the value in the free column on the Mem line, as the value in the free column on the –/+ buffers/cache line approaches zero, the system is truly running out of memory.

The Swap line displays the total, used, and free amounts of swap space.