Threat modeling for Penetration Testers Kali Linux

The passive and active reconnaissance phases map the target network and system and identify vulnerabilities that may be exploitable to achieve the attacker's objective. During this stage of the attacker's kill chain, there is a strong bias for action—testers want to immediately launch exploits and demonstrate that they can compromise the target. However, an unplanned attack may not be the most effective means of achieving the object, and it may sacrifice the stealth that is needed to achieve the objective of the attack. 

See Also:

Open Source Network and System Security Tools

Identifying the Target Passive Reconnaissance in Kali Linux

Linux System Administrators Acknowledgements (Types of attacks on Linux Server)

Penetration testers have adopted (formally or informally) a process known as threat modeling, which was originally developed by network planners to develop defensive countermeasures against an attack.

Penetration testers and attackers have turned the defensive threat modeling methodology on its head to improve the success of an attack. Offensive threat modeling is a formal approach that combines the results of reconnaissance and research to develop an attack strategy. An attacker has to consider the available

targets and identify the type of targets listed as follows: 

• Primary targets: These targets when compromised, these targets will immediately support the objective.

• Secondary targets: These targets may provide information (security controls, password and logging policies, and local and domain administrator names and passwords) to support an attack or allow access to a primary target.

• Tertiary targets: These targets may be unrelated to the testing or attack objective, but are relatively easy to compromise and may provide information or a distraction from the actual attack.

For each target type, the tester has to determine the approach to be used. A single vulnerability can be attacked using stealth techniques or multiple targets can be  attacked using a volume of attacks in order to rapidly exploit a target. If a large-scale attack is implemented, the noise in the defender's control devices will frequently cause them to minimize logging on the router and firewall or even fully disable them. 

The approach to be used will guide the selection of the exploit. Generally, attackers

follow an attack tree methodology when creating a threat model, as shown in this video:

 The attack tree approach allows the tester to easily visualize the attack options that are available and the alternative options that can be employed if a selected attack is not successful. Once an attack tree has been generated, the next step of the exploit phase is to identify the exploits that may be used to compromise vulnerabilities in the target.