The Slides cover :
Offensive Attack landscape: Analyzing Data from Deep dark and Surface web
Tools, Techniques & Trends related to Offensive Attack Simulation: Attack Surface Management (ASM), Continuous Automated Red Teaming (CART) & More
How CART (Continuous Automated Red Teaming) can help
4. Top Industry Challenges
• Shadow IT & Incomplete Asset Inventory
• Testing partial assets - we miss shadow IT, Preprods etc
• Misconfigurations
• Testing “some times” vs “continuous attacks”
• Security Testing Gen 1 is report based …. Gen 2 should be
continuous & alert based ( Think SOC evolution)
5. Database Exposure
• # of open databases (Mysql, Mongo, ES,
Redis): 500K
• # Sample Size of Data Exposed: ~ 20 TB
6. Code Leaks
• Sample Enterprise Code Leaks: 12K +
• 15% of cases internal employees
leaked credentials, keys and sensitive
information such as private keys, AD
passwords, mail server passwords,
even Pay slips.
• CI/CD tools such as Jenkins, GoCD
etc. leads to exposed code and
remote code execution.
6
8. Open Cloud Resources
• +10K public Elastic Block Store (EBS) snapshots from 3,213 accounts.
• +400 public Relational Database Service (RDS) snapshots from 200+
accounts.
• +700K public Amazon Machine Images (AMIs) from +20K accounts.
• +16K public IPs of exposed AWS managed ElasticSearch clusters that could
have their contents stolen or data possibly deleted - this means 17% of
AWS-managed ElasticSearch servers with public IPs were misconfigured.
• More than 500 Million AWS Buckets Indexed hosting Terabytes of Data.
9. Exposed Network Services
• 80% of large organisations has
• Multiple exposed UAT servers
• Vulnerable WordPress/Zoomla
• Telnet/FTP
• Open vulnerable routers
• 30% of organizations had
• Open LDAP
• Open RDP
• Open SMB/RPC
10. Leaked Passwords
• Number of Leaked passwords reached 6.7 Billion by end of Jan 2019
• 40%+ of Organizations could be breached just using leaked passwords
• Found 5+ common password patterns for every major organisation.
12. Red Team Landscape
Point-in-Time Assessment
SimulatedAttacks
Red Team
Landscape
Breach & Attack
Simulation
Continuous Automated
Red Teaming
Cyber Ranges
Pen Testing
Red Team Services
Bug Bounty Programs
Point-in-Time Assessment
Continuous Testing
SimulatedAttacks
RealWorldAttacks
Credits: Gartner
13. Blue Team Landscape
InternalAssets
Blue Team
Landscape
SimulatedAttacks
Asset Management
Attack Surface
Management
VA - Vulnerability
Assessment
Vulnerability App
Assessment Scanners
DRP - Digital Footprinting
Security Rating Services
More Depth
More Breadth
InternalAssets
ExternalAssets
Credits: Gartner
16. Attack Surface Management ( ASM )
• Specialized internet wide monitoring to discover
• Exposed Attack Surface
• Orphaned DB, Pre-prod systems
• Shadow IT
• Key Use Cases
• Asset Inventory
• Vulnerability Management
• Shadow IT Discovery
17. Continuous Automated Red Teaming
• Moving from Point in time Red Teaming to continuous discovery of
attack surface and continuous attacks
• Attackers are attacking all the assets all of the time vs Organizations testing
some assets some of the time
• Use Cases
• Vulnerability and Risk Management
• Security control validation
• Ransomware attack surface discovery
• Nation state actor and other adversary simulation
18. Purple Teaming Adoption
• Red and Blue Teams collaboratively improving security posture
• Use Cases
• Security control gap detection
• Security control improvement
19. Hybrid = Man + Machine
Effective combination of Automation / AI and manual augmentation
21. FireCompass - Continuous Automated Red Teaming
(CART) & Attack Surface Management (ASM)
Index
- Fast Internet based recon on 3
Billion+ IPs using headless browser
- Deep, Dark and Surface web OSINT
data collection
- Intel collection from 3rd party
sources like Shodan, Threat Intel,
Honeypot feeds etc..
-Indexing using proprietary
FireCompass Big Data Platform
Discover
Attack
Prioritize
- Use AI and ML algorithms to
Attribute all your digital assets and
near real time view of your Digital
Attack Surface
- Misconfigured DB servers/ S3 cloud
buckets
- Code leaks, leaked credentials
- Vulnerabilities - Internet
infrastructure, Web apps, Mobile apps
- Exposed pre-prod systems
- Exposed services like APIs, FTP
Servers, Open Ports
- Conduct Port Scanning & Network
VA
- Conduct DAST and OWASP Top 10
attacks on web based applications
- Conduct DAST, SAST and IAST
attacks on Mobile applications
- Active Social Engineering attacks
- Multi-Stage attacks to find out
possible Attack paths
--Continuous Monitoring & Alerts to
detect changes in your Attack surface
and new risks
- Identify, Analyze and prioritize digital
risks