Day: Wed 15 Jun 2022

Note-to-self: PECB CLEH Collaterals

(page is updated on the go, if interesting information is collected …)

PECB

PECB CLEH info

https://pecb.com/en/education-and-certification-for-individuals/ethical-hacking

Exam preparation guides

Download Candidate’s Handbook (pecb.com)
Certified Lead Ethical Hacker Manuals – PECB Help Center (PECB X2Go Client)
Certified Lead Ethical Hacker Manuals – PECB Help Center (PECB CLEH Online Exam)
Certified Lead Ethical Hacker Manuals – PECB Help Center (CLEH Technical Requirements)

PECB X2Go client download (after login)

https://pecb.com/en/cleh

Note taking

CherryTree

https://www.giuspen.com/cherrytree/

http://giuspen.com/cherrytreemanual/

https://www.giuspen.com/cherrytree/#downl

Interesting references

Data breach reports

See: https://identityunderground.wordpress.com/interesting-links/useful-cybersecurity-data-protection-breach-reports/

Cybercrime costs

https://www.grantthornton.global/en/insights/articles/cyber-attacks-cost-global-business-over-$300bn-a-year/

ENISA threat landscape reports

Current (2021)
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021

All reports
https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/enisa-threat-landscape

Previous
https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/enisa-threat-landscape-2020
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018
https://www.enisa.europa.eu/news/enisa-news/enisa-report-the-2017-cyber-threat-landscape
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2016
https://www.enisa.europa.eu/publications/etl2015

ISO

https://ffwd2.me/FreeISO
>https://standards.iso.org/ittf/PubliclyAvailableStandards/

Freely accessible standards – online
https://www.iso.org/covid19

Free download (from: https://standards.iso.org/ittf/PubliclyAvailableStandards/)

ISO/IEC 27000:2018 EN – FR5thInformation technology — Security techniques — Information security management systems — Overview and vocabularyISO/IEC JTC 1/SC 27

https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_E.zip
https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_F.zip

ISSAF (out-dated)

https://oissggroup.com/

Lockheed Martin – Cyber Kill chain

https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Mitre

Att&ck

https://attack.mitre.org/

Engage

https://engage.mitre.org/

CVE

https://cve.mitre.org/

NIST

NIST-SP 500-291, NIST Cloud Computing Standards Roadmap

https://www.nist.gov/publications/nist-sp-500-291-nist-cloud-computing-standards-roadmap

NIST SP800 series

https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information

SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy
https://csrc.nist.gov/publications/detail/sp/800-41/rev-1/final

SP 800-82 Rev. 2

Guide to Industrial Control Systems (ICS) Security

https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final

CSF

https://www.nist.gov/cyberframework

OWASP

https://owasp.org/

https://owasp.org/www-project-top-ten/

https://owasp.org/www-project-mobile-security-testing-guide/

OSSTMM

https://www.isecom.org/

PTES (out of date)

http://www.pentest-standard.org/index.php/Main_Page

http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines

Unified Kill chain

V 2022-05-18

https://www.unifiedkillchain.com/

OSI Model

https://en.wikipedia.org/wiki/OSI_model

https://simple.wikipedia.org/wiki/TCP/IP_model

TCP/IP Port numbers

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

SANS/GIAC

Wired Equivalent Privacy Vulnerability – GIAC
https://www.giac.org/paper/gsec/624/wired-equivalent-privacy-vulnerability/101399

HTML error codes

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

The story of Error Code 418
https://www.berkeleysquares.co.uk/2021/06/html-response-code-418-why-youve-never-heard-of-it-and-never-will-again/
https://datatracker.ietf.org/doc/draft-ietf-httpbis-semantics/

Security controls framework

https://www.securecontrolsframework.com/secure-controls-framework

https://github.com/securecontrolsframework/securecontrolsframework

Tips & tricks

Book

https://book.hacktricks.xyz/welcome/readme

OCSP

https://github.com/CountablyInfinite/oscp_cheatsheet

https://guide.offsecnewbie.com/cherrytree-oscp-template

https://github.com/devzspy/oscp-certification/tree/master/Note%20Taking%20Tools/CherryTree%20Template

Tools

Pentest wiki

Pentest Wiki: https://pentestwiki.org/

Haveibeenpwnd

https://haveibeenpwned.com/
https://haveibeenpwned.com/Passwords

OSINT

https://osintframework.com/

https://github.com/jivoi/awesome-osint

https://github.com/topics/osint-tools

https://www.osintessentials.com/maps

https://hackcontrol.org/OSINT/Maps.html

Phishing – open source

https://getgophish.com/

Metasploit

https://www.metasploit.com/
https://www.metasploit.com/get-started

https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers

Exploit DB

https://www.offensive-security.com/backtrack/offensive-security-exploit-archive-online/

https://www.exploit-db.com/

Google Dorking

https://www.exploit-db.com/google-hacking-database

Rubber ducky – USB Key logger

https://shop.hak5.org/products/usb-rubber-ducky-deluxe

https://infosecwriteups.com/make-usb-rubber-ducky-with-less-than-3-fa72dac9e4de

Hack mag – Rubber Ducky

Pen testing labs

Free labs

https://www.google.com/search?q=free+pentesting+labs
https://www.hackthebox.com/
https://www.hackthissite.org/
https://www.offensive-security.com/labs/
https://www.pentesterlab.com/exercises
https://www.vulnhub.com/
https://www.root-me.org/?lang=en
https://www.hacking-lab.com/events/

Various labs

Source: https://github.com/michelbernardods/labs-pentest

-> Academy Hackaflag -BR https://academy.hackaflag.com.br
-> Try Hack Me https://tryhackme.com
-> Attack-Defense https://attackdefense.com
-> alert to win https://alf.nu/alert1
-> CTF Komodo Security https://ctf.komodosec.com
-> CMD Challenge https://cmdchallenge.com
-> Explotation Education https://exploit.education
-> Google CTF https://capturetheflag.withgoogle.com
-> HackTheBox https://www.hackthebox.eu
-> Hackthis https://www.hackthis.co.uk
-> Hacksplaining https://www.hacksplaining.com/exercises
-> Hacker101 https://ctf.hacker101.com
-> Hacker Security https://capturetheflag.com.br
-> Hacking-Lab https://www.hacking-lab.com/index.html
-> HSTRIKE https://hstrike.com
-> ImmersiveLabs https://immersivelabs.com
-> Labs Wizard Security https://labs.wizard-security.net
-> NewbieContest https://www.newbiecontest.org
-> OverTheWire http://overthewire.org
-> Practical Pentest Labs https://practicalpentestlabs.com
-> Pentestlab https://pentesterlab.com
-> Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html
-> PentestIT LAB https://lab.pentestit.ru
-> PicoCTF https://picoctf.com
-> PWNABLE https://pwnable.kr/play.php
-> Root-Me https://www.root-me.org
-> Root in Jail http://ctf.rootinjail.com
-> Shellter https://shellterlabs.com/pt
-> SANS Challenger https://www.holidayhackchallenge.com
-> SmashTheStack http://smashthestack.org/wargames.html
-> Try Hack Me https://tryhackme.com
-> The Cryptopals Crypto Challenges https://cryptopals.com
-> Vulnhub https://www.vulnhub.com
-> W3Challs https://w3challs.com
-> WeChall http://www.wechall.net
-> Zenk-Security https://www.zenk-security.com/epreuves.php

You expect a phishing test… and then the real stuff kicks in… some quick tips to block evasion techniques

I see more and more phishing exercise fatigue kicking in at my customers…

But it’s more than ever required to be vigilant for new techniques that try to circumvent the typical URL blocking and the other protection layers you put in place.

You’re the best firewall.

What is going on?

You know, these companies that first announce a #phishing test…

which go unnoticed because they are caught by the 𝐬𝐩𝐚𝐦 𝐟𝐢𝐥𝐭𝐞𝐫…

And a few weeks later you get the 𝐫𝐞𝐚𝐥 𝐬𝐭𝐮𝐟𝐟 𝐢𝐧 𝐲𝐨𝐮𝐫 𝐢𝐧𝐛𝐨𝐱 from the same company.

With ridiculous worse quality than the actual test… but still its in the inbox ready to click (DON’T!).

You assume phase 2 of the phishing test…another round, right? (you think: “yeah, right, not me.”).

Because the new mail comes with ridiculous bad quality (⚠️1) than the actual test…

Nowadays you expect smart mails from these criminals…

But still it doesn’t feel OK …you start to realize that this might the real stuff…

Checking for some more phishing indicators (⚠️)

A mail with you in bcc…. (⚠️2)

Addressed to a very strange (New-Zealand) mail address (⚠️3)

with a PDF alike icon image embedded (⚠️4)

via a google drive link (⚠️5)….

SPOILER: I crippled the link mentioned in previous screenshot to avoid any accidents…

SPOILER 2: DO NOT, EVER CLICK these links…

Still, If you can’t control your curiosity, you might peek into the link via alternative methods (see later).

The display of unrelated content, with payment instructions (⚠️6), isn’t really what you would expect.

Because if you even dare to click the links you get another link (⚠️7)… and this time the browser malware detection (Smartscreen filtering) kicks in .. at last… so I’ll stop the curiosity here…

Why is this an issue?

The main issue here is: the phishing links are pointing to well-known (like Google drive, Microsoft OneDrive, Dropbox…) for hosting malware, which usually escape or bypass the malware URL detection…

Security tips

Rule nr 1: Don’t click links in unexpected mails

Curiosity kills the cat: Please withstand the urge to click the links to satisfy your curiosity….

If you don’t expect the mail, be very cautions, don’t click the links.

Control your curiosity: test the links in isolated mode

If you can’t control your curiosity, don’t ever click the links on your main computer.

But copy the link and open it

  • in a Windows sandbox
  • virtual machines or test machine… not your production machine
  • mobile device

Use Windows Sandbox

Since Windows 10 (Pro) you can use Windows Sandbox (free), that is a virtual, isolated environment. So you can test some interesting things without damaging your production host machine.

By stopping the Sandbox, the machine forgets all settings and returns to default state, pristine.

More info: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview

Run a quarantined client in virtual machine

Use Microsoft Hyper-V (free) or Oracle Virtual box (free) and install a client OS in the virtual machine.
Snapshot the machine before the test, perform the test, return to snapshot to avoid any left overs of malware.

Run the link on a mobile phone

Less secure, but better than running malware on your most important machine, is running the link on a browser on your mobile device. There is lower risk of infection and less impact than loosing your primary working machine, although… be aware, there is still a small risk of infection even for smartphones…

Additional security measures

To permit some stupidity and protect against accidents, please make sure

  • to implement all the latest OS security updates, patch on a continuous basis
  • have an anti-malware and anti-virus that is updated continuously
  • keep the default OS security features enabled including local system firewall and malware detection
  • consider a paid antivirus subscription, it’s worth the money and keep it up to date every hour
  • get a mail protection against malware, tracking, phishing and ransomware (like Windows defender for 365) have regular backups (1 online and 1 offline) and test the restores
  • use cookie/tracking/advertisement blockers
  • use a DNS blackhole system to protect your network from accessing suspicious URLs (including tracking and phishing websites, advertisements, C&C Command and control malware domains, …)

You’re the best firewall

Don’t get caught.

Don’t be curious.

Suspect everything you don’t expect.

Don’t click the links.

And if you’re curious, keep it safe and secure.