Friday, March 2, 2018

Attack analyzing

Image associée

 Attack analyzing stage 


Benefiting enumerated information to specify the attack surface and going through a full feasibility study to decide if the resources including information and time required to execute the attack are in hand and serve the main attack purpose. 

Analyzing and understanding the meaning behind the collected information is essential to be able to move on to execution stage. The main purpose of analyzing stage is to:  
  •  Specify attack surface: figuring what are possible scenarios to execute the attack and compromise the application
  •  Specify the feasibility of each scenario from resource and time point of view 


Attack analyzing – Specify attack surface 

With lot of information attacker should know exactly where to begin from, the experience is essential in this level and can save lot of time. The number of attack points can be very big, so the following is a good practical check list to begin from to extract the attack scenarios list:

  •  Client side validation: a fast and good place to begin from is specifying if the input validation is done on client, server or both sides.an easy entry might be related to a client side only input validation
  • Search collected information for any sign of possible SQL injection, Database issue, root database account or any code or discovered comment that might give partial or full access to the database.
  •  Available upload or download functionalities with path traversal vulnerability that give the ability to benefit relative path that use double dots ( ..\ ) to enable manipulation files or folders outside the root directory by manipulating the parameters. 
  •  Check for ability to display user supplied data cross site scripting or possibility of injecting or storing a cross site scripting on uploading a file or open editors. 
  • Check ability to use invalidated parameters pushed to pages that do redirects to check Invalidated Redirects and Forwards or dynamic redirects.
  •  Login issues and possibility of using brute force attack: any hints found about passwords or comments about user name can be added to attack dictionary which might minimize effort and time needed to break in. 
  •  Isolate available information that might help in escalate privileges like cookies and session state information. 
  •  Using collected info try to identify non encrypted communication channels 
  •  Identify interfaces to external system it might represent an information leakage point
  • Analyze all generated error message for information leakage. 
  •  Identify any pages that interact with mail server to try command or email injection 
  •  Identify the usage of native code that might be a potential vulnerability for buffer over flow.
  •  Identify any known structure , folder names , themes from known third party application which can open the door to search for known vulnerabilities
  • Identify common vulnerability in the used web server.   
For web application security. You can benefit from many available tools to help to scan the application and give a good initial picture about the attack surface.

Attack analyzing – feasibility & priority 

At the end of this stage the attacker should have a list of possible attack scenarios with priority for each attack type. The resulted priority is guided by the complexity, purpose of attack and extra needed information. Attacker should create a list of possible attacks along with estimated requested resources then to specify priority.

Factors that affect prioritization can be related to the purpose or to needed resources. Attacker can use a prioritization table that reassemble to the following: 

Weights given to each factor might differ depending on the importance of each factor to the attacker but a rough estimation can be generated by average of factors estimated as percentage. 

   














0 comments: