Defense by offense: simulating attacks to promote strong organizational security policies

Detalhes bibliográficos
Autor(a) principal: Caseiro, Bruno Jorge Silva
Data de Publicação: 2022
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10773/34993
Resumo: Cyber crime is continuously growing in current times due to the constant digitization of everyday activities. Recently, after the world was hit with the COVID-19 pandemic, this effect was even more noticeable. With more digital activity, cyber crime has a tendency to also increase. The simulation of adversaries as a testing tool is one of the most important instruments when evaluating an organization’s security. Penetration tests are not enough, as attackers resort to many other methods such as social engineering and its techniques (phishing, impersonation, tailgating, etc.). By simulating a full scale attack with minimal restrictions, "red teaming" is introduced. There was an attempt to perform a red team assessment to the University of Aveiro in order to evaluate, test and improve the security policies of the organization. However, due to legal and bureaucratic restrictions related mostly to data protection policies and other privacy measures, the plan was cut short to merely the planning of the red team. The TIBER-EU Framework was also introduced, representing the state of the art guidelines to red teaming in Europe. This framework was followed during the planning of the assessment, which allowed me, the author of this thesis and also the emulated red team, to find a couple of flaws in the University’s security by executing brief threat intelligence analysis sessions.
id RCAP_dfd3149477a2a8751b692872b0cb551f
oai_identifier_str oai:ria.ua.pt:10773/34993
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Defense by offense: simulating attacks to promote strong organizational security policiesRed teamPenetration testingSocial engineeringPhysical hackingPhysical pentestingTIBER-EUCyber crime is continuously growing in current times due to the constant digitization of everyday activities. Recently, after the world was hit with the COVID-19 pandemic, this effect was even more noticeable. With more digital activity, cyber crime has a tendency to also increase. The simulation of adversaries as a testing tool is one of the most important instruments when evaluating an organization’s security. Penetration tests are not enough, as attackers resort to many other methods such as social engineering and its techniques (phishing, impersonation, tailgating, etc.). By simulating a full scale attack with minimal restrictions, "red teaming" is introduced. There was an attempt to perform a red team assessment to the University of Aveiro in order to evaluate, test and improve the security policies of the organization. However, due to legal and bureaucratic restrictions related mostly to data protection policies and other privacy measures, the plan was cut short to merely the planning of the red team. The TIBER-EU Framework was also introduced, representing the state of the art guidelines to red teaming in Europe. This framework was followed during the planning of the assessment, which allowed me, the author of this thesis and also the emulated red team, to find a couple of flaws in the University’s security by executing brief threat intelligence analysis sessions.O cibercrime está continuamente a crescer nos tempos atuais devido à constante digitalização das atividades do quotidiano. Recentemente, após a pandemia de COVID-19 ter atingido o planeta, este efeito foi ainda mais acentuado. Com mais atividade digital, o cibercrime tem também uma tendência a aumentar. A simulação de adversário como ferramenta de testagem é um dos instrumentos mais importantes quando se avalia a segurança de uma organização. Testes de intrusão não são suficientes, pois os atacantes recorrem a muitos outros métodos como à engenharia social e às respetivas técnicas (phishing, personificação, tailgating, etc.). O conceito "red teaming" é introduzido através da simulação de um ataque de larga escala com restrições mínimas. Nesta dissertação houve uma tentativa de executar um teste de red team à Universidade de Aveiro com o objetivo de avaliar, testar e melhorar as políticas de segurança da organização. No entanto, devido a restrições legais e bureocráticas relacionadas maioritariamente com políticas de proteção de dados e outras medidas a favor da privacidade, o plano inicial ficou apenas pelo planeamento de um teste red team. O TIBER-EU Framework foi também introduzido, contendo as normas consideradas como estado da arte no que toca a red teaming na Europa. Estas diretrizes foram seguidas durante o planeamento do teste, o que me permitiu, como autor da dissertação e único membro da red team simulada, encontrar algumas falhas de segurança na Universidade através de breves sessões de análise de threat intelligence.2022-10-26T08:43:25Z2022-07-19T00:00:00Z2022-07-19info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/34993engCaseiro, Bruno Jorge Silvainfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-02-22T12:07:30Zoai:ria.ua.pt:10773/34993Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T03:06:10.516944Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Defense by offense: simulating attacks to promote strong organizational security policies
title Defense by offense: simulating attacks to promote strong organizational security policies
spellingShingle Defense by offense: simulating attacks to promote strong organizational security policies
Caseiro, Bruno Jorge Silva
Red team
Penetration testing
Social engineering
Physical hacking
Physical pentesting
TIBER-EU
title_short Defense by offense: simulating attacks to promote strong organizational security policies
title_full Defense by offense: simulating attacks to promote strong organizational security policies
title_fullStr Defense by offense: simulating attacks to promote strong organizational security policies
title_full_unstemmed Defense by offense: simulating attacks to promote strong organizational security policies
title_sort Defense by offense: simulating attacks to promote strong organizational security policies
author Caseiro, Bruno Jorge Silva
author_facet Caseiro, Bruno Jorge Silva
author_role author
dc.contributor.author.fl_str_mv Caseiro, Bruno Jorge Silva
dc.subject.por.fl_str_mv Red team
Penetration testing
Social engineering
Physical hacking
Physical pentesting
TIBER-EU
topic Red team
Penetration testing
Social engineering
Physical hacking
Physical pentesting
TIBER-EU
description Cyber crime is continuously growing in current times due to the constant digitization of everyday activities. Recently, after the world was hit with the COVID-19 pandemic, this effect was even more noticeable. With more digital activity, cyber crime has a tendency to also increase. The simulation of adversaries as a testing tool is one of the most important instruments when evaluating an organization’s security. Penetration tests are not enough, as attackers resort to many other methods such as social engineering and its techniques (phishing, impersonation, tailgating, etc.). By simulating a full scale attack with minimal restrictions, "red teaming" is introduced. There was an attempt to perform a red team assessment to the University of Aveiro in order to evaluate, test and improve the security policies of the organization. However, due to legal and bureaucratic restrictions related mostly to data protection policies and other privacy measures, the plan was cut short to merely the planning of the red team. The TIBER-EU Framework was also introduced, representing the state of the art guidelines to red teaming in Europe. This framework was followed during the planning of the assessment, which allowed me, the author of this thesis and also the emulated red team, to find a couple of flaws in the University’s security by executing brief threat intelligence analysis sessions.
publishDate 2022
dc.date.none.fl_str_mv 2022-10-26T08:43:25Z
2022-07-19T00:00:00Z
2022-07-19
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10773/34993
url http://hdl.handle.net/10773/34993
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799137716587200512

Registros relacionados