This chapter is from the book
This chapter is from the book
This chapter is from the book
Cyber Threat Intelligence
The topic of cyber threat intelligence is related to vulnerability scanning. The concept is that organizations should use intelligence gathering techniques to find out threats to their network. Part of cyber threat intelligence involves the Dark Web, which we will be examining in Chapter 17, “General Hacking Knowledge.”
The concept is to monitor trends so that you have a general idea of what threats are likely to be issues for your network. For example, if you work for a bank, there are specific threats that are problems for banks but are either not an issue or at least far less significant for a university network. Cyber threat intelligence is about understanding the current trends so you can take proactive steps. What does this have to do with penetration testing, you may ask? The best penetration testers are proactive. Not just testing for the ordinary, well-known issues such as SQL injection, but gauging the current trends, and modifying tests accordingly. There are some excellent websites that will help you with trends.
Threatcrowd.org
The website https://www.threatcrowd.org/ is a cyber threat search engine. You can search for domains, IP addresses, or specific threats. For example, in Figure 8-20, I searched for Ransomware.
)
FIGURE 8-20 Threat Crowd.
It is a good idea to search for general trends, as well as the target network’s IP address and domain(s), prior to a penetration test.
Phishtank
The website https://www.phishtank.com/ provides information on current phishing scams. This is less interesting to a penetration tester, but very interesting to a security administrator. If you are aware of current phishing scams, you can inform employees and they can be on the alert.
Internet Storm Center
The SANS Institute Internet Storm Center, https://isc.sans.edu/, allows you to search for domains, keywords, IP addresses, or other characteristics. It lets you know what “storms” are currently occurring in cyber space.
OSINT
Open source intelligence, or OSINT, is also a part of cyber threat intelligence. Beyond being aware of general trends, you may need to find information on a specific IP address, email address, or other identifying mark. The website http://osintframework.com/ is a repository of open source intelligence links. You can use this site to search email addresses, specific exploits, or other items of interest. Figure 8-21 shows the main landing page.
)
FIGURE 8-21 OSINT Framework.
