Linux Security Basics

Cover Image for Linux Security Basics
Ryan
Ryan

What you should learn

This guide is designed to teach you the basics of Linux security. It is not intended to teach you how to hack or break into systems. It is intended to teach you how to secure your systems. For your learning it is recommended that you use a Kali Linux VM. You can download Kali Linux from here. You can also use a VM of your choice, but Kali Linux is recommended.

Learning References:

You can use this short guide as a starting point, or checklist to navigate your study into the world of Linux security. A solid understating of the following concepts will help on your journey to an amazing penetrating testing career.

Prerequisites

Basic knowledge of computers, CompTIA A+ Core 1, CompTIA A+ Core 2, you don't need the certification, research the topics covered in the books and have a basic understanding. Networking in general.

Linux Basics

Introducing beginners with the various concepts and command and or tools that are required to interact with various services and applications in the Linux ecosystem. Checkout this short tutorial here, and An Introduction to Linux Basics

Reconnaissance

Before attacking any application or service, you need to gather as much information as possible. The more information you have, the easier it will be to identify any misconfigurations and or vulnerabilities. Reconnaissance is the process of enumerating web applications and various network services, such as DNS, web servers, databases, caching systems, etc. Using the information acquired, the attack vector and entry points can be identified, and then used in the exploitation phase.

Exploitation

The exploitation phase provides access to a system or resource by using a vulnerability or bypassing a security restriction. Searching for exploits based on the information acquired in the reconnaissance phase, and use them to compromise the application or service. Once you have compromised a machine, you can attack other machines on the same network which may not be exposed to the internet.

Post-exploitation

A compromised system may contain sensitive data, access keys, credentials etc. You can use this information to compromise other machines on the same network. You can also turn the compromised machine into a zombie computer and use it to perform attacks on other machines. Start by looking for sensitive information on a machine, crack password protected files and perform the lateral movement within the network environment.

Privilege Escalation

Services may be running as a non-root user. To gain full control of a system, it's important to escalate privileges from a user with low privileges to the root user (vertical escalation). It's not always possible to escalate from the current user to the root user, sometimes other users on the machine must be compromised (horizontal escalation), and then escalate to root.

Pivoting

Firewalls, hard to attack them directly. Sometimes there is a vulnerable machine exposed to the internet which is also connected to the internal network. You can pivot from the compromised machine, and then attack other machines on the internal network.

Maintaining Access

Maintaining access to a compromised machine (Persistence), is vitally important, as the machine can be used for additional attacks, or to linger in the targeted system until you find valuable information or data, and then extract it from the compromised system.

MITRE ATT&CK

Mitre ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a framework developed by Mitre corporation. Consisting of threat tactics and techniques from real-world attacks. With the Mitre ATT&CK framework, attacks can be broken down into various categories and compared. Often this framework can also be used to design attack vectors for a specific target. Getting Started

Exploit Research

Now that you have some information from the reconnaissance or post-exploitation phase, a public exploit may not be available to compromise the machine, You will have to write your own exploit. Focus on the following topics:

SEC660: Exploit Research and Advanced Penetration Testing