Penetration Testing

Towards Improving APT Mitigation: A Case for Counter-APT Red Teaming

Abstract:

Vulnerabilities leveraged by Advanced Persistent Threats (APTs) that ultimately allow them to gain access to critical data and unveil private information are often far removed from the portions of the security environment where initial access is gained. This paper presents a defensi- ble scholarly decomposition of the red-team process itself and discusses how traditional red-team assessments may not be the most effective solution for emulating APT threats and mitigating their impacts.

In Pursuit of a Standard Penetration Testing Methodology

ABSTRACT

Penetration testing has gained great momentum commercially, but there is limited methodological research in the literature.  A methodology is important for penetration testing if it is to maintain a degree of separation between the security profession and wanton attacks.  The methodological approaches to security posture testing are explored; using tactics adopted from crackers themselves; and, look particularly at a small body of literature. The surveyed methodologies are compared and contrasted, extrapolating the major trends and features into a hybrid, and conclude with directions for future research. In general, it was found that the methodologies to converge on reconnaissance, attack and escape.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com