Full Report
The British Special Air Service (SAS) have a motto that’s rather fitting for their line of work – Who Dares Wins To a degree, the same could be said for our newly updated Hacking by Numbers course, Combat. Penetration testing is sometimes more than following a checklist or going for the easy kill. A good penetration tester knows how to handle all thrown at them, be it a Joomla implementation, or *shudder* an OpenBSD box.
Analysis Summary
The provided article describes a penetration testing training course called "Combat Reloaded" offered by SensePost. It focuses on advanced penetration testing techniques rather than detailing specific malware, attack tool releases, or concrete Indicators of Compromise (IOCs).
Therefore, the summary will focus on the **techniques and training methodology** emphasized by the course, as this is the primary subject matter of the text.
---
# Tool/Technique: Advanced Penetration Testing Methodology (Combat Reloaded Course)
## Overview
The "Combat Reloaded" course emphasizes an advanced, creative, and non-checklist-driven approach to penetration testing, akin to Capture The Flag (CTF) challenges. It aims to equip testers with skills to handle diverse and complex targets (e.g., Joomla implementations, OpenBSD systems) by chaining low/medium vulnerabilities and exploiting logic flaws across all seven layers of the OSI model.
## Technical Details
- Type: Technique / Training Methodology
- Platform: General (Focuses on overcoming obstacles on various targets, including web applications and specialized OS environments like OpenBSD)
- Capabilities: Developing creative problem-solving skills, chaining vulnerabilities, exploiting logic flaws, multi-layer testing.
- First Seen: Article published April 2, 2014, detailing the updated course.
## MITRE ATT&CK Mapping
Since this is a summary of training focused on general advanced testing practices rather than a specific piece of malware, the relevant mapping covers the *activities* a skilled pentester performs during discovery and exploitation.
- **TA0001 - Initial Access**
- T1190 - Exploit Public-Facing Application (Implied by tackling web systems like Joomla)
- **TA0003 - Persistence**
- T1543.003 - Create or Modify System Process: Scheduled Task/Job (Often required after chaining initial entry points)
- **TA0004 - Privilege Escalation**
- T1068 - Exploitation for Privilege Escalation (Implied by need to achieve "maximum pwnage")
- **TA0002 - Execution**
- T1204.002 - User Execution: Malicious File (If vulnerabilities lead to file execution)
## Functionality
### Core Capabilities
- Handling unexpected or unusual targets beyond standard checklists (e.g., OpenBSD).
- Exploiting common platforms (e.g., Joomla) using advanced methods, not just simple checks.
- Mastering exploitation across the full seven layers of the OSI model.
### Advanced Features
- **Vulnerability Chaining:** Combining multiple low- or medium-severity flaws to achieve a high-impact outcome.
- **Logic Flaw Exploitation:** Identifying and leveraging flaws in application or system design rather than relying solely on known technical vulnerabilities (like predictable TCP sequences).
- **CTF Mindset:** Encouraging an out-of-the-box thought process over reliance on automated scripts or pre-packaged tools.
## Indicators of Compromise
This section is not applicable as the article describes a training methodology, not a live malware campaign.
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
The methodology discussed is intended for **legitimate penetration testers and ethical hackers** looking to improve advanced skills, similar to those participating in CTF competitions (like Defcon).
## Detection Methods
Detection methods listed here would apply to the *outcomes* of these advanced techniques (e.g., post-exploitation activity) rather than the initial technique application, which is deliberately non-signatured.
- Signature-based detection: Ineffective against novel logic flaw exploitation.
- Behavioral detection: Detection relies on observing chains of low-level activities that deviate from normal application/system behavior.
- YARA rules: Not applicable.
## Mitigation Strategies
Mitigation focuses on improving defensive rigor against complex multi-stage attacks.
- Prevention measures: Defensive coding practices, thorough business logic review during development, and comprehensive security architecture planning.
- Hardening recommendations: Maintaining up-to-date components (like Joomla installations) and adhering strictly to principle of least privilege.
## Related Tools/Techniques
The course philosophy relates to advanced offensive research often seen in Red Teaming and CTF circles:
- Vulnerability Chaining (General Offensive Technique)
- Red Teaming Methodologies
- Exploit Development for Non-Standard Targets