SBN

MITRE ATT&CK vulnerability spotlight: Brute force

Introduction

The MITRE ATT&CK matrix is a tool developed by MITRE, a U.S. government federally-funded research and development center (FFRDC). It is designed to help with formalizing the development of cyber defenses and performing penetration testing by breaking down the attack life cycle into discrete stages and describing the methods by which each stage can be accomplished.

What are credential brute force attacks?

MITRE’s ATT&CK matrix describes several different stages in the attack life cycle, including credential access, where an attacker tries to steal credentials to access a system or elevate privileges. Brute-force attacks are one method of accomplishing this stage of the attack.

A brute-force attack involves taking a “guess and check” approach to determining a password. The attacker has some means of determining if a password is correct or incorrect and tries different options until they find one that works.

Password-guessing attacks fall into three main categories:

  • Brute force: Try all combinations of allowable characters for a password until the correct one is found
  • Dictionary: Work through a list of common or likely passwords to take advantage of weak password use
  • Hybrid: Start with a dictionary attack and then move on to a brute-force attack if it fails

Different approaches to password guessing have their own pros and cons. A brute-force attack is guaranteed to find a solution, while a dictionary attack is only as good as its dictionary. On the flip side, dictionary attacks are much faster at finding common passwords than brute-force ones. As a result, most attacks are hybrid attacks, going for the low-hanging fruit first before moving on to grind through stronger passwords.

Brute-force attacks against credentials can be performed in a couple of different ways. They can be performed offline (using stolen hashes) or online (against a live authentication system).

Offline attacks

(Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/hg82HYGMSkQ/