x/handbook
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

vault backup: 2024-08-25 21:02:08

Browse source
This commit is contained in:
Anton Nesterov 2024-08-25 21:02:08 +02:00
parent 66b56010ce
commit 15c59226f3
No known key found for this signature in database
GPG key ID: 59121E8AE2851FB5
6 changed files with 111 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
.obsidian/workspace.json vendored
View file

@ -4,16 +4,16 @@
"type": "split",
"children": [
{
"id": "f988ee96b5907f34",
"id": "b60c03005b6482a8",
"type": "tabs",
"children": [
{
"id": "44ccb9000ca67a7b",
"id": "21b5784e2023f491",
"type": "leaf",
"state": {
"type": "markdown",
"state": {
"file": "templates/legal/Non-Disclosure Agreement.md",
"file": "01 - Planning Considerations.md",
"mode": "source",
"source": false
}
@ -86,7 +86,7 @@
"state": {
"type": "backlink",
"state": {
"file": "templates/legal/Non-Disclosure Agreement.md",
"file": "01 - Planning Considerations.md",
"collapseAll": false,
"extraContext": false,
"sortOrder": "alphabetical",
@ -103,7 +103,7 @@
"state": {
"type": "outgoing-link",
"state": {
"file": "templates/legal/Non-Disclosure Agreement.md",
"file": "01 - Planning Considerations.md",
"linksCollapsed": false,
"unlinkedCollapsed": true
}
@ -126,7 +126,7 @@
"state": {
"type": "outline",
"state": {
"file": "templates/legal/Non-Disclosure Agreement.md"
"file": "01 - Planning Considerations.md"
}
}
}
@ -147,16 +147,19 @@
"command-palette:Open command palette": false
}
},
"active": "44ccb9000ca67a7b",
"active": "21b5784e2023f491",
"lastOpenFiles": [
"templates/legal/Request for Information (RFI).md",
"templates/ASSET INVENTORY.md",
"templates/RISK REGISTER.md",
"01 - Planning Considerations.md",
"templates/PENTEST REPORT TEMPLATE.md",
"templates/INCIDENT REPORT TEMPLATE.md",
"templates/legal/Non-Disclosure Agreement.md",
"templates/legal/Request for Information (RFI).md",
"templates/legal/Statement of Work.md",
"templates/REPORT TEMPLATE.md",
"templates/Untitled Diagram.svg",
"templates/METHODOLOGY.svg",
"Pasted image 20240824205517.png",
"01 - Planning Considerations.md",
"2024-08-24.md",
"Untitled.md",
"templates/legal/DPA-en.odt",

15
01 - Planning Considerations.md
View file

@ -3,17 +3,27 @@
- Identify targets of the engagement
- Identify scope and size of the engagement
- Surface area of engagement
## Objective
Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc.
Identify Protected Assets
[[ASSET INVENTORY]]
[[RISK REGISTER]]
## Compliance
Establish guidelines (or necessity) for compliance with internal and external regulations.
Example: PCI DSS
- Strictly defined surface area of engagement
[[Statement of Work]]
[[Non-Disclosure Agreement]]
[[Request for Information (RFI)]]
## Resources
1. Define budgeting requirements for the campaign.
@ -31,7 +41,8 @@ Example: PCI DSS
## Product/Report
Establish reporting guidelines
[[REPORT TEMPLATE]]
[[PENTEST REPORT TEMPLATE]]
## Technical Constraints

28
templates/ASSET INVENTORY.md Normal file
View file

@ -0,0 +1,28 @@
*Assets are classified by the sensitivity category and access level.*
| **CATEGORY** | **ACCESS** |
| --------------- | ------------------------- |
| *Restricted* | Need-to-know |
| *Confidential* | Limited to specific users |
| *Internal-only* | Users on-premises |
| *Public* | Anyone |
### Physical Assets
| | ASSET | NET ACCESS | OWNER | LOCATION | NOTES | SENSITIVITY |
| --- | ---------------- | ---------- | ------------------------------- | ------------------- | --------------------------------------------------------------------------------------------------- | ------------- |
| 1 | Network router | Continuous | Internet service provider (ISP) | On-premises | Has a 2.4 GHz and 5 GHz connection. All devices on the home network connect to the 5 GHz frequency. | Confidential |
| 2 | Desktop | Occasional | Homeowner | On-premises | Contains private information, like photos. | Restricted |
| 3 | Guest smartphone | Occasional | Friend | On and Off-premises | Connects to my home network. | Internal-only |
| 4 | | | | | | |
| 5 | | | | | | |
| 6 | | | | | | |
### Digital Assets
| | ASSET | NET ACCESS | OWNER | LOCATION | NOTES | SENSITIVITY |
| --- | --------------- | ---------- | ----------- | ------------ | --------------------- | ------------- |
| 1 | CRM Database | Countinus | Management | Azure PG | - | Confidential |
| 2 | Figma Templates | VPN | Design Team | Google Cloud | intellectula property | Internal-Only |
| 3 | | | | | | |

13
templates/INCIDENT REPORT TEMPLATE.md Normal file
View file

@ -0,0 +1,13 @@
| | |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- |
| Section 1: Identify the type of attack that may have caused this <br><br>network interruption | |
| One potential explanation for the website's connection timeout error message is:<br><br> <br><br>The logs show that: <br><br> <br><br>This event could be: | |
| |
|---|
|Section 2: Explain how the attack is causing the website to malfunction|
|When website visitors try to establish a connection with the web server, a three-way handshake occurs using the TCP protocol. Explain the three steps of the handshake:<br><br>1.<br><br> <br><br>2. <br><br> <br><br>3.<br><br> <br><br>Explain what happens when a malicious actor sends a large number of SYN packets all at once:<br><br> <br><br>Explain what the logs indicate and how that affects the server:|

0
templates/REPORT TEMPLATE.md → templates/PENTEST REPORT TEMPLATE.md
View file

44
templates/RISK REGISTER.md Normal file
View file

@ -0,0 +1,44 @@
### Operational environment:
The bank is located in a coastal area with low crime rates. Many people and systems handle the bank's data—100 on-premise employees and 20 remote employees. The customer base of the bank includes 2,000 individual accounts and 200 commercial accounts. The bank's services are marketed by a professional sports team and ten local businesses in the community. There are strict financial regulations that require the bank to secure their data and funds, like having enough cash available each day to meet Federal Reserve requirements.
| | | | | | |
|---|---|---|---|---|---|
|Asset|Risk(s)|Description|Likelihood|Severity|Priority|
|Funds|Business email compromise|An employee is tricked into sharing confidential information.||||
|Compromised user database|Customer data is poorly encrypted.||||
|Financial records leak|A database server of backed up data is publicly accessible.||||
|Theft|The bank's safe is left unlocked.||||
|Supply chain disruption|Delivery delays due to natural disasters.||||
|Notes|How are security events possible considering the risks the asset faces in its operating environment?| | | | |
Asset: The asset at risk of being harmed, damaged, or stolen.
Risk(s): A potential risk to the organization's information systems and data.
Description: A vulnerability that might lead to a security incident.
Likelihood: Score from 1-3 of the chances of a vulnerability being exploited. A 1 means there's a low likelihood, a 2 means there's a moderate likelihood, and a 3 means there's a high likelihood.
Severity: Score from 1-3 of the potential damage the threat would cause to the business. A 1 means a low severity impact, a 2 is a moderate severity impact, and a 3 is a high severity impact.
Priority: How quickly a risk should be addressed to avoid the potential incident. Use the following formula to calculate the overall score: Likelihood x Impact Severity = Risk
## Sample risk matrix
---
| | | | |
|---|---|---|---|
||Low<br><br>1|Moderate<br><br>2|Catastrophic<br><br>3|
|Certain<br><br>3|3|6|9|
|Likely<br><br>2|2|4|6|
|Rare<br><br>1|1|2|3|