Privilege Escalation Focused Offensive Security Training Platform
While the offensive cybersecurity training market is growing on a regular basis, the industry still lacks the focus on skills required for internal privilege escalation operations. The purpose of this project is to design and build a training system that focuses mainly on improving the escalation of...
| Published in: | 2021 International Conference on Data Science and Its Applications, ICoDSA 2021 |
|---|---|
| Main Author: | |
| Format: | Conference paper |
| Language: | English |
| Published: |
Institute of Electrical and Electronics Engineers Inc.
2021
|
| Online Access: | https://www.scopus.com/inward/record.uri?eid=2-s2.0-85123428805&doi=10.1109%2fICoDSA53588.2021.9617497&partnerID=40&md5=3806d680e700495ba2a68b2f3bbea75b |
| id |
2-s2.0-85123428805 |
|---|---|
| spelling |
2-s2.0-85123428805 Abdelrazek S.H.S.A.; Mammi H.B.K.; Din M.M. Privilege Escalation Focused Offensive Security Training Platform 2021 2021 International Conference on Data Science and Its Applications, ICoDSA 2021 10.1109/ICoDSA53588.2021.9617497 https://www.scopus.com/inward/record.uri?eid=2-s2.0-85123428805&doi=10.1109%2fICoDSA53588.2021.9617497&partnerID=40&md5=3806d680e700495ba2a68b2f3bbea75b While the offensive cybersecurity training market is growing on a regular basis, the industry still lacks the focus on skills required for internal privilege escalation operations. The purpose of this project is to design and build a training system that focuses mainly on improving the escalation of privileges skills among offensive security personnel. The project aims to ultimately fill the existent skill gap when it comes to privilege escalation techniques and methodologies. This gap can negatively impact the way organizations perceives the security status of their internal digital systems. With the 'assume compromise' approach increasingly adopted by large enterprises, this project emphasizes the importance of possessing the knowledge and skills that cyber adversaries would use in a post-compromise situation in order to develop and implement the necessary countermeasures. This project proposes a system that utilizes some of the latest containerization and virtualization technologies to design and build portable and highly scalable training exercises inspired by real-world privilege escalation scenarios. The development process of the system proposed in this project will follow the Iterative and Incremental Development (IID) software development methodology. The IID methodology will divide the system into multiple increments that are developed and integrated over multiple iterations. In conclusion, this project is believed to be of a noticeable contribution to the offensive cybersecurity training industry which might open the doors to more sophisticated contributions and improvements. © 2021 IEEE. Institute of Electrical and Electronics Engineers Inc. English Conference paper |
| author |
Abdelrazek S.H.S.A.; Mammi H.B.K.; Din M.M. |
| spellingShingle |
Abdelrazek S.H.S.A.; Mammi H.B.K.; Din M.M. Privilege Escalation Focused Offensive Security Training Platform |
| author_facet |
Abdelrazek S.H.S.A.; Mammi H.B.K.; Din M.M. |
| author_sort |
Abdelrazek S.H.S.A.; Mammi H.B.K.; Din M.M. |
| title |
Privilege Escalation Focused Offensive Security Training Platform |
| title_short |
Privilege Escalation Focused Offensive Security Training Platform |
| title_full |
Privilege Escalation Focused Offensive Security Training Platform |
| title_fullStr |
Privilege Escalation Focused Offensive Security Training Platform |
| title_full_unstemmed |
Privilege Escalation Focused Offensive Security Training Platform |
| title_sort |
Privilege Escalation Focused Offensive Security Training Platform |
| publishDate |
2021 |
| container_title |
2021 International Conference on Data Science and Its Applications, ICoDSA 2021 |
| container_volume |
|
| container_issue |
|
| doi_str_mv |
10.1109/ICoDSA53588.2021.9617497 |
| url |
https://www.scopus.com/inward/record.uri?eid=2-s2.0-85123428805&doi=10.1109%2fICoDSA53588.2021.9617497&partnerID=40&md5=3806d680e700495ba2a68b2f3bbea75b |
| description |
While the offensive cybersecurity training market is growing on a regular basis, the industry still lacks the focus on skills required for internal privilege escalation operations. The purpose of this project is to design and build a training system that focuses mainly on improving the escalation of privileges skills among offensive security personnel. The project aims to ultimately fill the existent skill gap when it comes to privilege escalation techniques and methodologies. This gap can negatively impact the way organizations perceives the security status of their internal digital systems. With the 'assume compromise' approach increasingly adopted by large enterprises, this project emphasizes the importance of possessing the knowledge and skills that cyber adversaries would use in a post-compromise situation in order to develop and implement the necessary countermeasures. This project proposes a system that utilizes some of the latest containerization and virtualization technologies to design and build portable and highly scalable training exercises inspired by real-world privilege escalation scenarios. The development process of the system proposed in this project will follow the Iterative and Incremental Development (IID) software development methodology. The IID methodology will divide the system into multiple increments that are developed and integrated over multiple iterations. In conclusion, this project is believed to be of a noticeable contribution to the offensive cybersecurity training industry which might open the doors to more sophisticated contributions and improvements. © 2021 IEEE. |
| publisher |
Institute of Electrical and Electronics Engineers Inc. |
| issn |
|
| language |
English |
| format |
Conference paper |
| accesstype |
|
| record_format |
scopus |
| collection |
Scopus |
| _version_ |
1809677894781239296 |