
Security misconfigurations are mistakes in security settings that can leave an application or system vulnerable.
Description: Leaving outdated or unreliable security settings.
Example: Opened ports or services that are not used but left in the configuration.
Description: Improper configuration of servers that could lead to vulnerabilities.
Example: Incorrect settings for database servers or web servers that allow unauthorized access.
Description: Lack of proper management of accounts and access rights.
Example: Accounts with excessive privileges or with insecure passwords.
Blue Team: Use separate environments for development, testing, and production. Ensure that test environments do not have access to production data.
Red Team: Try to find URLs related to test environments or access to configuration files that may reveal data about the production environment.
Blue Team: Disable HTTP and require the use of HTTPS with up-to-date certificates.
Red Team: Check for traffic tampering (MITM) or data injection in HTTP use cases.
Blue Team: Check your SSL/TLS settings are correct, make sure only trusted protocols and ciphers are used.
Red Team: Check for SSL/TLS vulnerabilities, such as unsafe ciphers or legacy protocol support.
Blue Team: Deny root SSH access, disable password authentication in favor of SSH keys.
Red Team: Try to attack the SSH configuration, focusing on detecting root access or weak passwords.
Blue Team: Deny access to the directory listing via server settings (e.g. via .htaccess or Nginx/Apache configuration).
Red Team: Check the access to the list of directories, look for sensitive files or backups.
Blue Team: Open only those ports that are necessary for the services to work, close the database ports (for example, 5432 for PostgreSQL).
Red Team: Conduct port scans to identify open ports that can be used for attacks.
Blue Team: Change default logins and passwords immediately after system installation, disable outdated accounts.
Red Team: Use brute force attacks or lists of standard passwords to log in.
Blue Team: Disable or delete all test accounts before deploying a production system.
Red Team: Try to detect test accounts through fusing or dictionary-type attacks.
Blue Team: Enable custom error pages, disable call stack display in production environment.
Red Team: Use information from errors for further attacks, such as file paths or database names.
Blue Team: Ensure all security mechanisms remain enabled even during development. For example, require a password to use sudo.
Red Team: Try to use temporary settings that were left after testing.