Investigating the Ecosystem of Offensive Information Security Tools

TL;DR

This paper explores the ecosystem of offensive cybersecurity tools, categorizing and comparing them to understand their roles, availability, and gaps across different attack phases.

Contribution

It provides a comprehensive categorization and comparison of offensive security tools, highlighting their distribution and identifying gaps in tools for post-breach phases.

Findings

Well-established tools exist for initial attack phases

Fewer tools are available for post-breach activities

Tools vary in maintainability and usability

Abstract

The internet landscape is growing and at the same time becoming more heterogeneous. Services are performed via computers and networks, critical data is stored digitally. This enables freedom for the user, and flexibility for operators. Data is easier to manage and distribute. However, every device connected to a network is potentially susceptible to cyber attacks. Security solutions, such as antivirus software or firewalls, are widely established. However, certain types of attacks cannot be prevented with defensive measures alone. Offensive security describes the practice of security professionals using methods and tools of cyber criminals. This allows them to find vulnerabilities before they become the point of entry in a real attack. Furthermore, following the methods of cyber criminals enables security professionals to adapt to a criminal's point of view and potentially discover attack angles formerly ignored. As cyber criminals often employ freely available security tools, having knowledge about these provides additional insight for professionals. This work categorises and compares tools regarding metrics concerning maintainability, usability and technical details. Generally, several well-established tools are available for the first phases, while phases after the initial breach lack a variety of tools.