Presentation is loading. Please wait.

Presentation is loading. Please wait.

Conquering all phases of the attack lifecycle

Published byMorris Parsons Modified over 5 years ago

Similar presentations

Presentation on theme: "Conquering all phases of the attack lifecycle"— Presentation transcript:

1 Conquering all phases of the attack lifecycle

2 The Headlines: Damage. Damage. Damage.

3 The Technical Headlines: Penetration.

4 The Attack Lifecycle Penetration ↓ Hacking operation ↓ Breach detected
Damage Sec. Min. Hrs. Days Weeks Months Time Breach C & C Recon Spread Damage

5 The Attack Lifecycle

6 External Recon Social Networking Conferences Call Help Desk or Admin
External Scans Buy Information/Tools in Black Market

7 Breach: Penetration. Privilege escalation. Obfuscation.
Phishing & spear phishing Vulnerability exploit Social Engineering Infected USB drive Compromised credentials Autorun Process Injection Breach C & C Recon Spread Damage

8 Process Injection Evasion Reading host process memory
Running another procedure as a thread inside another process. Evasion Reading host process memory Affecting host process behavior

9 Process Injection Code injection is a great way to hide yourself. It's a great way to gain privileges to do things that might be blocked otherwise. This is part of the first step of an attack, part of the [foothold]. If we're able to identify this specific technique, we can stop the attack in the very, very early stage.

10 Command & Control Operation. Exfiltration. Legitimate HTTP
Legitimate DNS request Fust Flux TOR Facebook / Twitter / YouTube comments Domain Generation Algorithm Breach C & C Recon Spread Damage

11 Command & Control Domain generation algorithm
Regular C&C servers can be blacklisted and firewalled DGA is generating a daily domain list (1000’s of domains) Malware tries to resolve each one of those random domains. The attack (who created the algorithm) knows which domains will be generated. Once a certain C&C domain is blocked, attacker can select one of the daily generated domains, register it and continue his endeavors. Breach C & C Recon Spread Damage

12 Command & Control DGA Breach C & C Recon Spread Damage

13 Recon Scanning ARP scanning SYN scanning FYN scanning Port scanning
("half-open scanning“) FYN scanning Port scanning Breach C & C Recon Spread Damage

14 Reconnaissance Port Scanning
Services are using ports to communicate (HTTP = 80, DNS = 53, etc.) When an attacker gets a foothold on a computer, he needs to move around the organization. The attacker scans the subnet to find exposed and exploitable services on other computers and platforms. Once an open port is found, further exploitation occurs.

15 Reconnaissance Port Scanning

16 Spread Pass The Hash/Ticket Shares PSExec
Lateral movement - Legitimate tools used maliciously. Pass The Hash/Ticket Shares PSExec Breach C & C Recon Spread Damage

17 Spread PSEXEC - Legitimate tools used maliciously.
A legitimate tool by Microsoft. Commonly used by IT professionals Allows to run a process on a remote machine interactively. Attackers use that technique to spread their malware through an entire network. Breach C & C Recon Spread Damage

18 Lateral Movement --- Pass-the-ticket

19 Lateral Movement --- Pass-the-ticket

20 Damage. Business. Money. Physical.
Breach C & C Recon Spread Damage

21 The Attack Lifecycle

22 Thank you.

Download ppt "Conquering all phases of the attack lifecycle"

Similar presentations

An Analysis of Recent Cyber Attacks WADE WILLIAMSON.

An Analysis of Recent Cyber Attacks WADE WILLIAMSON.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
ECE-6612 Prof. John A. Copeland 404 894-5177 Advanced Persistent Threat Material.

ECE Prof. John A. Copeland Advanced Persistent Threat Material.
RSA Attack Analysis Karl F. Lutzen, CISSP S&T Information Security Officer.

RSA Attack Analysis Karl F. Lutzen, CISSP S&T Information Security Officer.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Advanced Persistent Threats (APT) Sasha Browning.

Advanced Persistent Threats (APT) Sasha Browning.
Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
Slammer Worm By : Varsha Gupta.P 08QR1A1216.

Slammer Worm By : Varsha Gupta.P 08QR1A1216.

Similar presentations

Ads by Google