SlideShare a Scribd company logo

Cyber Attack Lifecycle

S
Shannon Sevor

Cyber attacks might be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer's data and perhaps gain admin privileges on it. There are a variety of techniques attackers use to achieve those goals, including:

Technology
1 of 22
Download to read offline
Total Endpoint Protection: #1 in EDR & Next-Gen AV The Attack Lifecycle Conquering all phases of the attack lifecycle
Total Endpoint Protection: #1 in EDR & Next-Gen AV The Headlines: Damage. Damage. Damage.
Total Endpoint Protection: #1 in EDR & Next-Gen AV The Technical Headlines: Penetration.
Total Endpoint Protection: #1 in EDR & Next-Gen AV Sec. Min. Hrs. Days Weeks Months Damage Time Penetration ↓ Hacking operation ↓ Breach detected ↓ SpreadRecon DamageC & CBreach The Attack (Full) Lifecycle
Total Endpoint Protection: #1 in EDR & Next-Gen AV The Attack Lifecycle
Total Endpoint Protection: #1 in EDR & Next-Gen AV External Recon o Social Networking o Conferences o Call Help Desk or Admin o External Scans o Buy Information/Tools in Black Market
Total Endpoint Protection: #1 in EDR & Next-Gen AV Breach: Penetration. Privilege escalation. Obfuscation. o Phishing & spear phishing o Vulnerability exploit o Social Engineering o Infected USB drive o Compromised credentials o Autorun o Process Injection SpreadRecon DamageC & CBreach
Total Endpoint Protection: #1 in EDR & Next-Gen AV Process Injection o Evasion o Reading host process memory o Affecting host process behavior Running another procedure as a thread inside another process.
Total Endpoint Protection: #1 in EDR & Next-Gen AV Process Injection
Total Endpoint Protection: #1 in EDR & Next-Gen AV Command & Control o Legitimate HTTP o Legitimate DNS request o Fust Flux o TOR o Facebook / Twitter / YouTube comments o Domain Generation Algorithm Operation. Exfiltration. SpreadRecon DamageC & CBreach
Total Endpoint Protection: #1 in EDR & Next-Gen AV Command & Control o Regular C&C servers can be blacklisted and firewalled o DGA is generating a daily domain list (1000’s of domains) o Malware tries to resolve each one of those random domains. o The attack (who created the algorithm) knows which domains will be generated. o Once a certain C&C domain is blocked, attacker can select one of the daily generated domains, register it and continue his endeavors. SpreadRecon DamageC & CBreach Domain generation algorithm
Total Endpoint Protection: #1 in EDR & Next-Gen AV Command & Control DGA SpreadRecon DamageC & CBreach
Total Endpoint Protection: #1 in EDR & Next-Gen AV Recon o ARP scanning o SYN scanning – ("half-open scanning“) o FYN scanning o Port scanning Scanning SpreadRecon DamageC & CBreach
Total Endpoint Protection: #1 in EDR & Next-Gen AV Reconnaissance Port Scanning o Services are using ports to communicate (HTTP = 80, DNS = 53, etc.) o When an attacker gets a foothold on a computer, he needs to move around the organization. o The attacker scans the subnet to find exposed and exploitable services on other computers and platforms. o Once an open port is found, further exploitation occurs.
Total Endpoint Protection: #1 in EDR & Next-Gen AV Reconnaissance Port Scanning
Total Endpoint Protection: #1 in EDR & Next-Gen AV Spread o Pass The Hash/Ticket o Shares o PSExec Lateral movement - Legitimate tools used maliciously. SpreadRecon DamageC & CBreach
Total Endpoint Protection: #1 in EDR & Next-Gen AV Spread o A legitimate tool by Microsoft. o Commonly used by IT professionals o Allows to run a process on a remote machine interactively. o Attackers use that technique to spread their malware through an entire network. PSEXEC - Legitimate tools used maliciously. SpreadRecon DamageC & CBreach
Total Endpoint Protection: #1 in EDR & Next-Gen AV Lateral Movement --- Pass-the-ticket
Total Endpoint Protection: #1 in EDR & Next-Gen AV Lateral Movement --- Pass-the-ticket
Total Endpoint Protection: #1 in EDR & Next-Gen AV Damage. Business. Money. Physical. SpreadRecon DamageC & CBreach
Total Endpoint Protection: #1 in EDR & Next-Gen AV The Attack Lifecycle
Total Endpoint Protection: #1 in EDR & Next-Gen AV THANK YOU. www.cybereason.com

Recommended

INFO 610 FISMA Presentation
INFO 610 FISMA PresentationINFO 610 FISMA Presentation
INFO 610 FISMA Presentationknandermueller
 
Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Tsukasa Oi
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareRiscure
 
Predicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group KeysPredicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group Keysvanhoefm
 
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]RootedCON
 
Ceh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksCeh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksMehrdad Jingoism
 
The attack lifecycle. Cybereason can help you answer: Are you under attack?
The attack lifecycle. Cybereason can help you answer: Are you under attack?The attack lifecycle. Cybereason can help you answer: Are you under attack?
The attack lifecycle. Cybereason can help you answer: Are you under attack?Cybereason
 
Protecting the manufacturing industry
Protecting the manufacturing industryProtecting the manufacturing industry
Protecting the manufacturing industryCybereason
 

Recommended

INFO 610 FISMA Presentation
INFO 610 FISMA PresentationINFO 610 FISMA Presentation
INFO 610 FISMA Presentationknandermueller
 
Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Farewell, Stagefright bugs!
Farewell, Stagefright bugs!Tsukasa Oi
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareRiscure
 
Predicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group KeysPredicting and Abusing WPA2/802.11 Group Keys
Predicting and Abusing WPA2/802.11 Group Keysvanhoefm
 
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]
Ángel Palomo Cisneros - Programming and playing a MITM attack [rooted2018]RootedCON
 
Ceh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksCeh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksMehrdad Jingoism
 
The attack lifecycle. Cybereason can help you answer: Are you under attack?
The attack lifecycle. Cybereason can help you answer: Are you under attack?The attack lifecycle. Cybereason can help you answer: Are you under attack?
The attack lifecycle. Cybereason can help you answer: Are you under attack?Cybereason
 
Protecting the manufacturing industry
Protecting the manufacturing industryProtecting the manufacturing industry
Protecting the manufacturing industryCybereason
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
Protecting the healthcare industry
Protecting the healthcare industryProtecting the healthcare industry
Protecting the healthcare industryCybereason
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06Skillspire LLC
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Super1
Super1Super1
Super1neelakanteswarreddy
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptxOzkan E
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdfFarouk2nd
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationMalachi Jones
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Barry Greene
 
Maturing your threat hunting program
Maturing your threat hunting programMaturing your threat hunting program
Maturing your threat hunting programCybereason
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Florin D. Tanasache
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60Riscure
 
Hacking RF based IoT devices
Hacking RF based IoT devicesHacking RF based IoT devices
Hacking RF based IoT devicesErez Metula
 
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!F _
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.pptwebhostingguy
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

More Related Content

Similar to Cyber Attack Lifecycle

Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
Protecting the healthcare industry
Protecting the healthcare industryProtecting the healthcare industry
Protecting the healthcare industryCybereason
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptxOzkan E
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdfFarouk2nd
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationMalachi Jones
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Barry Greene
 
Maturing your threat hunting program
Maturing your threat hunting programMaturing your threat hunting program
Maturing your threat hunting programCybereason
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Florin D. Tanasache
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60Riscure
 
Hacking RF based IoT devices
Hacking RF based IoT devicesHacking RF based IoT devices
Hacking RF based IoT devicesErez Metula
 
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!F _
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.pptwebhostingguy
 

Similar to Cyber Attack Lifecycle (20)

Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
 
Protecting the healthcare industry
Protecting the healthcare industryProtecting the healthcare industry
Protecting the healthcare industry
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Super1
Super1Super1
Super1
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptx
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
SmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_ExploitationSmartphoneHacking_Android_Exploitation
SmartphoneHacking_Android_Exploitation
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1
 
Maturing your threat hunting program
Maturing your threat hunting programMaturing your threat hunting program
Maturing your threat hunting program
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60
 
Hacking RF based IoT devices
Hacking RF based IoT devicesHacking RF based IoT devices
Hacking RF based IoT devices
 
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
 
HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!HITB2013AMS Defenting the enterprise, a russian way!
HITB2013AMS Defenting the enterprise, a russian way!
 
MIT-6-determina-vps.ppt
MIT-6-determina-vps.pptMIT-6-determina-vps.ppt
MIT-6-determina-vps.ppt
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Cyber Attack Lifecycle

  • 1. Total Endpoint Protection: #1 in EDR & Next-Gen AV The Attack Lifecycle Conquering all phases of the attack lifecycle
  • 2. Total Endpoint Protection: #1 in EDR & Next-Gen AV The Headlines: Damage. Damage. Damage.
  • 3. Total Endpoint Protection: #1 in EDR & Next-Gen AV The Technical Headlines: Penetration.
  • 4. Total Endpoint Protection: #1 in EDR & Next-Gen AV Sec. Min. Hrs. Days Weeks Months Damage Time Penetration ↓ Hacking operation ↓ Breach detected ↓ SpreadRecon DamageC & CBreach The Attack (Full) Lifecycle
  • 5. Total Endpoint Protection: #1 in EDR & Next-Gen AV The Attack Lifecycle
  • 6. Total Endpoint Protection: #1 in EDR & Next-Gen AV External Recon o Social Networking o Conferences o Call Help Desk or Admin o External Scans o Buy Information/Tools in Black Market
  • 7. Total Endpoint Protection: #1 in EDR & Next-Gen AV Breach: Penetration. Privilege escalation. Obfuscation. o Phishing & spear phishing o Vulnerability exploit o Social Engineering o Infected USB drive o Compromised credentials o Autorun o Process Injection SpreadRecon DamageC & CBreach
  • 8. Total Endpoint Protection: #1 in EDR & Next-Gen AV Process Injection o Evasion o Reading host process memory o Affecting host process behavior Running another procedure as a thread inside another process.
  • 9. Total Endpoint Protection: #1 in EDR & Next-Gen AV Process Injection
  • 10. Total Endpoint Protection: #1 in EDR & Next-Gen AV Command & Control o Legitimate HTTP o Legitimate DNS request o Fust Flux o TOR o Facebook / Twitter / YouTube comments o Domain Generation Algorithm Operation. Exfiltration. SpreadRecon DamageC & CBreach
  • 11. Total Endpoint Protection: #1 in EDR & Next-Gen AV Command & Control o Regular C&C servers can be blacklisted and firewalled o DGA is generating a daily domain list (1000’s of domains) o Malware tries to resolve each one of those random domains. o The attack (who created the algorithm) knows which domains will be generated. o Once a certain C&C domain is blocked, attacker can select one of the daily generated domains, register it and continue his endeavors. SpreadRecon DamageC & CBreach Domain generation algorithm
  • 12. Total Endpoint Protection: #1 in EDR & Next-Gen AV Command & Control DGA SpreadRecon DamageC & CBreach
  • 13. Total Endpoint Protection: #1 in EDR & Next-Gen AV Recon o ARP scanning o SYN scanning – ("half-open scanning“) o FYN scanning o Port scanning Scanning SpreadRecon DamageC & CBreach
  • 14. Total Endpoint Protection: #1 in EDR & Next-Gen AV Reconnaissance Port Scanning o Services are using ports to communicate (HTTP = 80, DNS = 53, etc.) o When an attacker gets a foothold on a computer, he needs to move around the organization. o The attacker scans the subnet to find exposed and exploitable services on other computers and platforms. o Once an open port is found, further exploitation occurs.
  • 15. Total Endpoint Protection: #1 in EDR & Next-Gen AV Reconnaissance Port Scanning
  • 16. Total Endpoint Protection: #1 in EDR & Next-Gen AV Spread o Pass The Hash/Ticket o Shares o PSExec Lateral movement - Legitimate tools used maliciously. SpreadRecon DamageC & CBreach
  • 17. Total Endpoint Protection: #1 in EDR & Next-Gen AV Spread o A legitimate tool by Microsoft. o Commonly used by IT professionals o Allows to run a process on a remote machine interactively. o Attackers use that technique to spread their malware through an entire network. PSEXEC - Legitimate tools used maliciously. SpreadRecon DamageC & CBreach
  • 18. Total Endpoint Protection: #1 in EDR & Next-Gen AV Lateral Movement --- Pass-the-ticket
  • 19. Total Endpoint Protection: #1 in EDR & Next-Gen AV Lateral Movement --- Pass-the-ticket
  • 20. Total Endpoint Protection: #1 in EDR & Next-Gen AV Damage. Business. Money. Physical. SpreadRecon DamageC & CBreach
  • 21. Total Endpoint Protection: #1 in EDR & Next-Gen AV The Attack Lifecycle
  • 22. Total Endpoint Protection: #1 in EDR & Next-Gen AV THANK YOU. www.cybereason.com