SlideShare a Scribd company logo

501 ch 7 protecting against advanced attacks

Download as PPTX, PDF
G
gocybersec

The document discusses advanced cybersecurity attacks and strategies to prevent them. It covers common attacks like privilege escalation, spoofing, and man-in-the-middle attacks. It also discusses secure coding concepts like input validation, error handling, and fuzz testing. Application attacks like SQL injection and cross-site scripting are explained as well as frameworks and guides for security.

Technology
1 of 36
Proprietary & Confidential @GoCyberSec | January, 2020 Chapter 7 Protecting Against Advanced Attacks CompTIA Security +
Proprietary & Confidential @GoCyberSec | January, 2020 Introduction • Comparing common attacks • Summarizing secure coding concepts • Identifying application attacks • Understanding frameworks and guides
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Privilege escalation – Gain additional privileges after initial exploit • Spoofing – Impersonating or masquerading as someone or something else – MAC spoofing – IP spoofing – Email spoofing
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • SYN flood attack – Common attack against Internet servers – Disrupts the TCP three-way handshake – Withholds 3rd packet
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Man-in-the-middle – Active interception – Active eavesdropping • ARP poisoning
Proprietary & Confidential @GoCyberSec | January, 2020 DNS Attacks • DNS poisoning /spoofing –Attempt to corrupt DNS data –Protect against with DNSSEC • Pharming –Redirects a web site’s traffic to another web site • DDoS DNS attacks –DNS amplification attack
Proprietary & Confidential @GoCyberSec | January, 2020 Amplification Attack • Smurf – A ping is normally unicast – Smurf attack sends the ping out as a broadcast – Smurf attack spoofs the source IP – Directed broadcast through an amplifying network – Disable directed broadcasts on border routers
Proprietary & Confidential @GoCyberSec | January, 2020 Password Attacks • Brute Force Attacks –Attempts to guess all possible character combination • Dictionary Attack –Uses a dictionary of words and attempts every word in the dictionary • Password hashes attack –Password: IC@nP@$$S3curity+ –Hash 75c8ac11c86ca966b58166187589cc15
Proprietary & Confidential @GoCyberSec | January, 2020 Password Attacks • Pass the hash –Attacker discovers the hash –Attacker uses the hash to log on –Older protocols susceptible • Microsoft LAN Manager (LM) • NT LAN Manager (NTLM) • Use NTMLv2 instead • Birthday attack –Birthday paradox –Hash collision –Prevent attack with strong hashing • Rainbow table attack –Prevent with salted hashes
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Replay –Replays data in an attempt to impersonate client –Timestamps and sequence numbers are effective countermeasures • Can be –An application/service attack –A wireless attack –A cryptographic attack
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Known plaintext – Attacker has samples of both the plaintext and the ciphertext • Compare with chosen plaintext The information contained in this email and any accompanying attachments may contain proprietary information about the Pay & Park & Pay parking garage. Nr55tySu3IFIf7f3Cjn540fSs0j0QbshCN0yOAvhN3UKr85uEkvawEPG3lhLIklwBz7hBzhaRZ96KUYIT3 wQbf2cSkWHtN8ZQrQ+ZGJHhe8HkL42CPjHIGc0HW4urJ+NNLnNxqHyRo34azbnXsd3qd3Ce5GE7 blWtY0duwNKy0xqhmDihUJs9nDhXBV4nBkZ6shcmKGEUSyvCr/hOEpAYw==
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Typo squatting / URL hijacking • Attackers purchase similar domain names for various malicious purposes • Users visit the typo squatting domain when they enter the URL incorrectly with a common typo • Clickjacking • Tricks users into clicking something different • Typically uses frames
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Session hijacking - Impersonate the user with the session ID - Session IDs stored in cookies • Domain hijacking - Attacker changes the registration of the domain name - Typically done by using social engineering techniques to guess owner’s password
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Man-in-the-browser attack –Type of proxy Trojan horse –Can capture browser session data • Driver manipulation –Shimming –Refactoring
Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Zero-day vulnerabilities –Undocumented and unknown to the public –Vendor might know about it, but has not yet released a patch to address it • Zero day attack –Attempts to exploit zero-day vulnerabilities –Also known as zero day- exploit
Proprietary & Confidential @GoCyberSec | January, 2020 Memory Buffer Vulnerabilities • Memory leak - App consumes more and more memory - Can crash operating system • Integer overflow - App attempts to use or create numeric value too big for the available storage - 8-bit storage - 95 x 59 = 5,605 (needs at least 13 bits to store)
Proprietary & Confidential @GoCyberSec | January, 2020 Memory Buffer Vulnerabilities • Buffer overflow and buffer overflow attack - Occur when an application receives data that it can’t handle - Exposes system memory - Often includes NOP instructions (such as x90) - Can then insert malicious code into memory - Input validation helps prevent buffer overflow attacks
Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Compiled code • Optimized • Run as an executable • Compiler checks the program for errors and • Runtime code • Code is evaluated, interpreted, and executed when the code is run • HTML is interpreted by web browsers and displayed as web pages
Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Input Validation • Verifies validity of data before using it - Verifies proper characters - Uses boundary and/or range checking - Blocks HTML code - Prevents the use of certain characters • Client-side vs server-side - Server-side is more secure (many sites use both) • Input validation prevents - Buffer overflow, SQL injection, command injection, and cross-site scripting attacks
Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Avoid race conditions - Occur when two modules attempt to access the same resource - First module to complete the process wins - Database locks prevent race conditions • Error and Exception Handling - Catch errors and provides feedback • Prevent improper input from crashing an application providing information to attackers • Errors to users should be general • Logged information should be detailed
Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Code reuse - Avoid dead code • Software development codes (SDKs) - Provide software tools easy to reuse • Code obfuscation - Camouflage code
Proprietary & Confidential @GoCyberSec | January, 2020 Code Quality and Testing • Static code analyzers • Dynamic analysis • Stress testing • Sandboxing • Model verification • Fuzzing • Sends random strings of data to applications looking for vulnerabilities • Attackers use to detect strings of data that can be used in an attack • Administrators use fuzz testing to test applications
Proprietary & Confidential @GoCyberSec | January, 2020 SDLC Models Software development life cycle (SDLC) models • Waterfall –Multiple stages going from top to bottom –Strict • Agile –Starts with set of principles –Uses iterative cycles with incremental changes –Flexible
Proprietary & Confidential @GoCyberSec | January, 2020 Secure DevOps • Security automation • Continuous integration • Baselining • Immutable systems • Infrastructure as code
Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Change management – Ensures developers do not make unauthorized changes – Provides accounting structure • Version control – Tracks software versions – Identifies who made the change and when • Provisioning (an application) – Preparing to deploy it – Configuring for different applications • Deprovisioning (an application) – Removing it completely
Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Web servers host web sites – Apache – IIS • Protected by placing in DMZ
Proprietary & Confidential @GoCyberSec | January, 2020 Database concepts • Tables related to each other with keys • Database schema
Proprietary & Confidential @GoCyberSec | January, 2020 Database concepts • Tables –Rows (also called records or tuples) –Columns (also called attributes) –Cells hold individual values (such as “Lisa”)
Proprietary & Confidential @GoCyberSec | January, 2020 Database concepts Normalization • Organizing tables and columns to reduce redundant data and improve performance • First normal form (1NF) • Second normal form (2NF) • Third normal form (3NF)
Proprietary & Confidential @GoCyberSec | January, 2020 SQL Queries • Used to access data • Commonly used with web pages
Proprietary & Confidential @GoCyberSec | January, 2020 SQL Queries SELECT * FROM Customers WHERE name = 'Homer Simpson‘ Using SQL Injection SELECT * FROM Customers WHERE name = ' ' or '1'='1' --' Result SELECT * FROM Customers WHERE name = ' ' SELECT * FROM Customers WHERE '1'='1'
Proprietary & Confidential @GoCyberSec | January, 2020 SQL Injection Attack • Used on unprotected web pages to access backend databases • Often use the phrase ' or '1'='1 ' • Tricks database into providing information • Best protection –Input validation & stored procedures • XML injection (similar to SQL injection)
Proprietary & Confidential @GoCyberSec | January, 2020 Application Attacks Other injection attacks • Command injection attack –Attempts to run operating system commands from within an application • Cross-site scripting (XSS) –Attackers embed malicious HTML or JavaScript code –Can be in web site or links in email –Prevented with server-side input validation –OWASP recommends use of library
Proprietary & Confidential @GoCyberSec | January, 2020 Application Attacks • Cross-site request forgery (XSRF) –Causes users to perform actions on websites without their knowledge –Attackers can use to steal cookies and harvest passwords –XSRF tokens successfully block this attack
Proprietary & Confidential @GoCyberSec | January, 2020 Frameworks and Guides • Frameworks –Regulatory –Non-regulatory –National versus international –Industry-specific • Guides –Vendor-specific –Platform-specific –Role- or goal-specific
Proprietary & Confidential @GoCyberSec | January, 2020 Chapter 7 Summary • Comparing common attacks • Summarizing secure coding concepts • Identifying application attacks • Understanding frameworks and guides

Recommended

501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iam
gocybersec
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
gocybersec
 
501 ch 1 mastering security basics
501 ch 1 mastering security basics501 ch 1 mastering security basics
501 ch 1 mastering security basics
gocybersec
 
501 ch 4 securing your network
501 ch 4 securing your network501 ch 4 securing your network
501 ch 4 securing your network
gocybersec
 
501 ch 6 threats vulnerabilities and common attacks
501 ch 6 threats vulnerabilities and common attacks501 ch 6 threats vulnerabilities and common attacks
501 ch 6 threats vulnerabilities and common attacks
gocybersec
 
501 ch 8 risk managment tool
501 ch 8 risk managment tool501 ch 8 risk managment tool
501 ch 8 risk managment tool
gocybersec
 
501 ch 10 understanding cryptography and pki
501 ch 10 understanding cryptography and pki501 ch 10 understanding cryptography and pki
501 ch 10 understanding cryptography and pki
gocybersec
 
501 ch 3 network technologies tools
501 ch 3 network technologies tools501 ch 3 network technologies tools
501 ch 3 network technologies tools
gocybersec
 

Recommended

501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iam
gocybersec
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
gocybersec
 
501 ch 1 mastering security basics
501 ch 1 mastering security basics501 ch 1 mastering security basics
501 ch 1 mastering security basics
gocybersec
 
501 ch 4 securing your network
501 ch 4 securing your network501 ch 4 securing your network
501 ch 4 securing your network
gocybersec
 
501 ch 6 threats vulnerabilities and common attacks
501 ch 6 threats vulnerabilities and common attacks501 ch 6 threats vulnerabilities and common attacks
501 ch 6 threats vulnerabilities and common attacks
gocybersec
 
501 ch 8 risk managment tool
501 ch 8 risk managment tool501 ch 8 risk managment tool
501 ch 8 risk managment tool
gocybersec
 
501 ch 10 understanding cryptography and pki
501 ch 10 understanding cryptography and pki501 ch 10 understanding cryptography and pki
501 ch 10 understanding cryptography and pki
gocybersec
 
501 ch 3 network technologies tools
501 ch 3 network technologies tools501 ch 3 network technologies tools
501 ch 3 network technologies tools
gocybersec
 
501 ch 3 network technologies and tools
501 ch 3 network technologies and tools501 ch 3 network technologies and tools
501 ch 3 network technologies and tools
gocybersec
 
From The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of MonitoringFrom The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of Monitoring
Priyanka Aash
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
SecureAuth
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
Priyanka Aash
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
Cryptzone
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
Amazon Web Services
 
Data Security for Project Managers
Data Security for Project ManagersData Security for Project Managers
Data Security for Project Managers
Joseph Wojowski
 
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
ProgrammableWeb
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
The Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubThe Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data Hub
DataWorks Summit
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
Cryptzone
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
SISA Information Security Pvt.Ltd
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Getting Started in Pentesting the Cloud: Azure
Getting Started in Pentesting the Cloud: AzureGetting Started in Pentesting the Cloud: Azure
Getting Started in Pentesting the Cloud: Azure
Beau Bullock
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Amazon Web Services
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Amazon Web Services
 
Red Team Apocalypse (RVAsec Edition)
Red Team Apocalypse (RVAsec Edition)Red Team Apocalypse (RVAsec Edition)
Red Team Apocalypse (RVAsec Edition)
Beau Bullock
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
Mary Racter
 
Plain talk about security public - ms1
Plain talk about security public - ms1Plain talk about security public - ms1
Plain talk about security public - ms1
Mike Stone
 
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
Niel Dunnage
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 

More Related Content

What's hot

501 ch 3 network technologies and tools
501 ch 3 network technologies and tools501 ch 3 network technologies and tools
501 ch 3 network technologies and tools
gocybersec
 
From The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of MonitoringFrom The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of Monitoring
Priyanka Aash
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
SecureAuth
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
Priyanka Aash
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
Cryptzone
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
Amazon Web Services
 
Data Security for Project Managers
Data Security for Project ManagersData Security for Project Managers
Data Security for Project Managers
Joseph Wojowski
 
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
ProgrammableWeb
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
The Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubThe Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data Hub
DataWorks Summit
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
Cryptzone
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
SISA Information Security Pvt.Ltd
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Getting Started in Pentesting the Cloud: Azure
Getting Started in Pentesting the Cloud: AzureGetting Started in Pentesting the Cloud: Azure
Getting Started in Pentesting the Cloud: Azure
Beau Bullock
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Amazon Web Services
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Amazon Web Services
 
Red Team Apocalypse (RVAsec Edition)
Red Team Apocalypse (RVAsec Edition)Red Team Apocalypse (RVAsec Edition)
Red Team Apocalypse (RVAsec Edition)
Beau Bullock
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
Mary Racter
 
Plain talk about security public - ms1
Plain talk about security public - ms1Plain talk about security public - ms1
Plain talk about security public - ms1
Mike Stone
 

What's hot (20)

501 ch 3 network technologies and tools
501 ch 3 network technologies and tools501 ch 3 network technologies and tools
501 ch 3 network technologies and tools
 
From The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of MonitoringFrom The Hidden Internet: Lesson From 12 Months Of Monitoring
From The Hidden Internet: Lesson From 12 Months Of Monitoring
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
 
Cryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined PerimeterCryptzone: The Software-Defined Perimeter
Cryptzone: The Software-Defined Perimeter
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
 
Data Security for Project Managers
Data Security for Project ManagersData Security for Project Managers
Data Security for Project Managers
 
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
Why API Security Is More Complicated Than You Think (and Why It’s Your #1 Pri...
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
The Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data HubThe Future of Data Management - the Enterprise Data Hub
The Future of Data Management - the Enterprise Data Hub
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Getting Started in Pentesting the Cloud: Azure
Getting Started in Pentesting the Cloud: AzureGetting Started in Pentesting the Cloud: Azure
Getting Started in Pentesting the Cloud: Azure
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Anaheim AWS Summit
 
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS SummitThreat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
Threat Detection and Mitigation at Scale on AWS - SID301 - Atlanta AWS Summit
 
Red Team Apocalypse (RVAsec Edition)
Red Team Apocalypse (RVAsec Edition)Red Team Apocalypse (RVAsec Edition)
Red Team Apocalypse (RVAsec Edition)
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
 
Plain talk about security public - ms1
Plain talk about security public - ms1Plain talk about security public - ms1
Plain talk about security public - ms1
 

Similar to 501 ch 7 protecting against advanced attacks

Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
Niel Dunnage
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
Flaskdata.io
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Amazon Web Services
 
20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security Brokers20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security Brokers
Robin Vermeirsch
 
501 ch 9 implementing controls to protect assets
501 ch 9 implementing controls to protect assets501 ch 9 implementing controls to protect assets
501 ch 9 implementing controls to protect assets
gocybersec
 
The Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutputThe Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutput
Silas Cutler
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Alert Logic
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
Alert Logic
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
Gokul Alex
 
Fighting cyber fraud with hadoop
Fighting cyber fraud with hadoopFighting cyber fraud with hadoop
Fighting cyber fraud with hadoop
Niel Dunnage
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?
Tom Eston
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agenda
ShivamSharma909
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
InfosecTrain
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineer
ShivamSharma909
 

Similar to 501 ch 7 protecting against advanced attacks (20)

Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
 
20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security Brokers20160000 Cloud Discovery Event - Cloud Access Security Brokers
20160000 Cloud Discovery Event - Cloud Access Security Brokers
 
501 ch 9 implementing controls to protect assets
501 ch 9 implementing controls to protect assets501 ch 9 implementing controls to protect assets
501 ch 9 implementing controls to protect assets
 
The Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutputThe Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutput
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data Processing
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
 
Fighting cyber fraud with hadoop
Fighting cyber fraud with hadoopFighting cyber fraud with hadoop
Fighting cyber fraud with hadoop
 
Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agenda
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineer
 

More from gocybersec

501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacks
gocybersec
 
501 ch 11 operational security
501 ch 11 operational security501 ch 11 operational security
501 ch 11 operational security
gocybersec
 
501 ch 9 implementing controls
501 ch 9 implementing controls501 ch 9 implementing controls
501 ch 9 implementing controls
gocybersec
 
501 ch 8 risk management tools
501 ch 8 risk management tools501 ch 8 risk management tools
501 ch 8 risk management tools
gocybersec
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks
gocybersec
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacks
gocybersec
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
gocybersec
 
501 ch 4 securing your network
501 ch 4 securing your network501 ch 4 securing your network
501 ch 4 securing your network
gocybersec
 
501 ch 3 network technologies tools
501 ch 3 network technologies tools501 ch 3 network technologies tools
501 ch 3 network technologies tools
gocybersec
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iam
gocybersec
 
501 ch-1-mastering-security-basics
501 ch-1-mastering-security-basics501 ch-1-mastering-security-basics
501 ch-1-mastering-security-basics
gocybersec
 

More from gocybersec (11)

501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacks
 
501 ch 11 operational security
501 ch 11 operational security501 ch 11 operational security
501 ch 11 operational security
 
501 ch 9 implementing controls
501 ch 9 implementing controls501 ch 9 implementing controls
501 ch 9 implementing controls
 
501 ch 8 risk management tools
501 ch 8 risk management tools501 ch 8 risk management tools
501 ch 8 risk management tools
 
501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks501 ch 6 threats vulnerabilities attacks
501 ch 6 threats vulnerabilities attacks
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacks
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
 
501 ch 4 securing your network
501 ch 4 securing your network501 ch 4 securing your network
501 ch 4 securing your network
 
501 ch 3 network technologies tools
501 ch 3 network technologies tools501 ch 3 network technologies tools
501 ch 3 network technologies tools
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iam
 
501 ch-1-mastering-security-basics
501 ch-1-mastering-security-basics501 ch-1-mastering-security-basics
501 ch-1-mastering-security-basics
 

Recently uploaded

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 

Recently uploaded (20)

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 

501 ch 7 protecting against advanced attacks

  • 1. Proprietary & Confidential @GoCyberSec | January, 2020 Chapter 7 Protecting Against Advanced Attacks CompTIA Security +
  • 2. Proprietary & Confidential @GoCyberSec | January, 2020 Introduction • Comparing common attacks • Summarizing secure coding concepts • Identifying application attacks • Understanding frameworks and guides
  • 3. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Privilege escalation – Gain additional privileges after initial exploit • Spoofing – Impersonating or masquerading as someone or something else – MAC spoofing – IP spoofing – Email spoofing
  • 4. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • SYN flood attack – Common attack against Internet servers – Disrupts the TCP three-way handshake – Withholds 3rd packet
  • 5. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Man-in-the-middle – Active interception – Active eavesdropping • ARP poisoning
  • 6. Proprietary & Confidential @GoCyberSec | January, 2020 DNS Attacks • DNS poisoning /spoofing –Attempt to corrupt DNS data –Protect against with DNSSEC • Pharming –Redirects a web site’s traffic to another web site • DDoS DNS attacks –DNS amplification attack
  • 7. Proprietary & Confidential @GoCyberSec | January, 2020 Amplification Attack • Smurf – A ping is normally unicast – Smurf attack sends the ping out as a broadcast – Smurf attack spoofs the source IP – Directed broadcast through an amplifying network – Disable directed broadcasts on border routers
  • 8. Proprietary & Confidential @GoCyberSec | January, 2020 Password Attacks • Brute Force Attacks –Attempts to guess all possible character combination • Dictionary Attack –Uses a dictionary of words and attempts every word in the dictionary • Password hashes attack –Password: IC@nP@$$S3curity+ –Hash 75c8ac11c86ca966b58166187589cc15
  • 9. Proprietary & Confidential @GoCyberSec | January, 2020 Password Attacks • Pass the hash –Attacker discovers the hash –Attacker uses the hash to log on –Older protocols susceptible • Microsoft LAN Manager (LM) • NT LAN Manager (NTLM) • Use NTMLv2 instead • Birthday attack –Birthday paradox –Hash collision –Prevent attack with strong hashing • Rainbow table attack –Prevent with salted hashes
  • 10. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Replay –Replays data in an attempt to impersonate client –Timestamps and sequence numbers are effective countermeasures • Can be –An application/service attack –A wireless attack –A cryptographic attack
  • 11. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Known plaintext – Attacker has samples of both the plaintext and the ciphertext • Compare with chosen plaintext The information contained in this email and any accompanying attachments may contain proprietary information about the Pay & Park & Pay parking garage. Nr55tySu3IFIf7f3Cjn540fSs0j0QbshCN0yOAvhN3UKr85uEkvawEPG3lhLIklwBz7hBzhaRZ96KUYIT3 wQbf2cSkWHtN8ZQrQ+ZGJHhe8HkL42CPjHIGc0HW4urJ+NNLnNxqHyRo34azbnXsd3qd3Ce5GE7 blWtY0duwNKy0xqhmDihUJs9nDhXBV4nBkZ6shcmKGEUSyvCr/hOEpAYw==
  • 12. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Typo squatting / URL hijacking • Attackers purchase similar domain names for various malicious purposes • Users visit the typo squatting domain when they enter the URL incorrectly with a common typo • Clickjacking • Tricks users into clicking something different • Typically uses frames
  • 13. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Session hijacking - Impersonate the user with the session ID - Session IDs stored in cookies • Domain hijacking - Attacker changes the registration of the domain name - Typically done by using social engineering techniques to guess owner’s password
  • 14. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Man-in-the-browser attack –Type of proxy Trojan horse –Can capture browser session data • Driver manipulation –Shimming –Refactoring
  • 15. Proprietary & Confidential @GoCyberSec | January, 2020 Common Attacks • Zero-day vulnerabilities –Undocumented and unknown to the public –Vendor might know about it, but has not yet released a patch to address it • Zero day attack –Attempts to exploit zero-day vulnerabilities –Also known as zero day- exploit
  • 16. Proprietary & Confidential @GoCyberSec | January, 2020 Memory Buffer Vulnerabilities • Memory leak - App consumes more and more memory - Can crash operating system • Integer overflow - App attempts to use or create numeric value too big for the available storage - 8-bit storage - 95 x 59 = 5,605 (needs at least 13 bits to store)
  • 17. Proprietary & Confidential @GoCyberSec | January, 2020 Memory Buffer Vulnerabilities • Buffer overflow and buffer overflow attack - Occur when an application receives data that it can’t handle - Exposes system memory - Often includes NOP instructions (such as x90) - Can then insert malicious code into memory - Input validation helps prevent buffer overflow attacks
  • 18. Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Compiled code • Optimized • Run as an executable • Compiler checks the program for errors and • Runtime code • Code is evaluated, interpreted, and executed when the code is run • HTML is interpreted by web browsers and displayed as web pages
  • 19. Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Input Validation • Verifies validity of data before using it - Verifies proper characters - Uses boundary and/or range checking - Blocks HTML code - Prevents the use of certain characters • Client-side vs server-side - Server-side is more secure (many sites use both) • Input validation prevents - Buffer overflow, SQL injection, command injection, and cross-site scripting attacks
  • 20. Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Avoid race conditions - Occur when two modules attempt to access the same resource - First module to complete the process wins - Database locks prevent race conditions • Error and Exception Handling - Catch errors and provides feedback • Prevent improper input from crashing an application providing information to attackers • Errors to users should be general • Logged information should be detailed
  • 21. Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Code reuse - Avoid dead code • Software development codes (SDKs) - Provide software tools easy to reuse • Code obfuscation - Camouflage code
  • 22. Proprietary & Confidential @GoCyberSec | January, 2020 Code Quality and Testing • Static code analyzers • Dynamic analysis • Stress testing • Sandboxing • Model verification • Fuzzing • Sends random strings of data to applications looking for vulnerabilities • Attackers use to detect strings of data that can be used in an attack • Administrators use fuzz testing to test applications
  • 23. Proprietary & Confidential @GoCyberSec | January, 2020 SDLC Models Software development life cycle (SDLC) models • Waterfall –Multiple stages going from top to bottom –Strict • Agile –Starts with set of principles –Uses iterative cycles with incremental changes –Flexible
  • 24. Proprietary & Confidential @GoCyberSec | January, 2020 Secure DevOps • Security automation • Continuous integration • Baselining • Immutable systems • Infrastructure as code
  • 25. Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Change management – Ensures developers do not make unauthorized changes – Provides accounting structure • Version control – Tracks software versions – Identifies who made the change and when • Provisioning (an application) – Preparing to deploy it – Configuring for different applications • Deprovisioning (an application) – Removing it completely
  • 26. Proprietary & Confidential @GoCyberSec | January, 2020 Secure Coding Concepts • Web servers host web sites – Apache – IIS • Protected by placing in DMZ
  • 27. Proprietary & Confidential @GoCyberSec | January, 2020 Database concepts • Tables related to each other with keys • Database schema
  • 28. Proprietary & Confidential @GoCyberSec | January, 2020 Database concepts • Tables –Rows (also called records or tuples) –Columns (also called attributes) –Cells hold individual values (such as “Lisa”)
  • 29. Proprietary & Confidential @GoCyberSec | January, 2020 Database concepts Normalization • Organizing tables and columns to reduce redundant data and improve performance • First normal form (1NF) • Second normal form (2NF) • Third normal form (3NF)
  • 30. Proprietary & Confidential @GoCyberSec | January, 2020 SQL Queries • Used to access data • Commonly used with web pages
  • 31. Proprietary & Confidential @GoCyberSec | January, 2020 SQL Queries SELECT * FROM Customers WHERE name = 'Homer Simpson‘ Using SQL Injection SELECT * FROM Customers WHERE name = ' ' or '1'='1' --' Result SELECT * FROM Customers WHERE name = ' ' SELECT * FROM Customers WHERE '1'='1'
  • 32. Proprietary & Confidential @GoCyberSec | January, 2020 SQL Injection Attack • Used on unprotected web pages to access backend databases • Often use the phrase ' or '1'='1 ' • Tricks database into providing information • Best protection –Input validation & stored procedures • XML injection (similar to SQL injection)
  • 33. Proprietary & Confidential @GoCyberSec | January, 2020 Application Attacks Other injection attacks • Command injection attack –Attempts to run operating system commands from within an application • Cross-site scripting (XSS) –Attackers embed malicious HTML or JavaScript code –Can be in web site or links in email –Prevented with server-side input validation –OWASP recommends use of library
  • 34. Proprietary & Confidential @GoCyberSec | January, 2020 Application Attacks • Cross-site request forgery (XSRF) –Causes users to perform actions on websites without their knowledge –Attackers can use to steal cookies and harvest passwords –XSRF tokens successfully block this attack
  • 35. Proprietary & Confidential @GoCyberSec | January, 2020 Frameworks and Guides • Frameworks –Regulatory –Non-regulatory –National versus international –Industry-specific • Guides –Vendor-specific –Platform-specific –Role- or goal-specific
  • 36. Proprietary & Confidential @GoCyberSec | January, 2020 Chapter 7 Summary • Comparing common attacks • Summarizing secure coding concepts • Identifying application attacks • Understanding frameworks and guides

Editor's Notes

  1. A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. Essentially, with SYN flood DDoS, the offender sends TCP connection requests faster than the targeted machine can process them, causing network saturation. In a SYN flood attack, the attacker sends repeated SYN packets to every port on the targeted server, often using a fake IP address. The server, unaware of the attack, receives multiple, apparently legitimate requests to establish communication. It responds to each attempt with a SYN-ACK packet from each open port.
  2. Address Resolution Protocol (ARP) poisoning is when an attacker sends falsified ARP messages over a local area network (LAN) to link an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is linked to an authentic IP address, the attacker can receive any messages directed to the legitimate MAC address
  3. DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. The Internet doesn’t just have a single DNS server, as that would be extremely inefficient. Your Internet service provider runs its own DNS servers, which cache information from other DNS servers. Your home router functions as a DNS server, which caches information from your ISP’s DNS servers. A DNS cache can become poisoned if it contains an incorrect entry. For example, if an attacker gets control of a DNS server and changes some of the information on it — for example, they could say that google.com actually points to an IP address the attacker owns — that DNS server would tell its users to look for Google.com at the wrong address. The attacker’s address could contain some sort of malicious phishing website Pharming is a cyber attack intended to redirect a website's traffic to another, fake site. DNS amplification attack. DNS amplification is a Distributed Denial of Service (DDoS) attack in which the attacker exploits vulnerabilities in domain name system (DNS) servers to turn initially small queries into much larger payloads, which are used to bring down the victim's servers.
  4. A Smurf attack scenario can be broken down as follows: Smurf malware is used to generate a fake Echo request containing a spoofed source IP, which is actually the target server address. The request is sent to an intermediate IP broadcast network. The request is transmitted to all of the network hosts on the network. Each host sends an ICMP response to the spoofed source address. With enough ICMP responses forwarded, the target server is brought down.
  5. Microsoft LAN Manager (LM) NT (New Technology) LAN Manager (NTLM) Use NTMLv2 instead A birthday attack is a name used to refer to a class of brute-force attacks. It gets its name from the surprising result that the probability that two or more people in a group of 23 share the same birthday is greater than 1/2; such a result is called a birthday paradox. Birthday attacks are often used to find collisions of hash functions. Hash collision occurs when the hashing algorithm creates same hash from different passwords. A rainbow table attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database
  6. During replay attacks the intruder sends to the victim the same message as was already used in the victim's communication. The message is correctly encrypted, so its receiver may treat is as a correct request and take actions desired by the intruder. The attacker might either have eavesdropped a message between two sides before or he may know the message format from his previous communication with one of the sides. This message may contain some kind of the secret key and be used for authentication
  7. Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.
  8. Man-in-the-browser is a form of man-in-the-middle attack where an attacker is able to insert himself into the communications channel between two trusting parties by compromising a Web browser used by one of the parties, for the purpose of eavesdropping, data theft and/or session tampering. Device drivers allow an operating system such as Windows to talk to hardware devices such as printers, keyboard, mouse. Sophisticated attackers may dive deep into device drivers and manipulate them so that they undermine the security on your computer. They could also take control of the audio and video of the computer, stop your anti-virus software from running, or your data could be exposed to someone else. Shimming: A shim is a small library that is created to intercept API (Application Program Interface) calls transparently and do one of three things: handle the operation itself; change the arguments passed; or redirect the request elsewhere. Refactoring: A set of techniques used to identify the flow and then modify the internal structure of code without changing the code’s visible behavior
  9. A memory leak is the gradual loss of available computer memory when a program (an application or part of the operating system) repeatedly fails to return memory that it has obtained for temporary use An Integer Overflow is the condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it.
  10. A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory,.
  11. Compiled code are converted directly into machine code that the processor can execute. As a result, they tend to be faster and more efficient to execute than interpreted languages. They also give the developer more control over hardware aspects, like memory management and CPU usage Examples of pure compiled languages are C, C++, Erlang, Haskell, Rust, and Go Compiled code is the output of a compiler. Run-time code: Interpreters will run through a program line by line and execute each command. Interpreted languages were once known to be significantly slower than compiled languages Examples of common interpreted languages are HMTL, PHP, Ruby, Python, and JavaScript.
  12. Static code analysis is a method of debugging by examining source code before a program is run. It’s done by analyzing a set of code against a set (or multiple sets) of coding rules. Dynamic analysis identifies defects after you run a program (e.g., during unit testing). However, some coding errors might not surface during unit testing. So, there are defects that dynamic testing might miss that static code analysis can find.   Both types of analysis detect defects. The big difference is where they find defects in the development lifecycle. Static code checking addresses problems early on and it pinpoints exactly where the error is in the code. STRESS TESTING is a type of Software Testing that verifies the stability & reliability of the system. This test mainly measures the system on its robustness and error handling capabilities under extremely heavy load conditions Sandboxing: Application sandboxing, also called application containerization, is an approach to software development and mobile application management (MAM) that limits the environments in which certain code can execute. The goal of sandboxing is to improve security by isolating an application to prevent outside malware, intruders, system resources or other applications from interacting with the protected app model verification The process of demonstrating that a model works as intended is referred to in simulation literature as model verification. It is much easier to debug a model built in stages and with minimal detail than to debug a large and complex model. 
  13. Waterfall approach is a sequential model where the output of each phase acts as the input for the following phase, allowing the process to move downstream (like a waterfall). Agile approach to software development covers an array of SDLC styles, but the overarching theme is the same, this category is more adaptable and gives developers time to work while requirements are changing. Waterfall Pros: Easy to Understand Provides Structure Milestones are well understood Requirements stability Easy time management Cons: All requirements must be known from start Low level of flexibility Provides little transparency for end-users Agile Pros: Flexibility to make changes to requirements Testing is integrated from start to finish Increased speed to market Improved Risk Management Cons: Projects can run longer than anticipated Requires high level commitment of time and energy from developers