a simple presentation with introduction on hacking, presented by anant shrivastava on behalf of linux academy at rkdf bhopal http://academylinux.com and contact anant at http://anantshri.info
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
a simple presentation with introduction on hacking, presented by anant shrivastava on behalf of linux academy at rkdf bhopal http://academylinux.com and contact anant at http://anantshri.info
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
“We live in a world that has walls and those walls need to be guarded by men with guns”.
A short presentation on how to secure data and avoid theft of data. Also mention the tips and techniques to safe your data.
Ethical hacking : Its methodologies and toolschrizjohn896
This Presentation gives you the knowledge about ethical hacking and its methodologies. This PPT also explains the type of hackers and tools used with example of hashcat which is used to break hash algorithms like MD5, SHA1, SHA256 Etc
Threat hunting and achieving security maturityDNIF
In this virtual meetup of DNIF KONNNECT (04.04.2019), where the growing DNIF community connects, interacts, shares and helps each other to grow and learn about the latest in threat hunting and many more...this time we have Mr. Ankit Panchal from NSDL who shall demonstrate an end to end demo of how you can achieve security maturity.
Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html
Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html
Monty McDougal, Cyber Engineering Fellow, Intelligence, Information and Services, Raytheon
Advanced Persistent Threat Life Cycle Management
This presentation will cover the full Advanced Persistent Threat (APT) Life Cycle and Management of the resulting intrusions. It will cover both what the APTs are doing as attackers and what we as defenders should be doing for both the APT Mission Flows and the Computer Network Defense (CND) Mission Flows.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
“We live in a world that has walls and those walls need to be guarded by men with guns”.
A short presentation on how to secure data and avoid theft of data. Also mention the tips and techniques to safe your data.
Ethical hacking : Its methodologies and toolschrizjohn896
This Presentation gives you the knowledge about ethical hacking and its methodologies. This PPT also explains the type of hackers and tools used with example of hashcat which is used to break hash algorithms like MD5, SHA1, SHA256 Etc
Threat hunting and achieving security maturityDNIF
In this virtual meetup of DNIF KONNNECT (04.04.2019), where the growing DNIF community connects, interacts, shares and helps each other to grow and learn about the latest in threat hunting and many more...this time we have Mr. Ankit Panchal from NSDL who shall demonstrate an end to end demo of how you can achieve security maturity.
Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html
Learn more about DNIF KONNECT here - https://dnif.it/dnif-konnect.html
Monty McDougal, Cyber Engineering Fellow, Intelligence, Information and Services, Raytheon
Advanced Persistent Threat Life Cycle Management
This presentation will cover the full Advanced Persistent Threat (APT) Life Cycle and Management of the resulting intrusions. It will cover both what the APTs are doing as attackers and what we as defenders should be doing for both the APT Mission Flows and the Computer Network Defense (CND) Mission Flows.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs BacsayShakacon
One of the largest ISPs in Europe distributed millions of vulnerable devices to their customers without any security checks. Now these devices are up and running all over Europe and can provide Internet access and jump hosts for hackers and criminals.
In this presentation the speaker will show you the whole process of a proper CPE device testing with its pitfalls and joyrides. During this test a handful of 0days were discovered and these will be presented. It will be shown how an attacker with zero-knowledge can log into a private network by getting the factory default WPA passphrases from MAC addresses or even worse, the changed passphrase! The other 0day brings a root shell with plenty of buffer overflows, factory backdoors in the firmware. All vulnerabilities’ root cause will be presented to the audience with good laughs.
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskSurfWatch Labs
Today’s business world is online and as such is inherently chock full of cyber risks. Cybercriminals continue to take advantage of system vulnerabilities and social engineering to target personally identifiable information, credit card numbers, trade secrets and more. Although there are hundreds of security solutions, products and consultants that claim to solve and address data breaches, the traditional, tactical approach to security is not working. Evaluated cyber intelligence is trapped in your systems, applications and employees – and making that intelligence easily available and quickly understood can help your organization significantly reduce the cyber risks it faces and improve its business resilience.
This presentation examines how to reduce your cyber risks by unlocking the door to evaluated intelligence. Learn:
• Why the traditional threat intelligence approach is not addressing the problem
• Why it’s not just about adding on more security layers, but shifting your cybersecurity approach
• How to mine both your tactical and strategic cyber data for improved operational intelligence
• How to derive immediate visual insights of relevant trending cyber problems through security analytics
Alfonso De Gregorio - Vulnerabilities and Their Surrounding Ethical Questions...HackIT Ukraine
Уязвимость нулевого дня - недостатки программного обеспечения, которые известны некоторым,кто мог бы уменьшить их конкретные негативные последствия - приобретают заметную роль в современной разведке, национальной безопасности и правоохранительных операциях. В то же время, отсутствие прозрачности и подотчетности в их торговле и адаптаци, их возможная чрезмерная эксплуатации или злоупотребление, скрытый конфликт интересов со стороны субъектов обращения с ними, а также их потенциальный двойной эффект могут представлять социальные риски или приводят к нарушению прав человека. Если оставить без внимания эти проблемы связанные с использованием 0-day, то это ставит под сомнение законность уязвимостей нулевого дня в качестве инструментов реализации национальных операций по обеспечению безопасности и правоохранительных органов и приводят к явному уменьшению пользы, чтобы их адекватно применяли для целей судебной системы, обороны и разведки. Эта работа исследует то, что частный сектор участвует в торговле уязвимости нулевого дня может сделать так, чтобы было обеспечено соблюдение прав человека и доброкачественное и полезное использования обществом этих возможностей. После рассмотрения того, что может пойти не так в приобретении уязвимости нулевого дня, статья вносит свой вклад в первый кодекс этики, ориентированный на торговлю информации об уязвимостях, в которой автор излагает шесть принципов и восемь соответствующих этических норм, направленных соответственно на руководство и на регулирование проведения этого бизнеса.
Viruses on mobile platforms why we don't/don't we have viruses on android_Jimmy Shah
This presentation will discuss the resources available to attackers to write Android viruses, including methods of infecting executables, gaining control from the original app and avoiding detection.
Exploiting Cross-site scripting flaws can be a trivial challenge for anyone new to Web Application Security. This presentation aims to provide useful information on understanding different types of XSS, attack methodologies and common ways of exploiting them.
These are the slides from a talk "Spot the Web Vulnerability" held at Hacktivity 2012 conference (Hungary / Budapest 12th–13th October 2012) by Miroslav Stampar.
The project entitled with “Network Security System” is related to hacking attacks in computer systems over internet. In today’s world many of the computer systems and servers are not secure because of increasing the hacking attacks or hackers with growing information, so information security specialist’s requirement has gone high.
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
2023 NCIT: Introduction to Intrusion DetectionAPNIC
APNIC Senior Security Specialist Adli Wahid presents an Introduction to Intrusion Detection at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
Ransomware has become one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.
Creating HAGRAT, A Remote Access Tool (RAT) and the related Command and Control (C2) infrastructure for Penetration Testing exercises that simlate persistent, targeted attacks.
Robotic Process Automation is the technology that allows anyone today to configure computer software, or a “robot” to emulate and integrate the actions of a human interacting within digital systems to execute a business process. RPA robots utilize the user interface to capture data and manipulate applications just like humans do. They interpret, trigger responses and communicate with other systems in order to perform on a vast variety of repetitive tasks. Only substantially better: an RPA software robot never sleeps and makes zero mistakes.
Requirement Life Cycle Management knowledge area describes the tasks that business analysts perform in order to manage and maintain requirements and design information from inception to retirement.
Influences of organizational image on applicant attraction in the recruitment...Mayur Nanotkar
The objective of the study:
- to examine the relative importance of different aspects of Employer Image or Brand addressing values of different groups of individuals ranging from the talent pool of prospective employees and current employees.
Briefly,the study is focused on the attraction of the potential employees towards the Employer Organization. In this study, potential employees represent both current and prospective, ranging from talent pool to campuses, and employees within the company.
Retail Banking India 2015 - Now and PredictionsMayur Nanotkar
The document highlights
- the Retail Banking Industry in India using the stats
- future predictions for the retail banks in India in terms of Technological advancement and Customer Engagement
- Top 10 Predictions from the World of Retail Banking.
- Achieving Customer Intimacy using IBM SPSS tool.
- Efficient Tool, Popular for the Analytics and the Predictive Modelling
- Used for Tracking Customer's Attitudinal Behavior to target for the different products accordingly.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
5. WHAT IS APT?
• “An advanced and normally clandestine means to gain continual,
persistent intelligence on an individual, or group of individuals”
[Wikipedia]
• “… a sophisticated, mercurial way that advanced attackers can
break into systems, not get caught, keeping long-term access to
exfiltrate data at will.” [McAfee]
• “… a sophisticated and organized cyber attack to access and steal
information from compromised computers.” [MANDIANT]
5
6. WHY THE TERM APTs?
• Advanced
– Attacker adapts to defenders’ efforts
– Can develop or buy Zero-Day exploits
– Higher level of sophistication
• Persistent
– Attacks are objective specific
– Will continue until goal is reached
– Intent to maintain long term connectivity
• Threats
– Entity/s behind the attack
– Not the malware/exploit/attack alone
6
14. TARGETING AND EXPLOITATION CYCLE
Step 1 •Reconnaissance
Step 2 •Initial Intrusion into the Network
Step 3 •Establish a Backdoor into the Network
Step 4 •Obtain User Credentials
Step 5 •Install Various Utilities
Step 6 •Privilege Escalation / Lateral Movement / Data Exfiltration
Step 7 •Maintain Persistence
14
16. RECONNAISSANCE
• A reconnaissance attack occurs when an adversary tries to learn information
about your network.
• Unauthorized discovery and mapping of systems, services, or vulnerabilities.
• Also known as information gathering and, in most cases, precedes an actual
access or DoS attack.
o First, the malicious intruder typically conducts a ping sweep of the target
network to determine which IP addresses are alive.
o Then the intruder determines which services or ports are active on the
live IP addresses.
o From this information, the intruder queries the ports to determine the
type and version of the application and operating system running on the
target host.
16
17. RECONNAISSANCE (Cont..)
• In multiple cases, Mandiant identified a number of public
website pages from which a victim’s contact information
was extracted and subsequently used in targeted social
engineering messages.
• Preventive Measures: Network DLP (Prevent
sensitive data from leaving)
17
18. INITIAL INTRUSION INTO THE NETWORK
• Social Engineering combined with Email - The most
common and successful
• The spoofed email will contain an attachment or a
link to a zip file.
o A CHM file containing malware
o A Microsoft Office document exploit
o Some other client software exploit, like an
Adobe Reader exploit.
• The attackers typically operate late in the night (U.S.
Time) between the hours of 10 p.m. and 4 a.m.
These time correlate to daytime in China
• Preventive Measure :
o Firewall (blocks APT connection via IP reputation)
o Web Gateway (detects/blocks obfuscated malware)
o Email Gateway (block spear-phishing emails, links to
malicious sites)
o Network Threat Response (detects obfuscated malware)
o Network Security Platform (stops malicious exploit
delivery) 18
19. ESTABLISH A BACKDOOR INTO THE NETWORK
• Attempt to obtain domain administrative credentials . . . Transfer the credentials out of the
network
• The attackers then established a stronger foothold in the environment by moving laterally
through the network and installing multiple backdoors with different configurations.
• The malware is installed with system level privileges through the use of process injection,
registry modification or scheduled services.
• Malware characteristics:
o Continually updated
o Encryption and Obfuscation techniques of its network traffic
o Uses Built-in Microsoft libraries
o Uses legitimate user credentials
o Do not listen for inbound connections
• Preventive Measures :
o Firewall (detects/blocks APT back- channel communication)
o Network Threat Response (detects APT destination IPs)
o Application Whitelisting (prevent backdoor installation) 19
20. OBTAIN USER CREDENTIALS
• The attackers often target domain controllers to obtain user
accounts and corresponding password hashes en masse.
• The attackers also obtain local credentials from compromised
systems
• The APT intruders access approximately 40 systems on a victim
network using compromised credentials
• Mandiant has seen as few as 10 compromised systems to in excess
of 150 compromised systems
• Preventive Measure:
o Web Gateway (detects/blocks access to malicious applications)
o Application Whitelisting (prevent unauthorized changes to systems)
20
21. INSTALL VARIOUS UTILITIES
• Programs functionality includes:
o Installing backdoors
o Dumping passwords
o Obtaining email from servers
o List running processes
o Many other tasks
• More Malware Characteristics:
o Only 24% detected by security software
o Utilize spoofed SSL Certificates
• i.e.. Microsoft, Yahoo
o Most NOT packed
o Common File names
• i.e.. Svchost.exe, iexplore.exe
o Malware in sleep mode from a few weeks to a few months to up to a year
o Target executives’ systems
o Use of a stub file to download malware into memory (Minimal Forensic Footprint)
o Preventive Measures: Firewall (blocks APT connection via IP reputation) Web Gateway
(detects/blocks obfuscated malware) Email Gateway (block spear-phishing emails, links to
malicious sites) Network Threat Response (detects obfuscated malware) Network Security
Platform (stops malicious exploit delivery)
21
22. PRIVILEGE ESCALATION / DATA EXFILTRATION
• Once a secure foothold has been established:
o Exfiltrate data such as emails and attachments, or files residing on user
workstations or project file servers
o The data is usually compressed and put into a password protected RAR or
Microsoft Cabinet File.
o They often use “Staging Servers” to aggregate the data they intend to
steal
o They then delete the compressed files they exfiltrated from the “Staging
Servers.”
• Preventive Measures: Unified DLP (prevent data from leaving the
network)
22
23. MAINTAIN PERSISTENCE
• As the attackers detect remediation, they will attempt to
establish additional footholds and improve the
sophistication of their malware
• Preventive Measures:
o Network User Behavioural Analysis (identifies unexpected user
behaviour during APT reconnaissance and data collection phases)
23
24. Case Study Analysis: RSA Secure Id Hack
1. Research public information about employees
2. Select low-value targets
3. Spear phishing email “2011 Recruitment Plan”
with.xls attachment
4. Spread sheet contains 0day exploit that installs
backdoor through Flash vulnerability(Backdoor is
Poison Ivy variant RAT reverse-connected)
5. Digital shoulder surf & harvest credentials
6. Performed privilege escalation
7. Target and compromise high-value accounts
8. Copy data from target servers
9. Move data to staging servers and aggregate,
compress and encrypt it
10. FTP to external staging server at compromised
hosting site
11. Finally pull data from hosted server and remove
traces
24
26. Case Study Analysis: Operation Aurora
• Operation Aurora was a cyber attack which was first publicly disclosed by Google on
January 12, 2010, in a blog post.
• Highlights:
o Google said the attack originated in China.
o Demonstrated
• high degree of sophistication,
• strong indications of well resourced and consistent APT attack.
o Aimed at well placed MNC's such as Adobe Systems, Juniper Networks, Yahoo,
Symantec, Northrop Grumman, Morgan Stanley etc.
o Google stated in its blog that it plans to operate a completely uncensored version of its
search engine in China "within the law, if at all". If not possible, it may leave China and close
its Chinese offices.
• Primary goal: was to gain access to and potentially modify source code
repositories at these high tech, security and defence contractor companies.
26
29. EMET (Enhanced Mitigation Experience Toolkit)
• EMET (Enhanced Mitigation Experience Toolkit)
o free utility that helps prevent vulnerabilities in software from being successfully exploited for
code execution.
o It does so by opt-ing in software to the latest security mitigation technologies.
o The result is that a wide variety of software is made significantly more resistant to
exploitation – even against zero day vulnerabilities and vulnerabilities for which an update
has not yet been applied.
• Highlights
Making configuration easy
Enterprise deployment via Group Policy and SCCM
Reporting capability via the new EMET Notifier feature
Configuration
• EMET 3.0 comes with three default "Protection Profiles".
o Protection Profiles are XML files that contain pre-configured EMET settings for common
Microsoft and third-party applications.
29
30. • Bit9 Parity Suite
o Endpoint Threat Protection Solution.
o This solution provides an extensive list of features for protection against
APT’s:
• Features of Bit9:
Application Control/White-listing
Software Reputation Service
File Integrity Monitoring
Threat Identification
Device Control
File Integrity Monitoring
Registry Protection
Memory Protection
Bit9 Parity Suite
30