Anatomy Of Hack

•Download as PPTX, PDF•

1 like•495 views

The document outlines the typical steps an attacker takes to compromise a target system, including footprinting, scanning, enumeration, gaining access, escalating privileges, covering tracks, and creating backdoors. It describes techniques for information gathering like open source searches and DNS lookups, identifying active systems through ping sweeps and port scans, probing for user accounts and file shares, exploiting vulnerabilities to gain access, cracking passwords for elevated privileges, hiding activities by clearing logs and tools, and establishing persistent backdoors through infected files and remote services. Denial of service is listed as a last resort if access cannot be achieved.

Technology

 Foot printing
 Scanning
 Enumeration
 Gaining Access
 Escalating Privilege
 Pilfering
 Covering Tracks
 Creating back doors
 Denial of Service

Objective
 Target Address range, namespace, acquisition and
information gathering are essential to a surgical attack.
 Techniques
 Open source search
 Whois
 Web interface to whois
 ARIN whois
 DNS zone transfer

 Objective
 Bulk target assessment and identification of listing
services focuses the attacker’s attention on the most
promising avenues of entry.
Techniques
 Ping sweep
 TCP/UDP port scan
 OS Detection

 Objective
 More intrusive probing now begins as attackers begin
identifying valid user accounts or poorly protected
resource shares.
Techniques
 List user accounts
 List file shares
 Identify applications

 Objective
 Enough data has been gathered at this point to make an
informed attempt to access the target.
 Techniques
 Password eavesdropping
 File share brute forcing
 Password file grab
 Buffer overflows

 Objective
 If only user-level access was obtained in the last
step, the attacker will now seek to gain complete control
of the system.
 Techniques
 Password cracking
 Known exploits

 Objective
 The information gathering process begins again to
identify mechanisms to gain access to trusted systems.
 Techniques
 Elevate trusts
 Search for clearnet passwords

 Objective
 Once total ownership of the target is secured, hiding
this fact from system administrators becomes
paramount, lest they quickly end the romp.
Techniques
 Clear logs
 Hide tools

 Objective
 Trap doors will be laid in various parts of the system to
ensure that privileged access is easily regained at the
whim of the intruder
 Techniques
 Create rogue user accounts
 Schedule batch jobs
 Infect startup files
 Plant remote control services
 Install monitoring mechanisms
 Replace apps with trojans

Objective
 If an attacker is unsuccessful in gaining access, they
may use readily available exploit code to disable a target
as a last resort
Techniques
 SYN flood
 ICMP techniques
 Identical SYN requests
 Overlapping fragment/offset bugs
 Out of bounds TCP options (OOB)
 DDoS Crypto and
Steganography

What's hot

Intermediaries such as registries, registrars, DNS providers and hosting providers are responsible for the security of domains. However, it can be hard to hold any one of them directly responsible for any domain. In this presentation, we analyze the interplay between these four actors. We also provide some evidence that the concentrations of maliciously registered and hacked domains are due to some attackers’ profit maximizing behaviors such as abusing free hosting and domain registration services, hacking more easily available targets like shared hosting, and hosting a few resilient name server.

DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...

Splend

Network Intelligence for a secured Network (2014-03-12)

Andreas Taudte

Angler talk

Artsiom Holub

MITRE ATTACKCon Power Hour - December

MITRE - ATT&CKcon

From ATT&CKcon 3.0 By Jared Stroud, Lacework Adversaries target common cloud misconfigurations in container-focused workflows for initial access. Whether this is Docker or Kubernetes environments, Lacework Labs has identified adversaries attempting to deploy malicious container images (T1610) , mine Cryptocurrency (T1496), and deploy C2 agents. Defenders new to the container space may be unaware of the built-in capabilities popular container runtime engines have that can help defend against rogue containers being deployed into their environment. Attendees will walk away with an understanding of what these attack patterns look like based on honeypot data Lacework has gathered over the past year, as well as techniques on how to defend their own container focused workloads.

ATT&CKING Containers in The Cloud

MITRE ATT&CK

The Domain Name System is deceptively simple and often underutilized as a security tool. Once you start looking under the cover there is a wealth of detail that can be used as an early warning system to predict new targeted attacks. In this session Farsight Security CTO Merike Kaeo will provide a detailed look at how DNS information can be used to indicate suspicious activity and prevent attacks. Learning Objectives: 1: Understand how DNS can be utilized as early warning system for attacks. 2: Understand how to mitigate against attacks utilizing DNS infrastructure. 3: Understand importance of DNS as a security tool. (Source: RSA Conference USA 2018)

Early Detection of Malicious Activity—How Well Do You Know Your DNS?

Priyanka Aash

getdns PyCon presentation

Melinda Shore

What Will You Investigate Today?

Xavier Mertens

How to Analyze an Android Bot

Priyanka Aash

From MITRE ATT&CKcon Power Hour December 2020 By Valentina Palacín, Sr. Cyber Threat Intelligence Analyst No one can deny the tremendous impact that ATT&CK had on the cybersecurity industry, nor the usefulness of having a good Threat Library at your disposal. But the question Valentina gets asked over and over by people from small companies is always the same: “How could I leverage threat intelligence using ATT&CK with limited time and resources?” And so far, there hasn't been a good answer. That’s why she decided to come up with the Threat Mapping Catalogue (TMC), a tool that combines the power of the mappings already available in the ATT&CK website, TRAM and the ATT&CK Navigator, to better process, consume and incorporate new mappings while organizing them around different categories.

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

MITRE - ATT&CKcon

Billions & Billions of Logs

Jack Crook

MITRE AttACK framework it is time you took notice_v1.0

Michael Gough

Clean dns technical_enus

Bruno Guerreiro, COBIT, ITIL, MCSO, LPIC3 Security

Your network is already compromised, but do you know how and by whom? Can you find them, remove them, and prevent them from getting back in again? In this presentation, we will examine actual attacks and indicators of compromise and show how, using some basic network flow pattern analysis, we can detect and prevent contemporary malware, advanced persistent threats (APTs), zero-day exploits and more. In addition, we will discuss how to feed this data into a security analytics program to create a new, broader perspective on the threats that your organization faces. Over the past four years at National Instruments, we have been collecting tools to work cohesively as part of a larger security analytics platform. The goal of this presentation is to provide the attendee with the basic information that they need in order to build a security analytics program of their own. We will begin by talking about the problem of a lack of visibility within the enterprise environment. From there, we will talk about the traits that characterize a tool as being good for security analytics. Next, we will talk about the types of data that exists in the different tool sets and what types of questions they are good at answering. From there, we will talk about what it means to create patterns and analyze your data to find those specific patterns. Then, we will look at some specific analytics that are useful to run on a regular basis to find malware, misconfigured systems, APTs, and more. Lastly, we will talk about actionable (and even automated) next steps once we discover the patterns that we are looking for. This talk will encourage audience participation by encouraging them to share what they are doing to perform security analytics and is appropriate for both novice and experienced security professionals.

Burning Down the Haystack to Find the Needle: Security Analytics in Action

Josh Sokol

Splunk is the ultimate tool for the InfoSec hunter. In this unique session, we’ll dive straight into the Splunk search interface, and interact with wire data harvested from various interesting and hostile environments, as well as some web access logs. We’ll show how you can use Splunk Enterprise with a few free Splunk applications to hunt for attack patterns. We’ll also demonstrate some ways to add context to your data in order to reduce false positives and more quickly respond to information. Bring your laptop – you’ll need a web browser to access our demo systems!

Splunk Enterprise for Information Security (Hands-On)

Splunk

"Giving the bad guys no sleep"

Christiaan Beek

In our time, games are no longer just for entertainment, it’s a real bombing industry. If gamers are willing to invest their time and money in those leaderboards, they want security for their investment. They would not want to be kicked out by hackers who don’t spend time or money to play. That is why it’s crucial for game producers to take the matter of security more serious, in order to keep their customers in the game longer. Come and join us to discover advanced techniques to protect your game from hacking. ——— Speaker: Khanh Le – Programmer Project Lead at Gameloft

[DevDay 2016] Anti hacking on game development - Speaker: Khanh Le – Program...

DevDay.org

THOR Apt Scanner

Florian Roth

What's hot (18)

DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...

Network Intelligence for a secured Network (2014-03-12)

Angler talk

MITRE ATTACKCon Power Hour - December

ATT&CKING Containers in The Cloud

Early Detection of Malicious Activity—How Well Do You Know Your DNS?

getdns PyCon presentation

What Will You Investigate Today?

How to Analyze an Android Bot

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

Billions & Billions of Logs

MITRE AttACK framework it is time you took notice_v1.0

Clean dns technical_enus

Burning Down the Haystack to Find the Needle: Security Analytics in Action

Splunk Enterprise for Information Security (Hands-On)

"Giving the bad guys no sleep"

[DevDay 2016] Anti hacking on game development - Speaker: Khanh Le – Program...

THOR Apt Scanner

Viewers also liked

Ceh v5 module 02 footprinting

Vi Tính Hoàng Nam

Ceh v5 module 04 enumeration

Vi Tính Hoàng Nam

Ceh v5 module 20 buffer overflow

Vi Tính Hoàng Nam

Hackers and Hacking a brief overview 5-26-2016

Gohsuke Takama

Banking system ppt

Lohith Lohi

Penetration Testing Boot CAMP

Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert

Viewers also liked (6)

Ceh v5 module 02 footprinting

Ceh v5 module 04 enumeration

Ceh v5 module 20 buffer overflow

Hackers and Hacking a brief overview 5-26-2016

Banking system ppt

Penetration Testing Boot CAMP

Similar to Anatomy Of Hack

Penetration Testing

Md Samsul Kabir

ETHICAL HACKING

Sweta Leena Panda

Footprinting tools for security auditors

Jose Manuel Ortega Candel

Internet infrastructure UNIT 5

SURBHI SAROHA

The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform. Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security. For more signup(it's free): www.cisoplatform.com

RIoT (Raiding Internet of Things) by Jacob Holcomb

Priyanka Aash

Title: Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen Abstract: The goal of this training is to introduce attendees to standard penetration test methodologies, tools, and techniques. Hands on labs will cover the basics of asset discovery, vulnerability enumeration, system penetration, privilege escalation, and bypassing end point protection. During the labs, common vulnerabilities will be leveraged to illustrate attack techniques, using freely available tools such as Nmap and Metasploit. This training will be valuable to anyone interested in gaining a better understanding of penetration testing or to system administrators trying to understand common attack approaches.

DC612 Day - Hands on Penetration Testing 101

dc612

Comprehensive guide for compromising network devices.

Sri Manakula Vinayagar Engineering College

Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.

Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014

grecsl

https://www.youtube.com/watch?v=7TVp4g4hkpg Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained. Executing adversary simulations in monitored environments produces the telemetry that allows blue teams to identify gaps in visibility as well as build, test and enhance detection analytics.This presentation will describe a methodology to incorporate adversary simulation into detection programs as well as release a tool blue teams can use to test the resilience of detection controls

Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...

Mauricio Velazco

640-554 IT Certification and Career Paths

hibaehed

PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures

hacking and crecjing

Ethical Hacking

Ethical hacking

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

APNIC

White hat defense systems continue to improve on supervised learning sets using machine and deep learning neural networks to defend against an exploding attack surface. Zombies that require commands from botnet herders are becoming intelligent, capable of their own decisions as we saw with Hajime in 2017. Swarm intelligence can be used to enhance these networks. What can we do to defend? Learning Objectives: 1: Learn about the current state of black hat automation/AI practices. 2: Understand the next stage of black hat swarm intelligence hive networks 3: Gain insight into practical defense approaches using white hat automation and AI. (Source: RSA Conference USA 2018)

Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence

Priyanka Aash

Cambodia CERT Seminar: Incident response for ransomeware attacks

APNIC

Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.

BSIDES-PR Keynote Hunting for Bad Guys

Joff Thyer

After obtaining an initial foothold, adversaries will most likely target or abuse Active Directory across the attack lifecycle to achieve operational success. It is essential for Blue Teams to design and deploy proper visibility & detection strategies for AD-based attacks and executing Adversary Simulation/Purple Team exercises can help. This talk will introduce the Active Directory Purple Team Playbook, a library of documented playbooks that describe how to simulate different adversary techniques targeting Active Directory. The playbooks can help blue teams measure detection coverage and identify enhancement opportunities. After this talk, attendees will be able to run purple team exercises against development or production Active Directory environments using open source tools.

SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks

Mauricio Velazco

lecture5.pptx

Llobarro2

Similar to Anatomy Of Hack (20)

Penetration Testing

ETHICAL HACKING

Footprinting tools for security auditors

Internet infrastructure UNIT 5

RIoT (Raiding Internet of Things) by Jacob Holcomb

DC612 Day - Hands on Penetration Testing 101

Comprehensive guide for compromising network devices.

Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014

Derbycon 2019 - I simulate therefore i catch: enhancing detection engineering...

640-554 IT Certification and Career Paths

PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures

hacking and crecjing

Ethical Hacking

Ethical hacking

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence

Cambodia CERT Seminar: Incident response for ransomeware attacks

BSIDES-PR Keynote Hunting for Bad Guys

SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks

lecture5.pptx

Recently uploaded

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»

QADay

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

In this session, we will showcase how to revolutionize automated testing for your software, automation, and QA teams with UiPath Test Suite. In part 1 of UiPath test automation using UiPath Test Suite – developer series, we will cover, Software testing overview What is software testing Why software testing is required Typical test types and levels Continuous testing and challenges Introduction to UiPath Test Suite UiPath Test Suite family of products Speaker: Atul Trikha, Chief Technologist & Solutions Architect, Peraton and UiPath MVP Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 1

DianaGray10

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Speed Wins: From Kafka to APIs in Minutes

confluent

IoT Analytics Company Presentation May 2024

IoTAnalytics

Recently uploaded (20)

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Key Trends Shaping the Future of Infrastructure.pdf

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

ODC, Data Fabric and Architecture User Group

UiPath Test Automation using UiPath Test Suite series, part 1

Assuring Contact Center Experiences for Your Customers With ThousandEyes

Search and Society: Reimagining Information Access for Radical Futures

Accelerate your Kubernetes clusters with Varnish Caching

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Connector Corner: Automate dynamic content and events by pushing a button

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Speed Wins: From Kafka to APIs in Minutes

IoT Analytics Company Presentation May 2024

Anatomy Of Hack

2.  Foot printing  Scanning  Enumeration  Gaining Access  Escalating Privilege  Pilfering  Covering Tracks  Creating back doors  Denial of Service

3. Objective  Target Address range, namespace, acquisition and information gathering are essential to a surgical attack.  Techniques  Open source search  Whois  Web interface to whois  ARIN whois  DNS zone transfer

4.  Objective  Bulk target assessment and identification of listing services focuses the attacker’s attention on the most promising avenues of entry. Techniques  Ping sweep  TCP/UDP port scan  OS Detection

5.  Objective  More intrusive probing now begins as attackers begin identifying valid user accounts or poorly protected resource shares. Techniques  List user accounts  List file shares  Identify applications

6.  Objective  Enough data has been gathered at this point to make an informed attempt to access the target.  Techniques  Password eavesdropping  File share brute forcing  Password file grab  Buffer overflows

7.  Objective  If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system.  Techniques  Password cracking  Known exploits

8.  Objective  The information gathering process begins again to identify mechanisms to gain access to trusted systems.  Techniques  Elevate trusts  Search for clearnet passwords

9.  Objective  Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp. Techniques  Clear logs  Hide tools

10.  Objective  Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder  Techniques  Create rogue user accounts  Schedule batch jobs  Infect startup files  Plant remote control services  Install monitoring mechanisms  Replace apps with trojans

11. Objective  If an attacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort Techniques  SYN flood  ICMP techniques  Identical SYN requests  Overlapping fragment/offset bugs  Out of bounds TCP options (OOB)  DDoS Crypto and Steganography

Anatomy Of Hack

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Viewers also liked

Viewers also liked (6)

Similar to Anatomy Of Hack

Similar to Anatomy Of Hack (20)

Recently uploaded

Recently uploaded (20)

Anatomy Of Hack