Enviar búsqueda
Cargar
Module 2 threats-b
•
Descargar como PPT, PDF
•
0 recomendaciones
•
429 vistas
B
BbAOC
Seguir
Denunciar
Compartir
Denunciar
Compartir
1 de 63
Descargar ahora
Recomendados
Phishing
Phishing
defquon
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accounts
th3prodevelopper
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
Kislaychd
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
defquon
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Kislaychd
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Kislaychd
TH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH sniffers
th3prodevelopper
Recomendados
Phishing
Phishing
defquon
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accounts
th3prodevelopper
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
Kislaychd
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
defquon
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Ce Hv6 Module 43 Cyber Warfare Hacking Al Qaida And Terrorism
Kislaychd
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Kislaychd
TH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH sniffers
th3prodevelopper
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
Vi Tính Hoàng Nam
S nandakumar
S nandakumar
IPPAI
Hacking3e ppt ch04
Hacking3e ppt ch04
Skillspire LLC
Hacking3e ppt ch09
Hacking3e ppt ch09
Skillspire LLC
Hacking3e ppt ch06
Hacking3e ppt ch06
Skillspire LLC
TH3 Professional Developper CEH social engineering
TH3 Professional Developper CEH social engineering
th3prodevelopper
Web Application Security Session for Web Developers
Web Application Security Session for Web Developers
Krishna Srikanth Manda
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
File000154
File000154
Desmond Devendran
File000146
File000146
Desmond Devendran
Phishing
Phishing
Naval OPSEC
Hacking3e ppt ch01
Hacking3e ppt ch01
Skillspire LLC
Computer security
Computer security
Dhani Ahmad
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
Hacking3e ppt ch15
Hacking3e ppt ch15
Skillspire LLC
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
Ramsés Gallego
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?
East Midlands Cyber Security Forum
Hacking3e ppt ch13
Hacking3e ppt ch13
Skillspire LLC
Module 3 social engineering-b
Module 3 social engineering-b
BbAOC
Module0&1 intro-foundations-b
Module0&1 intro-foundations-b
BbAOC
Module4 policies&procedures-b
Module4 policies&procedures-b
BbAOC
Más contenido relacionado
La actualidad más candente
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
Vi Tính Hoàng Nam
S nandakumar
S nandakumar
IPPAI
Hacking3e ppt ch04
Hacking3e ppt ch04
Skillspire LLC
Hacking3e ppt ch09
Hacking3e ppt ch09
Skillspire LLC
Hacking3e ppt ch06
Hacking3e ppt ch06
Skillspire LLC
TH3 Professional Developper CEH social engineering
TH3 Professional Developper CEH social engineering
th3prodevelopper
Web Application Security Session for Web Developers
Web Application Security Session for Web Developers
Krishna Srikanth Manda
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
File000154
File000154
Desmond Devendran
File000146
File000146
Desmond Devendran
Phishing
Phishing
Naval OPSEC
Hacking3e ppt ch01
Hacking3e ppt ch01
Skillspire LLC
Computer security
Computer security
Dhani Ahmad
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
Hacking3e ppt ch15
Hacking3e ppt ch15
Skillspire LLC
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
Ramsés Gallego
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?
East Midlands Cyber Security Forum
Hacking3e ppt ch13
Hacking3e ppt ch13
Skillspire LLC
Module 3 social engineering-b
Module 3 social engineering-b
BbAOC
La actualidad más candente
(20)
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
S nandakumar
S nandakumar
Hacking3e ppt ch04
Hacking3e ppt ch04
Hacking3e ppt ch09
Hacking3e ppt ch09
Hacking3e ppt ch06
Hacking3e ppt ch06
TH3 Professional Developper CEH social engineering
TH3 Professional Developper CEH social engineering
Web Application Security Session for Web Developers
Web Application Security Session for Web Developers
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
File000154
File000154
File000146
File000146
Phishing
Phishing
Hacking3e ppt ch01
Hacking3e ppt ch01
Computer security
Computer security
Funsec3e ppt ch03
Funsec3e ppt ch03
Hacking3e ppt ch15
Hacking3e ppt ch15
Funsec3e ppt ch05
Funsec3e ppt ch05
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
Cyber Crime - Who do you call?
Cyber Crime - Who do you call?
Hacking3e ppt ch13
Hacking3e ppt ch13
Module 3 social engineering-b
Module 3 social engineering-b
Destacado
Module0&1 intro-foundations-b
Module0&1 intro-foundations-b
BbAOC
Module4 policies&procedures-b
Module4 policies&procedures-b
BbAOC
Module6 secure internet-b
Module6 secure internet-b
BbAOC
Module7 wireless security-b
Module7 wireless security-b
BbAOC
Module5 desktop-laptop-security-b
Module5 desktop-laptop-security-b
BbAOC
Executive Information Security Training
Executive Information Security Training
Angela Samuels
Apresent Slide Share
Apresent Slide Share
EducPaz
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Stanford GSB Corporate Governance Research Initiative
Destacado
(8)
Module0&1 intro-foundations-b
Module0&1 intro-foundations-b
Module4 policies&procedures-b
Module4 policies&procedures-b
Module6 secure internet-b
Module6 secure internet-b
Module7 wireless security-b
Module7 wireless security-b
Module5 desktop-laptop-security-b
Module5 desktop-laptop-security-b
Executive Information Security Training
Executive Information Security Training
Apresent Slide Share
Apresent Slide Share
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Similar a Module 2 threats-b
csa2014 IBC
csa2014 IBC
apyn
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Tripwire
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
New England Direct Marketing Association, Inc.
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
Nick Chandi
You think you are safe online. Are You?
You think you are safe online. Are You?
TechGenie
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Mark Evertz
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. online
SumanPramanik7
Information cyber security
Information cyber security
SumanPramanik7
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
Shawon Raffi
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
Egyptian Engineers Association
Computer Security Presentation
Computer Security Presentation
PraphullaShrestha1
Cybersecurity Training
Cybersecurity Training
WindstoneHealth
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
sanap6
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
instaeditz009
Cyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
ppt pdf ajay.pdf
ppt pdf ajay.pdf
AmolKumarPandey2
Online reputation
Online reputation
Eslam Mohammed
Internet security powerpoint
Internet security powerpoint
Arifa Ali
Internet security powerpoint
Internet security powerpoint
Arifa Ali
Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė
Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė
TEO LT, AB
Similar a Module 2 threats-b
(20)
csa2014 IBC
csa2014 IBC
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
Data security best practices for risk awareness and mitigation
Data security best practices for risk awareness and mitigation
You think you are safe online. Are You?
You think you are safe online. Are You?
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. online
Information cyber security
Information cyber security
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
Computer Security Presentation
Computer Security Presentation
Cybersecurity Training
Cybersecurity Training
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
Cybersecurity Awareness Overview.pptx
Cyber crime and cyber security
Cyber crime and cyber security
ppt pdf ajay.pdf
ppt pdf ajay.pdf
Online reputation
Online reputation
Internet security powerpoint
Internet security powerpoint
Internet security powerpoint
Internet security powerpoint
Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė
Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė
Module 2 threats-b
1.
Module
2 Module 2 Security Threats & Attacks © 2010 – Foreground Security. All rights reserved
2.
Issues & Threats •
Phishing • Social Engineering • Viruses, Worms • Spyware, Malware, Adware, Rootkits • Trojan Horses • Dos, DDos • ID Theft • Botnets • Non-compliance • Password Cracking • Day-Zero Exploits • Vulnerabilities, time-to-break © 2010 Foreground Security. All rights reserved
3.
Identity Theft Every 5
seconds a thief steals someone's identity and goes shopping. IC3 receives over 164,000 complaints annually with estimated $54 Billion in losses to individuals Complaints originate from over 100 countries Violations include auction fraud, international fraud, non-delivery. Many originate in Eastern Europe and Asia Identity Theft was the top consumer complaint to FTC © 2010 Foreground Security. All rights reserved
4.
What Is Identity
Theft • Acquisition of key pieces of identifying information for the purpose of impersonation. Identifying information: Name Address Date of Birth Social Security Number Mother’s Maiden Name Credit Card Number ATM PIN’s Bank Account Numbers © 2010 Foreground Security. All rights reserved
5.
Identity Theft –
How They Do It High and Low Technology • Shoulder surfing at ATMs • Stealing your mail • Dumpster diving • Utilizing corrupt employees • Creating counterfeit checks • Phishing (E-mail, Websites, Pop-ups) • Key Loggers, Sniffers, In-Secure Protocols © 2010 Foreground Security. All rights reserved
6.
© 2010 Foreground
Security. All rights reserved
7.
Example © 2010 Foreground
Security. All rights reserved
8.
Examples • Recent Incidents
– University compromises • Student information (Princeton U. Student acceptance database) – DSW Shoe Warehouse – 1.4 Million Names – Card Processing Systems – 40 Million ID’s – Bank of America – 1.2 Million Government Employees – ChoicePoint – 4,145,000 Names – CitiFinancial – 3.9 Million Names • Missing backup tape • One in 700 crimes leads to a conviction • Maxus Case: • Stole 300,000 credit card numbers • Attempted a $100,000 extortion • Offered 25,000 credit cards numbers on website © 2010 Foreground Security. All rights reserved Page 8
9.
© 2010 Foreground
Security. All rights reserved
10.
Phishing © 2010 Foreground
Security. All rights reserved
11.
© 2010 Foreground
Security. All rights reserved
12.
E-mail Header (Right-click
> Options) • Return-Path: <service@paypal.com> • Delivered-To: dave@cyberspann.com • Received: (qmail 72719 invoked by uid 12281); 22 Jul 2005 21:59:18 -0000 • Received: from unknown (HELO in8.prserv.net) ([32.97.166.48]) • (envelope-sender <service@paypal.com>) • by 198.63.47.249 (qmail-ldap-1.03) with SMTP • for <dave@cyberspann.com>; 22 Jul 2005 21:59:18 -0000 • Received: from c-24-4-139-49.hsd1.ca.comcast.net ([24.4.139.49]) • by prserv.net (in8) with SMTP • id <200507222157461080g91o2he>; Fri, 22 Jul 2005 21:59:17 +0000 • X-Originating-IP: [24.4.139.49] • X-Message-Info: 8gux664qFXH/clQMpuoZweoHVdQ136Xk • Received: from 248.76.244.4 by 24.4.139.49; Fri, 22 Jul 2005 16:53:49 -0600 • Message-ID: <TJCYETCSBRXBIABFTGUIEFQP@us.paypal.com> • From: "PayPal Services" <service@paypal.com> • Reply-To: "PayPal Services" <service@paypal.com> • To: benney@attglobal.net • Subject: PayPal Account Suspended as of 07-22-2005 • Date: Sat, 23 Jul 2005 04:53:49 +0600 • X-Mailer: The Bat! (v1.52f) Business • MIME-Version: 1.0 • Content-Type: multipart/alternative; • boundary="--80953993190679285460" • X-Priority: 3 • Status: © 2010 Foreground Security. All rights reserved
13.
© 2010 Foreground
Security. All rights reserved
14.
© 2010 Foreground
Security. All rights reserved
15.
© 2010 Foreground
Security. All rights reserved
16.
© 2010 Foreground
Security. All rights reserved
17.
© 2010 Foreground
Security. All rights reserved
18.
Spear Phishing What is
a spear phishing scam? • Spear phishing describes any highly targeted phishing attack. Spear phishers send e-mail that appears genuine to all the employees or members within a certain company, government agency, organization, or group. • The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords. • The truth is that the e-mail sender information has been faked or "spoofed." Whereas traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to a company's entire computer system. • If you respond with a user name or password, or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, you might become a victim of identity theft and you might put your employer or group at risk. • Spear phishing also describes scams that target people who use a certain product or Web site. Essentially, scam artists will use any information they can to personalize a phishing scam to as specific a group as possible. • The good news is that you can help avoid spear phishing scams by using some of the same techniques you already use to help avoid standard phishing scams. © 2010 Foreground Security. All rights reserved
19.
Spear Phishing © 2010
Foreground Security. All rights reserved
20.
Defenses • Never reveal
personal or financial information in a response to an e-mail request, no matter who appears to have sent it. • If you receive an e-mail message that appears suspicious, call the person or organization listed in the From line before you respond or open any attached files. • Never click links in an e-mail message that requests personal or financial information. Enter the Web address into your browser window instead. • Report any e-mail that you suspect might be a spear phishing attack to the appropriate person within your company. © 2010 Foreground Security. All rights reserved
21.
“Phishing Attacks” • Active
Phishing Sites: 4/2006 = 2854 • Average Monthly Growth Rate – 7/2005 - 4/2006 = 15% • Number of Brands Hijacked = 79 – # of brands comprising top 80% of all attacks = 7 • Top Countries Hosting Phishing Sites = China, United States • Top Sector = Financial Services • Average Time On-line for site = 5.8 days – Antiphishing Working Group – www.antiphishing.org © 2010 Foreground Security. All rights reserved
22.
Viruses © 2010 Foreground
Security. All rights reserved
23.
Evolution of Viruses ©
2010 Foreground Security. All rights reserved
24.
Issues & Threats ©
2010 Foreground Security. All rights reserved
25.
What is a
worm? • Virus - a code segment which replicates by attaching copies to existing executables. – Self-replication – Requires a host program as a carrier – Activated by external action • Worm - a program which replicates itself and causes execution of the new copy. – Self-replication – Self-contained; does not require a host – Activated by hijacking or creating a process © 2010 Foreground Security. All rights reserved
26.
Worldwide Code Red
Infections 700,000 machines infected $2-2.9 billion in damage (Computer Economics) $200 million in damage per day during attacks © 2010 Foreground Security. All rights reserved
27.
VBSWG – VBS
Worm Generator © 2010 Foreground Security. All rights reserved
28.
Other Types of
Worms/Virus © 2010 Foreground Security. All rights reserved
29.
Trojans © 2010 Foreground
Security. All rights reserved
30.
Movie © 2010 Foreground
Security. All rights reserved
31.
Spyware, Adware © 2010
Foreground Security. All rights reserved
32.
Spyware, Adware, Rootkits,
Botnets © 2010 Foreground Security. All rights reserved
33.
Spyware © 2010 Foreground
Security. All rights reserved
34.
Movie © 2010 Foreground
Security. All rights reserved
35.
The Cost of
Spyware & Adware in the Enterprise For Businesses Real costs not quantifiable today © 2010 Foreground Security. All rights reserved
36.
Spyware, Adware © 2010
Foreground Security. All rights reserved
37.
Keystroke Loggers © 2010
Foreground Security. All rights reserved
38.
Spamming © 2010 Foreground
Security. All rights reserved
39.
Password Crackers © 2010
Foreground Security. All rights reserved
40.
Hack Methodology • 1:
Reconnaissance • 2: Scanning • 3: Gaining Access • 4: Maintaining Access/ Malicious Activity • 5: Covering Tracks © 2010 Foreground Security. All rights reserved
41.
Step 1:
Reconnaissance • “Casing the Joint” • Incredibly effective for attackers • Very Useful information obtained: – Names of System administrators and others – Phone numbers and postal addresses – Internet addresses for target machines – Technologies in use(DNS, E-mail, Web, Microsoft, SQL/Oracle, Versions) – Business Partnerships – More!! © 2010 Foreground Security. All rights reserved
42.
Low-Tech
Reconnaissance • Social engineering – Sensitive information over the phone or mail – Attacker can easily guess/get passwords • Physical Access – Simply walk through front door – Piggybacking – Network connectivity • Dumpster Diving © 2010 Foreground Security. All rights reserved
43.
Internet Searching • Whois
– – The “white pages” of the Internet, storing: – Technical, adminstrative, and billing contact names – Phone numbers and e-mail addresses – Domain Name Servers • Arin.net – IP Addresses • Google • Linked-In • Web Postings • Job Postings (Company or Individual) © 2010 Foreground Security. All rights reserved
44.
Internet © 2010 Foreground
Security. All rights reserved
45.
Step 2: Scanning •
Scanning looks for a way in – Holes in your armor • Often relies on automated tools – Manual checking takes too long • Why information security is hard: – Attacker must find one way in to achieve goal – You must defend all entry points © 2010 Foreground Security. All rights reserved
46.
Phase 2: Scanning •
War Dialing – THC Scan • War Driving – NetStumbler, Kismet, Airsnort • Network Mapping – CheopsNG, Winfingerpring • Port Scanning – Nmap, SuperScan • Vulnerability Scanning – Nessus, LanGuard, SAINT, ISS, Etc. © 2010 Foreground Security. All rights reserved
47.
Examples © 2010 Foreground
Security. All rights reserved
48.
Vulnerability Scanning • At
this point, the attacker knows which systems are available, how they are connected, and which ports are open • What are the vulnerabilities on the target systems? • Vulnerability scanning tools look for holes on the target – Misconfigurations – Unpatched systems with known vulnerabilities – Other weaknesses • By rapidly checking for thousands of known vulnerabilities, attacker can get in faster © 2010 Foreground Security. All rights reserved
49.
Vulnerability Scanning • Vulnerability
scanning tools consist of a database of known vulnerabilities, plus an engine to check if they are present on the target system(s) • Nessus is the best free, open-source scanner • www.nessus.org • LanGuard • www.gfi.com © 2010 Foreground Security. All rights reserved
50.
Hacking Examples • Languard •
Nessus © 2010 Foreground Security. All rights reserved
51.
© 2010 Foreground
Security. All rights reserved
52.
Phase 3: Gaining
Access • Attackers have many, many ways to gain access to a target network: – Breaking in physically – Manipulating poorly written software – Exploiting weak password storage mechanisms – Gathering data that is not properly encrypted or not encrypted at all (such as User Ids, passwords, confidential data) – Etc., etc, etc © 2010 Foreground Security. All rights reserved
53.
Step 3: Gaining
Access • Exploitation - METASPLOIT • Buffer Overflows - METASPLOIT © 2010 Foreground Security. All rights reserved
54.
Password
Cracking/Stealing • Easily steal or grab password representations – Guess – Brute force – Dictionary attacks • Tools – Windows - L0pht Crack, www.atstake.com – Unix – John the Ripper, www.openwall.com – Network Tools – Netscan, NetbiosAT © 2010 Foreground Security. All rights reserved
55.
Hacking Example
Hacking Demonstration © 2010 Foreground Security. All rights reserved
56.
Password Cracking
Defenses • Strong Password Policy – At least 10 characters, 60-90 days, special characters – User awareness • Multi-factor Authentication • Pro-active Password Auditing © 2010 Foreground Security. All rights reserved
57.
Step 4: Maintaining
Access • Trojan Horses • Rootkits • Malware • Spyware • RATs • Other © 2010 Foreground Security. All rights reserved
58.
Phase 4: Maintaining
Access • Once the attackers gain access, they don’t want to lose it! • They alter the system to ensure they can stay in • They utilize Trojan Horse and Backdoor techniques to.. – Hide their Presence on the system – Guarantee future access – Run programs when needed © 2010 Foreground Security. All rights reserved
59.
Trojan Horses &
Backdoors • Trojan Horses – Look like normal, happy software, but mask some sinister functionality – Example: fun game program through e- mail that runs program in background • Backdoors – Bypass security controls giving attacker access – Example: “Joshua” password in “War Games” movie • Allowed complete access to computer © 2010 Foreground Security. All rights reserved
60.
Hacking Examples • Example
of a Trojan Horse © 2010 Foreground Security. All rights reserved
61.
Phase 5: Covering
the Tracks • Once inside your systems, attackers don’t want to get caught (most times) • They use large numbers of techniques to hide – Rootkits, All-in-one tools – Hiding files, processes, and network usage • Tools/techniques – Clearing Logs – Hiding Files and directories – Hiding ©on Foreground Security. All rights Covert Channels 2010 the network – reserved
62.
Log Files • Tools
to clear or Edit Log files to hide activity • Winzapper – Edit NT Log files • Clearlogs – Clear remote log files • Many More © 2010 Foreground Security. All rights reserved
63.
Hiding Files/Directories • NT/2003/XP
use NTFS – NTFS offers access controls and other security tools • File streaming – every filename is like a chest of drawers, the top drawer contains the contents of the file. • NTFS Alternate Data Streams – other drawer can be created to store data “under” original file • Defenses: – Virus Protection – LADS (List Alternate Data Streams) © 2010 Foreground Security. All rights reserved www.heysoft.de
Descargar ahora