Scribd Logo
Upload

Welcome to Scribd!

  • 35 views

    Cyber Security-Attack Life Cycle

    Uploaded by

    Hdi
    1) Hackers begin by performing external reconnaissance such as scanning social networks, conferences, or calling help desks to gather information. 2) They then breach systems through techniques like phishing, exploiting vulnerabilities, or using infected USB drives to gain access and escalate privileges. 3) Once inside, attackers establish command and control channels using methods like legitimate HTTP traffic or domain generation algorithms to receive instructions and exfiltrate data without detection. 4) The attackers then perform internal reconnaissance by port scanning to move laterally through the network and spread malware.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Cyber Security-Attack Life Cycle

    Uploaded by

    Hdi
    35 views22 pages
    1) Hackers begin by performing external reconnaissance such as scanning social networks, conferences, or calling help desks to gather information. 2) They then breach systems through techniques like phishing, exploiting vulnerabilities, or using infected USB drives to gain access and escalate privileges. 3) Once inside, attackers establish command and control channels using methods like legitimate HTTP traffic or domain generation algorithms to receive instructions and exfiltrate data without detection. 4) The attackers then perform internal reconnaissance by port scanning to move laterally through the network and spread malware.

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    1) Hackers begin by performing external reconnaissance such as scanning social networks, conferences, or calling help desks to gather information. 2) They then breach systems through techniques like phishing, exploiting vulnerabilities, or using infected USB drives to gain access and escalate privileges. 3) Once inside, attackers establish command and control channels using methods like legitimate HTTP traffic or domain generation algorithms to receive instructions and exfiltrate data without detection. 4) The attackers then perform internal reconnaissance by port scanning to move laterally through the network and spread malware.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    35 views22 pages

    Cyber Security-Attack Life Cycle

    Uploaded by

    Hdi
    1) Hackers begin by performing external reconnaissance such as scanning social networks, conferences, or calling help desks to gather information. 2) They then breach systems through techniques like phishing, exploiting vulnerabilities, or using infected USB drives to gain access and escalate privileges. 3) Once inside, attackers establish command and control channels using methods like legitimate HTTP traffic or domain generation algorithms to receive instructions and exfiltrate data without detection. 4) The attackers then perform internal reconnaissance by port scanning to move laterally through the network and spread malware.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    You are on page 1of 22

    Cyber Security-Attack Life

    Cycle
    Dr. Bhawana Rudra
    NITK
    Disclaimer: The images and Information has been
    used from various resources of the web.
    Network Security Principles
    TYPES OF CYBER CRIME
    HACKING :- Hacking in simple terms means an illegal
    intrusion info a computer system and/or network . It is
    also known as CRACKING. Government websites are
    the hot target of the hackers due to the press coverage,
    it receives.
    Hackers enjoy the media coverage. Motive behind the
    crime called HACKERS Motive behind the crime
    called hacking greed power, publicity, revenge,
    adventure desire to access forbidden information
    destructive mindset wants to sell n/w security services.
    CHILD PORNOGRAPHY : The Internet is being highly used
    by its abusers to reach and abuse children sexually,
    worldwide. As more homes have access to internet, more
    children would be using the internet and more are the
    chances of falling victim to the aggression of Pedophiles.

    How Do They Operate :

    How do they operate Pedophiles use false identity to trap the


    children , Pedophiles connect children in various chat rooms
    which are used by children to interact with other children
     DENIAL OF SERVICE ATTACKS : This is an act by the criminals who floods the
    bandwidth of the victims network or fills his E-mail box with spam mail
    depriving him of the service he is entitled to access or provide. Many DOS
    attacks, such as the ping of death and Tear drop attacks.
     VIRUS DISSMINITION : Malicious software that attaches itself to other
    software. VIRUS , WORMS, TROJAN HORSE ,WEB JACKING, E-MAIL
    BOMBING etc.
     COMPUTER VANDALISM : Damaging or destroying data rather than stealing
    or misusing them is called cyber vandalism. These are program that attach
    themselves to a file and then circulate.
    CYBER TERRORISM : Terrorist attacks on the Internet
    is by distributed denial of service attacks, hate
    websites and hate E-mails , attacks on service network
    etc.
    SOFTWARE PIRACY : Theft of software through the
    illegal copying of genuine programs or the
    counterfeiting and distribution of products intended
    to pass for the original.
    Attack Life-Cycle
    External Recon
     Social Networking
     Conferences
    Call Help Desk or Admin
    External Scans
    Buy Information/Tools in Black Market
    Breach: Penetration. Privilege escalation.
    Obfuscation.
    Phishing & spear phishing
    Vulnerability exploit
    Social Engineering
    Infected USB drive
    Compromised credentials
    Autorun
    Process Injection
    Process Injection
    Running another procedure as a thread inside another
    process
     Evasion
     Reading host process memory
     Affecting host process behavior
    Command & Control
    Operation. Exfiltration.
     Legitimate HTTP
     Legitimate DNS request
     Fust Flux
     TOR
     Facebook / Twitter / YouTube comments
     Domain Generation Algorithm
    Command & Control
    Domain generation algorithm
     Regular C&C servers can be blacklisted and firewalled
     DGA is generating a daily domain list (1000’s of domains)
     Malware tries to resolve each one of those random domains.
     The attack (who created the algorithm) knows which domains
    will be generated.
     Once a certain C&C domain is blocked, attacker can select one
    of the daily generated domains, register it and continue his
    endeavors.
    DGA
    Recon Scanning
    ARP scanning
     SYN scanning – ("half-open scanning“)
    FYN scanning
    Port scanning
    Reconnaissance
    Port Scanning
    Services are using ports to communicate (HTTP = 80,
    DNS = 53, etc.)
    When an attacker gets a foothold on a computer, he
    needs to move around the organization.
    The attacker scans the subnet to find exposed and
    exploitable services on other computers and platforms.
    Once an open port is found, further exploitation occurs.
    Spread
    Lateral movement - Legitimate tools used maliciously
    Pass The Hash/Ticket
     Shares
     PSExec
    Spread
    PSEXEC - Legitimate tools used maliciously
    A legitimate tool by Microsoft.
    Commonly used by IT professionals
    Allows to run a process on a remote machine
    interactively.
    Attackers use that technique to spread their malware
    through an entire network.
    Lateral Movement
    Damage. Business. Money. Physical

    You might also like