Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain

Slides:



Advertisements
Similar presentations
Nathan Labadie Systems Engineer, US-Central FireEye
Advertisements

and Mitigations Brady Bloxham
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Breaking Kill Chains A “How To” Guide for SecurityCenter.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Advanced Persistent Threats CS461/ECE422 Spring 2012.
Botnets An Introduction Into the World of Botnets Tyler Hudak
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,
Cyber Crime Tanmay S Dikshit.
APT29 HAMMERTOSS Jayakrishnan M.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
1 Operating Systems Security. 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Host and Application Security Lesson 17: Botnets.
Advanced Persistent Threats (APT) Sasha Browning.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Presented by D Callahan.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 3 Network Security Threats Chapter 4.
 Mal icious soft ware  Programs that violate one (or more) of the IA pillars  Does not (generally) refer to unintentional program bugs that violate.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Understanding and breaking the cyber kill chain
AP CSP: Cybercrime.
Proactive Incident Response
Botnets A collection of compromised machines
Abusing 3rd-Party Services For Command And Control
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Ilija Jovičić Sophos Consultant.
Cyber intelligence made easy.
Chapter 7: Identifying Advanced Attacks
A lustrum of malware network communication: Evolution & insights
Malware Reverse Engineering Process
Public Facilities and Cyber Security
Secure Software Confidentiality Integrity Data Security Authentication
EN Lecture Notes Spring 2016
Intelligence Driven Defense, The Next Generation SOC
Malware Reverse Engineering Process
Active Cyber Security, OnDemand
TOPIC 8 ADVANCED PERSISTENT THREAT (APT) 進階持續性滲透攻擊
Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.
Conquering all phases of the attack lifecycle
ADVANCED PERSISTENT THREATS (APTs) - Simulation
Incident Detection and Response
Botnets A collection of compromised machines
Jon Peppler, Menlo Security Channels
Cyber Threat Landscape
NET 311 Information Security
Presenter: Jim White from Fortinet
Cyber intelligence made easy.
Risk of the Internet At Home
Secure Browsing Because malware usually doesn’t identify itself.
Professional Malware is Unstoppable
The Next Generation Cyber Security in the 4th Industrial Revolution
Chapter 4: Protecting the Organization
Botnets Usman Jafarey Including slides from The Zombie Roundup by Cooke, Jahanian, McPherson of the University of Michigan.
Houston Code Wars Bob Moore March 2, 2019 WWAS 2019 | Confidential.
Presentation transcript:

Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain Tarun Yadav & Rao Arvind Mallari DRDO, Ministry of Defense, INDIA Third International Symposium on Security in Computing and Communications (SSCC-2015), 11th August 2015, SCMS Kochi, India

Introduction Why Cyber Kill Chain? What is Cyber Kill Chain Model? Attacker’s View and Actions APTs, Cyber Espionage Attack Attacker Reconnaissance Weaponize Delivery Target System Exploitation Installation Command & Control Interaction Act on Objective

Reconnaissance Methodologies: Target Identification and Selection Target Profiling Target Validation Network & System Configuration Active Passive Types: Passive Reconnaissance Active Reconnaissance

Weponize Exploits for: PDF, DOC, PPT, MP3, Video Player Software Bugs Vulnerabilities Exploits Exploits for: PDF, DOC, PPT, MP3, Video Player Attack Attacker Reconnaissance Weaponize Delivery Exploit Payload (RAT) Target System Exploitation Installation Command & Control Interaction Server Client Act on Objective File Download/Upload Keystrokes Capture Screen/Webcam Capture Propagation in network Standalone or Modular

Delivery Information from Reconnaissance is used to increase affinity Delivery Methods Email Attachments Phishing Attacks Drive By Downloads USB/Removable Media DNS Cache Poisoning

Exploitation AV Run Time Detection Static Detection IDS,IPS, Firewall Attack Attacker Reconnaissance Weaponize Delivery Static Detection Target System Exploitation Precondition to Exploit: Must use Vulnerable Software Software should not be Updated Software should not be Not Upgraded Installation Command & Control Interaction Act on Objective AV Run Time Detection (Heuristic and Behavioral Detection)

Installation Dropper Downloader Persistent, Stealthy and Non Attributable Installation Anti-Debugger and Anti-Emulation Anti-AntiVirus Rootkit and Bootkits Targeted Delivery Host-Based Encrypted Data Exfiltration Dropper: The payload is already present at the system in some obfuscated form. Injector if the dropped binary is only done in memory. Downloader: 2 stage process with a stub that initially runs at the target. On successful execution of the stub, the stub contacts the server and downloads a piece of malware and runs it.

Command & Control Act on Objective Centralized, Decentralized and Social Network based architectures Unobservable Communication Channel IRC, TCP, HTTP, FTP, TOR etc. Avoiding C&C server Detection DNS Fast Flux, DNS as Medium, Domain Generation Algorithms(DGA) Targeted Attack - Ex-filtrating secret information, Disruption of critical Infrastructure, State sponsored espionage Mass Attack – User Credentials, Financial Frauds, DDoS Attacks, BOTNets Act on Objective

Conclusion Presented Attacker’s Perspective Trends of attackers in each level Seeing to the future, a defense in depth strategy based on cyber kill chain is to be envisioned. Reconnaissance Weaponize Delivery Target System Exploitation Installation Command & Control Interaction Act on Objective

Thank You Contact: arvindrao@hqr.drdo.in tarunyadav@hqr.drdo.in Doubts or Questions?? Contact: arvindrao@hqr.drdo.in tarunyadav@hqr.drdo.in

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.