Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain

Published byGervase Ellis Modified over 7 years ago

Similar presentations

Presentation on theme: "Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain"— Presentation transcript:

1 Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain
Tarun Yadav & Rao Arvind Mallari DRDO, Ministry of Defense, INDIA Third International Symposium on Security in Computing and Communications (SSCC-2015), 11th August 2015, SCMS Kochi, India

2 Introduction Why Cyber Kill Chain? What is Cyber Kill Chain Model?
Attacker’s View and Actions APTs, Cyber Espionage Attack Attacker Reconnaissance Weaponize Delivery Target System Exploitation Installation Command & Control Interaction Act on Objective

3 Reconnaissance Methodologies: Target Identification and Selection
Target Profiling Target Validation Network & System Configuration Active Passive Types: Passive Reconnaissance Active Reconnaissance

4 Weponize Exploits for: PDF, DOC, PPT, MP3, Video Player Software Bugs
Vulnerabilities Exploits Exploits for: PDF, DOC, PPT, MP3, Video Player Attack Attacker Reconnaissance Weaponize Delivery Exploit Payload (RAT) Target System Exploitation Installation Command & Control Interaction Server Client Act on Objective File Download/Upload Keystrokes Capture Screen/Webcam Capture Propagation in network Standalone or Modular

5 Delivery Information from Reconnaissance is used to increase affinity
Delivery Methods Attachments Phishing Attacks Drive By Downloads USB/Removable Media DNS Cache Poisoning

6 Exploitation AV Run Time Detection Static Detection
IDS,IPS, Firewall Attack Attacker Reconnaissance Weaponize Delivery Static Detection Target System Exploitation Precondition to Exploit: Must use Vulnerable Software Software should not be Updated Software should not be Not Upgraded Installation Command & Control Interaction Act on Objective AV Run Time Detection (Heuristic and Behavioral Detection)

7 Installation Dropper Downloader
Persistent, Stealthy and Non Attributable Installation Anti-Debugger and Anti-Emulation Anti-AntiVirus Rootkit and Bootkits Targeted Delivery Host-Based Encrypted Data Exfiltration Dropper: The payload is already present at the system in some obfuscated form. Injector if the dropped binary is only done in memory. Downloader: 2 stage process with a stub that initially runs at the target. On successful execution of the stub, the stub contacts the server and downloads a piece of malware and runs it.

8 Command & Control Act on Objective
Centralized, Decentralized and Social Network based architectures Unobservable Communication Channel IRC, TCP, HTTP, FTP, TOR etc. Avoiding C&C server Detection DNS Fast Flux, DNS as Medium, Domain Generation Algorithms(DGA) Targeted Attack - Ex-filtrating secret information, Disruption of critical Infrastructure, State sponsored espionage Mass Attack – User Credentials, Financial Frauds, DDoS Attacks, BOTNets Act on Objective

9 Conclusion Presented Attacker’s Perspective
Trends of attackers in each level Seeing to the future, a defense in depth strategy based on cyber kill chain is to be envisioned. Reconnaissance Weaponize Delivery Target System Exploitation Installation Command & Control Interaction Act on Objective

10 Thank You Contact: arvindrao@hqr.drdo.in tarunyadav@hqr.drdo.in
Doubts or Questions?? Contact:

Download ppt "Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain"

Similar presentations

Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
and Mitigations Brady Bloxham

and Mitigations Brady Bloxham
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Breaking Kill Chains A “How To” Guide for SecurityCenter.

Breaking Kill Chains A “How To” Guide for SecurityCenter.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.

Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Advanced Persistent Threats CS461/ECE422 Spring 2012.

Advanced Persistent Threats CS461/ECE422 Spring 2012.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,

Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,
Cyber Crime Tanmay S Dikshit.

Cyber Crime Tanmay S Dikshit.
APT29 HAMMERTOSS Jayakrishnan M.

APT29 HAMMERTOSS Jayakrishnan M.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
1 Operating Systems Security. 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf.

1 Operating Systems Security. 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf.

Similar presentations

Ads by Google