Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Crime Tanmay S Dikshit.

Published byFay Barrett Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber Crime Tanmay S Dikshit."— Presentation transcript:

1 Cyber Crime Tanmay S Dikshit

2

3 Stage 1 Reconnaissance Finding out about the target
Scan a well known site and find the hosts around it (Port Scan) Use of Botnets Stage 1 Reconnaissance

4 Stage 2 Weaponization Target a specific or a group of targets
Exploit a vulnerability Target a specific site Stage 2 Weaponization

5 Stage 3 Delivery Infect a document to send via Email
Infect a website with a malware Use stolen or default credentials Identify flaws in exposed software Stage 3 Delivery

6 Stage 4 Exploitation Exploit Software
Remote stream of packets to exposed host Stage 4 Exploitation

7 Stage 5 Installation Payload executes and continues to execute.
Registry key that starts the software. Stage 5 Installation

8 Stage 6 Command and Control
Attack may carry out action for long time Payload may provide long term source of intelligence Stage 6 Command and Control

9 Stage 7 Actions Depends on motives of attacker Defacement
Information theft Money Theft Stage 7 Actions

10

11 Case Study Lockheed Martin- Computer Incident Response Team (LM-CIRT) March 2009 3 intrusions Common Advanced Persistent Threat tactic Use of Targeted malicious

12 Case Study LM-CIRT March 2009
APT tactic: A suspicious attachment About: American Institute of Aeronautics and Astronautics (AIAA) conference. Sender: Authorized employee Receiver: Only 5 users

13 Intrusion 1 Email Header
Received: (qmail invoked by uid 60001); Tue, 03 Mar :01: Received: from [60.abc.xyz.215] by web53402.mail.re2.yahoo.com via HTTP; Tue, 03 Mar :01: (PST) Date: Tue, 03 Mar :01: (PST) From: Anne E... Subject: AIAA Technical Committees To: [REDACTED] Reply-to: Message-id: MIME-version: 1.0 X-Mailer: YahooMailWebService/ Content-type: multipart/mixed; boundary= "Boundary_(ID_Hq9CkDZSoSvBMukCRm7rsg)” X-YMail-OSG: Please submit one copy (photocopies are acceptable) of this form, and one copy of nominee's resume to: AIAA Technical Committee Nominations, 1801 Alexander Bell Drive, Reston, VA Fax number is 703/ Form can also be submitted via our web site at Inside AIAA, Technical Committees Header Intrusion 1

14 Intrusion 1 The email contained a pdf file which was actually:
a benign PDF and a Portable Executable (PE) backdoor installation file. encrypted using a trivial algorithm with an 8-bit key stored in the exploit shellcode. On Installation: C:\Documents and Settings\[username]\Local Settings\fssm32.exe Opens the benign pdf The pdf is same as what was available on AIAA website at The attack Intrusion 1

15 Intrusion 1

16 Intrusion 2 Email Header
Received: (qmail invoked by uid 60001); 4 Mar :35: Message-ID: Received: from [216.abc.xyz.76] by web53411.mail.re2.yahoo.com via HTTP; Wed,04 Mar :35:20 PST X-Mailer: YahooMailWebService/ Date: Wed, 4 Mar :35: (PST) From: Anne E... Reply-To: Subject: 7th Annual U.S. Missile Defense Conference To: [REDACTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=" =:97248" Welcome to the 7th Annual U.S. Missile Defense Conference Header Intrusion 2

17 Intrusion 2 The email contained a pdf file which was actually:
a benign PDF MDA_Prelim_2.pdf and a Portable Executable (PE) backdoor installation file. encrypted using a trivial algorithm with an 8-bit key stored in the exploit shellcode. On Installation: C:\Documents and Settings\[username]\Local Settings\fssm32.exe Opens the benign pdf The pdf is same as what was available on AIAA website at The attack Intrusion 2

18 Intrusion 2

19 Intrusion 3 Email Header
Received: (qmail invoked by uid 1000); Mon, 23 Mar :14: Received: (qmail invoked by uid 60001); Mon, 23 Mar :14: Received: from [216.abc.xyz.76] by web43406.mail.sp1.yahoo.com via HTTP; Mon, 23 Mar :14: (PDT) Date: Mon, 23 Mar :14: (PDT) From: Ginette C... Subject: Celebrities Without Makeup To: [REDACTED] Message-id: MIME-version: 1.0 X-Mailer: YahooMailClassic/ YahooMailWebService/ Content-type: multipart/mixed; boundary="Boundary_(ID_DpBDtBoPTQ1DnYXw29L2Ng)" < body blank> Header Intrusion 3

20 Intrusion 3 The email contained a powerpoint file which was actually:
a malicious power-point file exploiting a Microsoft zero-day exploit Exploit was publicly acknowledged after 10 days Microsoft released a patch after a month The attack Intrusion 3

21 Intrusion 3

22 Cyber Security Intelligence-Driven Computer Network Defense
Adversary Campaigns Analysis Intrusion Kill Chains

Download ppt "Cyber Crime Tanmay S Dikshit."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (www.symantec.com)www.symantec.com

The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
! Importance: High BancorpSouth Inview IMPORTANT SECURITY NOTICE All Users - Must Accept New Digital Security Certificate 2007 (Security ISO 27001 Certification.

! Importance: High BancorpSouth Inview IMPORTANT SECURITY NOTICE All Users - Must Accept New Digital Security Certificate 2007 (Security ISO Certification.
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
Advanced Persistent Threats CS461/ECE422 Spring 2012.

Advanced Persistent Threats CS461/ECE422 Spring 2012.
eScan Total Security Suite with Cloud Security

eScan Total Security Suite with Cloud Security
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Introduction to Computer Ethics

Introduction to Computer Ethics
 a crime committed on a computer network, esp. the Internet.

 a crime committed on a computer network, esp. the Internet.

Similar presentations

Ads by Google