Copyright 2014 NTT corp. All Rights Reserved.
|
|
- Norma O’Brien’
- 6 years ago
- Views:
Transcription
1
2 Credential Honeytoken for Tracking Web-based Attack Cycle Mitsuaki Akiyama NTT Secure Platform Laboratories / NTT-CERT
3 Who I am Mitsuaki Akiyama Security Researcher (Ph.D) Research interests: honeypots, malware analysis, exploit analysis Developer of various types of honeypots NTT Secure Platform Laboratories / NTT-CERT
4 Outline Background: web-based attack cycle Honeytoken Preliminary investigation: information leaking malware Proposed system Experimental results Summary and conclusion
5 Outline Background: web-based attack cycle Honeytoken Preliminary investigation: information leaking malware Proposed system Experimental results Summary and conclusion
6 Web-based attack cycle Malware infection Compromised websites Credential leakage
7 Web-based attack cycle detail 1. Access Web Web user / server administrator Web server / content management system 5. Access web 2. Infect with malware 3. Leak credentials Credential Credential 4. Compromise web content 6. Redirect to malicious website Malicious website Adversary 7. Infect with malware Malicious website Other web user Our proposal: honeytoken based observation
8 Outline Background: web-based attack cycle Honeytoken Preliminary investigation: information leaking malware Proposed system Experimental results Summary and conclusion
9 What is a Honeytoken? Honeypot: decoy system resource Honeytoken: not computer system; resource-centric honeypot Bait office document Bait database entry Bait credential Username Password honey 123abc Studies on credential honeytokens Phishing Phisher [ICIMP2007], Anti-phishing framework [ecrime2009], BotSwindler [RAID2010] Leakage Victim Honeytoken Service Usage Honeytoken Adversary
10 Our approach Chain each attack phase on web-based attack cycle leak honeytokens monitor usages of honeytokens analyze drive-by downloads on compromised websites integrate each method into our system for automatic observation Sources of malware infection Victim Leakage Honeytoken Usages for secondary attacks Drive by download Attack cycle Usage Service Honeytoken Adversary
11 Outline Background: web-based attack cycle Honeytoken Preliminary investigation: information leaking malware Proposed system Experimental results Summary and conclusion
12 Client applications targeted for stealing credentials Analyzing malware on sandbox Malware executables from the web Various kinds of malware read configuration files of applications without user s permission FTP client: 24 kinds IM client: 3 kinds Mail client: 4 kinds Web authoring tool : 2 kinds Web browser: 6 kinds Other: 14 kinds Malware sandbox Malware executable e.g., C: Program Files BPFTP Default.bps Credential is described
13 Outline Background: web-based attack cycle Honeytoken Preliminary investigation: information leaking malware Proposed system Experimental result Summary and conclusion
14 Observation system and procedure Client honeypot Web space Step 4. Inspect compromised web content Malware sandbox Web Content Management System (WCMS) honeypot Step 1. Collect malware Step 2. Leak bait credentials Honeytoken Step 3. Observe compromising Honeytoken Malicious websites Adversary s host Adversary s host Honeytoken Honeytoken Honeytoken Adversary
15 Step 1. Collect malware Client honeypot crawls seed URLs and collects malware public blacklists and general websites drive-by download and click-download executables Client honeypot 1. Crawl web space. Malicious website 2. Detect exploit and collect information. 3. Send collected malware. Web space Malware pool
16 Step 2. Leak bait credential Malware pool 2. Execute malware on sandbox. 1. Set bait credential (honeytoken) for each analysis. 3. Steal credential. User name Password Server Generate unique bait credential in each malware analysis. honey 123abc 4. Send stolen credential if malware has info leak functionality. honey.example.com i.e., FTP client s configuration file Malware sandbox on Windows OS Adversary s host Possible to identify malware with information-leaking functionality at moment of using honeytoken
17 Step 3. Observe compromising WCMS honeypot deploys bogus web content (HTML, JS, CGI) CMS packages and original files used as bait Expected that web content will be compromised by an adversary e.g., injecting redirect code leading to exploit sites WCMS Honeypot 3. Collect compromised files User A s home directory Bogus directory Bogus file Bogus file User B User C Manager 2. Collect access log FTPd Honeytoken Adversary s hosts
18 Step 4. Inspect compromised web content Client honeypot 1. Inspect WCMS honeypot Compromised web contents Redirect code 3. Output 2. Redirect Unknown malicious websites Unknown malware executables Web space Malicious website
19 Outline Background: web-based attack cycle Honeytoken Preliminary investigation: information leaking malware Proposed system Experimental results Summary and conclusion
20 Experimental setup and brief result Experimental period Mar to Feb (about one year) Seed URLs Blacklist URLs (malwaredomainlist.com) and general public websites Compromised web content on WCMS honeypot was also used for seed. Crawling repeatedly at regular intervals (2 or 3 days) Collected malware Total 5,474 Brief result Successful observation of web-based attack cycle for over a year 4.1% of malware had a part in the web-based attack cycle. 900 malicious FQDNs, 10,420 malicious IP addresses; very small overlap between them and well-known blacklists
21 Basic control structure on adversary side A s credential Login history of our WCMS honeypot Timestamp Login IP (remote host) Accessed FTP account Control Adversary B s credential C s credential :20: uie :16: uie :35: klf43337 Bot PCs :34: klf :30: jxk34214 Login IP addresses and accounts have many to many relationship. Login User A User B User C WCMS honeypot
22 Graph structure of adversary groups Group A Multiple infected hosts? IP address of remote host Compromised FTP account Group B Group C Group D Group E Group F Group G Group H Group I Group J Group K Group L Group M Group N Group O Group P
23 Lifespans and activities of adversary groups
24 Compromised web content Injected code WCMS honeypot Obfuscated JavaScript iframe redirect code deobfuscate by client honeypot <iframe src= width= 10 style= visibility:hidden; position:absolute; left0; top:0; ></iframe> Exploit site URL
25 Redirection to exploit sites Injected redirect codes in compromised web content point to malicious websites (exploit sites). Redirect destinations (malicious websites) are frequently changed. By inspecting them, our system can discover new, unknown malicious websites without large-scale crawling. Compromised web content acts as landing site Injected redirect code to exploit site Redirect Malicious websites hosting exploit code (Exploit site) Victim
26 Exploit kit on exploit sites Well-known exploit kits observed by our system identified by manual analysis Heuristics to identify URL characteristics (path, fine name, URL parameter), redirect graph, content types, etc. Exploit kit # of IPs # of FQDNs Blackhole Redkit Phoenix Incognito Neosploit 19 7 Malicious websites hosting exploit code (Exploit site)
27 Multi-redirection via Traffic Direction System Traffic Direction System (TDS) used for cyber criminal activities (drive-by infection, drug trading, etc.) controls redirect destinations redirects a crawler to popular websites in order to conceal exploit sites Compromised web content performs as landing site TDS Exploit site Injected redirect code to TDS Redirect Redirect Victim Crawler Redirect Popular websites (e.g.,
28 TDSs deployed by adversary groups Group A IP address of remote host Compromised FTP account Group B TDS_A (Unknown) 9,476IPs, Group F 84 FQDNs Fast flux botnet? Group C Group G TDS_B 33 IPs, 525 Group FQDNs E
29 Evaluation: Blacklist overlap comparison Overlap between our obtained malicious entities and malicious IP addresses/fqdns on public blacklists Our obtained malicious entities Type of information Adversary IP (accessing FTP) # of IPs # of FQDNs 722 (n/a) TDS_A 9, TDS_B Blackhole Redkit Phoenix Incognito Neosploit 19 7 Public blacklists entities (registered in the same period of our experiment) Blacklists # of IPs # of FQDNs MalwareDomainList (MDL) 3,489 3,741 MalwarePatrol (MP) 5,457 6,425 UrlBlackList (UBL) 208, ,945 MalwareDomain- 3,009 13,212 BlackList (MDB) ZeusTracker (ZT) 1,672 1,971 CleanMX-viruses (CMX) 65,456 (n/a) Overlap comparison
30 IP address overlap Type of info. Collected MD L Adversary IP (accessing FTP) M P UB L MD B ZT CMX TDS_A 9, TDS_B Blackhole Redkit Phoenix Incognito Neosploit Total 10, / 10,420 = 4.5% overlap
31 FQDN overlap Type of info. Collected MD L Adversary IP (accessing FTP) M P UB L MD B ZT (n/a) (n/a) (n/a) (n/a) (n/a) (n/a ) CMX (n/a) TDS_A (n/a) TDS_B (n/a) Blackhole (n/a) Redkit (n/a) Phoenix (n/a) Incognito (n/a) Neosploit (n/a) Total (n/a) 155 / 900 = 17% overlap
32 Evaluation: Speed of malicious domain discovery In theory, our system can immediately discover malicious websites when they are used. Domain registration time Discovery latency Domain discovery time CDF Discovery latency (days) Almost all domains were discovered within 60 days (2 months) of their creation. Our discovery method is obviously faster than other blacklists.
33 Outline Background: web-based attack cycle Honeytoken Preliminary investigation: information leaking malware Proposed system Experimental results Summary and conclusion
34 Summary and conclusion Observation system based on credential honeytoken successfully tracks complicated web-based attack cycle Effectiveness Instantaneous discovery of malicious entities without requiring large-scale crawling Small overlap between obtained malicious entities and those registered in famous public blacklists Enhanced observation space Observation space is essentially different from conventional blacklisting approaches.
PhishEye: Live Monitoring of Sandboxed Phishing Kits. Xiao Han Nizar Kheir Davide Balzarotti
PhishEye: Live Monitoring of Sandboxed Phishing Kits Xiao Han Nizar Kheir Davide Balzarotti Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd
More informationJPCERT/CC Incident Handling Report [January 1, March 31, 2018]
JPCERT-IR-2018-01 Issued: 2018-04-12 JPCERT/CC Incident Handling Report [January 1, 2018 - March 31, 2018] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationBIG-IP DataSafe Configuration. Version 13.1
BIG-IP DataSafe Configuration Version 13.1 Table of Contents Table of Contents Adding BIG-IP DataSafe to the BIG-IP System...5 Overview: Adding BIG-IP DataSafe to the BIG-IP system... 5 Provisioning Fraud
More informationEXPLOIT KITS. Tech Talk - Fall Josh Stroschein - Dakota State University
EXPLOIT KITS Tech Talk - Fall 2016 Josh Stroschein - Dakota State University Delivery Methods Spam/Spear-phishing Delivery Methods Spam/Spear-phishing Office Documents Generally refer to MS office suite
More informationFinding the Linchpins of the Dark Web: A Study on Topologically Dedicated Hosts on Malicious Web Infrastructures
Finding the Linchpins of the Dark Web: A Study on Topologically Dedicated Hosts on Malicious Web Infrastructures Zhou Li, Indiana University Bloomington Sumayah Alrwais, Indiana University Bloomington
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationBest Practices for Scoping Infections and Disrupting Breaches
2017 SPLUNK INC. Best Practices for Scoping Infections and Disrupting Breaches Analytics-Driven Security Alain Gutknecht Staff SE alain@splunk.com 2017 SPLUNK INC. The Ever-Changing Threat Landscape 100%
More informationDetecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University
Detecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University 1 Outline Background Related Work Purpose Method Experiment Results Conclusion & Future Work 2
More informationSizing and Scoping ecrime
ICANN MEXICO CITY MARCH 5 TH, 2009 Sizing and Scoping ecrime Jeffrey R. Bedser President/COO The Internet Crimes Group Inc. ithreat Solutions Sophos: Downadup May Cause Friday the 13th / Southwest Airlines
More informationUnique Phishing Attacks (2008 vs in thousands)
The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half
More informationRSA FraudAction Intelligence A DECADE OF PHISHING. November 2016
RSA FraudAction Intelligence A DECADE OF PHISHING November 2016 TABLE OF CONTENTS Introduction... 3 How to Set up a Phishing Campaign... 3 Fundamentals... 3 How Does Phishing Work in the Real World?...
More information(Botnets and Malware) The Zbot attack. Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth
(Botnets and Malware) The Zbot attack Group 7: Andrew Mishoe David Colvin Hubert Liu George Chen John Marshall Buck Scharfnorth What Happened? Type of Attack Botnet - refers to group of compromised computers
More information3.5 SECURITY. How can you reduce the risk of getting a virus?
3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain
More informationANTIVIRUS SITE PROTECTION (by SiteGuarding.com)
ANTIVIRUS SITE PROTECTION (by SiteGuarding.com) USER GUIDE Version 0.1.0 1 Table of content 1. INTRODUCTION. 3 2. HOW IT WORKS.... 6 3. HOW TO CONFIGURE.. 7 2 1. INTRODUCTION Antivirus Site Protection
More informationANTIVIRUS SITE PROTECTION (by SiteGuarding.com)
ANTIVIRUS SITE PROTECTION (by SiteGuarding.com) USER GUIDE Version 1.0.0 Antivirus Site Protection (by SiteGuarding.com) 1.0.0 1 Table of content 1. INTRODUCTION. 3 2. HOW IT WORKS.... 6 3. HOW TO CONFIGURE..
More informationJPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]
JPCERT-IR-2015-05 Issued: 2016-01-14 JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationMRG Effitas Online Banking Browser Security Assessment Project Q Q1 2014
MRG Effitas Online Banking Browser Security Assessment Project Q3 2013 - Q1 2014 1 Contents Introduction... 3 The Purpose of this Report... 3 Tests Employed... 3 Security Applications Tested... 4 Methodology
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationHow to Fight Back against Phishing A guide to mitigating and deterring attacks targeting your customers
White Paper How to Fight Back against Phishing A guide to mitigating and deterring attacks targeting your customers 2013 Copyright Ecrime Management Strategies, Inc. All rights reserved. PhishLabs and
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationDiscovering Phishing Dropboxes Using Metadata
Discovering Phishing Dropboxes Using Email Metadata Tyler Moore 1 and Richard Clayton 2 Computer Science & Engineering Department, Southern Methodist University, Dallas, TX 1 Computer Laboratory, University
More informationCross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems
Cross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems Browser same origin policy Key security principle: a web browser permits scripts contained in a first web
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationNew Software Blade and Cloud Service Prevents Zero-day and Targeted Attacks
New Software Blade and Cloud Service Prevents Zero-day and Targeted Attacks 1 WOULD YOU OPEN THIS ATTACHMENT? Over 90% of targeted emails use malicious file attachments as the payload or infection source
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationAPT Protection.
Sangfor NGAF v7.4 Professional APT Protection tech.support@sangfor.com www.sangfor.com What is APT Gartner: Defining Advanced Persistent Threats Page 2 What is APT SANGFOR: APT is Not An Attack, But a
More informationAutomating Security Response based on Internet Reputation
Add Your Logo here Do not use master Automating Security Response based on Internet Reputation IP and DNS Reputation for the IPS Platform Anthony Supinski Senior Systems Engineer www.h3cnetworks.com www.3com.com
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationAnnexure E Technical Bid Format
Annexure E Technical Bid Format ANTIVIRUS SOLUTION FOR MAIL SERVER SECURITY AND SERVER SECURITY FOR DESKTOP,LAPTOP Sr. No Description Compliance (Y/N) Remark 01 Must offer comprehensive client/server security
More informationThe Scenes of Cyber Crime
Organizer: BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES The Scenes of Cyber Crime 5 July 2011 Toralv Dirro EMEA Security Strategist, McAfee Labs Low Risk + High Profit -> Crime 500,000 Cyber
More informationFREE ONLINE WEBSITE MALWARE SCANNER WEBSITE SECURITY
PDF 11 AWESOME TOOLS FOR WEBSITE MALWARE SCANNING FREE ONLINE WEBSITE SECURITY 1 / 5 2 / 5 3 / 5 website malware scanner pdf Qualys Malware Detection helps you to scan continuously for malware against
More informationBuilt-in functionality of CYBERQUEST
CYBERQUEST Knows everything Built-in functionality of CYBERQUEST Summary Demonstration of CyberQuest functionality E-mail: office@nextgensoftware.solutions Content Intro... 3 Built-in functionality of CYBERQUEST...
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationCombating Common Web App Authentication Threats
Security PS Combating Common Web App Authentication Threats Bruce K. Marshall, CISSP, NSA-IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Understanding Web App
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationBIG-IP Application Security Manager : Implementations. Version 13.0
BIG-IP Application Security Manager : Implementations Version 13.0 Table of Contents Table of Contents Preventing DoS Attacks on Applications... 13 What is a DoS attack?...13 About recognizing DoS attacks...
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationTHREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda
THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies
More informationGTIC Monthly Threat Report June 2017
GTIC Monthly Threat Report June 2017 Trickbot mac1 Phishing Campaign Name GTIC Monthly Threat Report June 2017 Owner Classification Status NTT Security GTIC TICT Aaron Perkins UNCLASSIFIED-EXTERNAL APPROVED
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationBank of america report phishing
Search Search pages & people Search Search Search pages & people Search Bank of america report phishing email We recently discovered a new phishing scam from a Bank of America spam email some reports that
More informationPerslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.
Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities
More informationFlowmon Application for QRadar User Guide
Flowmon Application for QRadar User Guide Version 01.00.00 Flowmon Application for QRadar is an extension connecting IBM QRadar with events from Flowmon ADS Solution. Flowmon Application was build with
More informationSynchronized Security
Synchronized Security 2 Endpoint Firewall Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations
More informationOWASP AppSec Research The OWASP Foundation New Insights into Clickjacking
New Insights into Clickjacking Marco `embyte` Balduzzi iseclab @ EURECOM embyte@iseclab.org AppSec Research 2010 Joint work with Egele, Kirda, Balzarotti and Kruegel Copyright The Foundation Permission
More informationLet s Sink The Phishermen s Boat! =DEFCON Las Vegas, Nevada= Teo Sze Siong, F-Secure Corporation
Let s Sink The Phishermen s Boat! =DEFCON 16 @ Las Vegas, Nevada= Teo Sze Siong, F-Secure Corporation Why this topic? Internet banking has become more and more preferred choice
More informationOpenID Security Analysis and Evaluation
University of British Columbia OpenID Security Analysis and Evaluation San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationXSS Homework. 1 Overview. 2 Lab Environment
XSS Homework 1 Overview Cross-site scripting (XSS) is a type of vulnerability commonly found in web applications. This vulnerability makes it possible for attackers to inject malicious code (e.g. JavaScript
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationBreaking and Securing Mobile Apps
Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead
More informationCompTIA E2C Security+ (2008 Edition) Exam Exam.
CompTIA JK0-015 CompTIA E2C Security+ (2008 Edition) Exam Exam TYPE: DEMO http://www.examskey.com/jk0-015.html Examskey CompTIA JK0-015 exam demo product is here for you to test the quality of the product.
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationSecure web proxy resistant to probing attacks
Technical Disclosure Commons Defensive Publications Series December 04, 2017 Secure web proxy resistant to probing attacks Benjamin Schwartz Follow this and additional works at: http://www.tdcommons.org/dpubs_series
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationProtegent Total Security Solution USER GUIDE Unistal Systems Pvt. Ltd. All rights Reserved Page 1
Protegent Total Security Solution USER GUIDE 2007-2017 Unistal Systems Pvt. Ltd. All rights Reserved Page 1 Table of Contents PROTEGENT TOTAL SECURITY...3 INSTALLATION...4 REGISTERING PROTEGENT TOTAL SECURITY...
More informationTrend Micro Deep Discovery and Custom Defence
Trend Micro Deep Discovery and Custom Defence Protection from Targeted Attacks 23 May 2013 James Walker Snr. EMEA Product Marketing Manager How threats have evolved! Patterns Reputation Heuristics Custom
More informationWebGoat Lab session overview
WebGoat Lab session overview Initial Setup Virtual Machine Tamper Data Web Goat Basics HTTP Basics Sniffing Web server attacks SQL Injection XSS INITIAL SETUP Tamper Data Hold alt to reveal the menu in
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More informationImproved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis
Improved C&C Traffic Detection Using Multidimensional Model and Elad Menahem Avidan Avraham Modern Threats Are More Sophisticated & Evasive CYBER KILL CHAIN: Infection Phase Post-Infection Recon Weaponization
More informationNew World ERP-eSuite
New World ERP-eSuite 2018.1 INSTALLATION GUIDE April 9, 2018 Review important information for installing this release: SSL is required for esuite Services and Website servers. 2018 Tyler Technologies.
More informationStandard Categories for Incident Response (definitions) V2.1. Standard Categories for Incident Response Teams. Definitions V2.1.
Standard Categories for Incident Response Teams Definitions V2.1 February 2018 Standard Categories for Incident Response (definitions) V2.1 1 Introduction This document outlines categories that Incident
More informationWHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?
WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationFeasibility study of scenario based self training material for incident response
24th Annual FIRST Conference Feasibility study of scenario based self training material for incident response June 21, 2012 Hitachi Incident Response Team Chief Technology and Coordination Designer Masato
More informationANATOMY OF A SPEAR PHISHING ATTACK. A Menlo Security Research Report
ANATOMY OF A SPEAR PHISHING ATTACK A Menlo Security Research Report Overview Today s CISOs are trying unsuccessfully to mitigate the threat of malware and credential theft, the two greatest risks associated
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationMcAfee Labs Threat Advisory Photominer
McAfee Labs Threat Advisory Photominer December 8, 2017 McAfee Labs periodically publishes Threat Advisories to provide customers with a detailed analysis of prevalent malware. This Threat Advisory contains
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationAt a Glance: Symantec Security.cloud vs Microsoft O365 E3
At a Glance: Symantec Email Security.cloud vs Microsoft O365 E3 Microsoft O365 E3 Security as a Feature Symantec Email Security.cloud Why This Is Important Spam Protection Third-party blacklists subscribed
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationSun Mgt Bonus Lab 11: Auto-Tagging in PAN-OS 8.X
1 Overview Introduced first in PAN-OS 8.0, the Dynamic IP Address and Tag Registration feature makes a significant step forward in the automation of operational, administrative, and, most importantly,
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationLongline Phishing: -borne Threats, Cloud Computing, Big Data, and the Rise of Industrial Phishing Attacks. A Proofpoint White Paper WHITE PAPER
Longline Phishing: Email-borne Threats, Cloud Computing, Big Data, and the Rise of Industrial Phishing Attacks A Proofpoint White Paper threat protection compliance archiving & governance secure communication
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationMODERN DESKTOP SECURITY
MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationLivePoplet: Technology That Enables Mashup of Existing Applications
LivePoplet: Technology That Enables Mashup of Existing Applications Akihiko Matsuo Kenji Oki Akio Shimono (Manuscript received January 29, 2009) We have developed LivePoplet, a technology that allows the
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationThe mechanisms of a targeted phishing attack
Why you need a CISO The mechanisms of a targeted phishing attack The mechanisms of targeted phishing attack a The mechanisms of a targeted phishing attack Table of Contents 1. INTRODUCTION... 2 2. PHISHING
More informationPresented By Rick Deacon DEFCON 15 August 3-5, 2007
Hacking Social Lives: MySpace.com Presented By Rick Deacon DEFCON 15 August 3-5, 2007 A Quick Introduction Full-time IT Specialist at a CPA firm located in Beachwood, OH. Part-time Student at Lorain County
More informationJunos Pulse for Google Android
Junos Pulse for Google Android User Guide Release 2.1 November 2011 R3 Copyright 2011, Juniper Networks, Inc. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks
More information<Partner Name> RSA NETWITNESS Intel Feeds Implementation Guide. Kaspersky Threat Feed Service. <Partner Product>
RSA NETWITNESS Intel Feeds Implementation Guide Kaspersky Jeffrey Carlson, RSA Partner Engineering Last Modified: December 19 th, 2017 Solution Summary Kaspersky Lab offers
More informationCisco Next Generation Firewall Services
Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the
More informationKaspersky Security for Windows Server
Kaspersky Security for Windows Server User's Guide Application version: 10.1.1.746 Dear User, Thank you for choosing Kaspersky Lab as your security software provider. We hope that this document helps you
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More information