1. Credential Theft/Dumping – using tools such as WCE, Mimikatz, gsecdump to collect plaintext or hashed usernames and passwords
2. SQL Injection – an input validation attack specific to database applications where SQL code is inserted into application queries to manipulate the database.
3. Process Hollowing – a new instance of a legitimate process is launched and memory that contains original code is promptly deallocated (hollowed) and replaced with malicious code
4. DLL Side Loading – a malicious DLL in a specific Windows directory is loaded instead of the legitimate one due to a vulnerable feature
5. Adversarial managed infrastructure Command & Control (C2) – utilizing a managed infrastructure (IPs, domains, applications) to maintain communications with implanted malware
6.
…show more content…
Encrypted Outbound Sessions – an encrypted interactive session by an adversary which takes advantage of less restrictive outbound connections
9. Reverse RDP Tunnel – using a reverse SSH tunnel to access RDP
10. Compromised Certificates – stealing certificates to sign malware, encrypt outbound sessions to avoid detection, and Man-in-the-Middle attacks to decrypt sensitive data.
11. Replacing Valid Binaries – authorized and legitimate system utilities are replaced with attacker supplied ones to create malicious effects
12. Pass-the-Hash – to steal and reuse password hash values, which can be used directly as an authenticator to access services on behalf of the user through single sign-on (SSO) authentication
13. Privilege Escalation – when a user gets access to more resources or functionality than they are normally allowed, which is most often through known exploits or zero-day attacks against the local OS
14. Vulnerability Exploitation –
a. 0-day Vulnerabilities Exploitation – an attack that takes advantage of a vulnerability for which no patch is yet available.
b. Known Vulnerabilities Exploitation – an attack that takes advantage of a vulnerability for which a software patch is
Another type of method to gain unauthorised access is the exploitation of known security weaknesses. Two types of security weaknesses exist: configuration errors and security bugs. Configuration errors occur when a system is set up in such a way that unwanted exposure is allowed. Then, according to the configuration, the system is at risk from even legitimate actions. An example of this would be if a system “exports” a file system to the world (makes the contents of a file system available to all other systems on the network). Then any other machine can have full access to that file system.
“In more specialized terms, a PC infection is a sort of vindictive code or program written to change the way a PC works and that is intended to spread starting with one PC then onto the next. An infection works by embedding or appending itself to a real program or report that backings macros with a specific end goal to execute its code. In the process an infection can possibly bring about unforeseen or harming impacts, for example, hurting the framework
One of the biggest threats to network security in 2014 is the end of support for the Windows XP operating system (OS). On April 8th 2014, Microsoft will discontinue support for the aging OS. What this means for users of Windows XP is that as new vulnerabilities and exploits are discovered, they will not be fixed – the vulnerabilities will only continue to grow. For any business environment that is still using Windows XP beyond April 8th, the machines running the OS will become the organization’s biggest security flaw. It is highly likely that hackers are holding back on using known zero-day exploits for Windows XP until after April 8th because they know that beyond that date, the exploit will not be
On the 26th of April 2014 a zero-day vulnerability in Internet Explorer (IE) was discovered by security vendor FireEye . The exploit targeted defense and financial services companies using IE9 through IE11 and was found on a “very popular U.S. website.” The malicious code was removed from the website as soon as the host was notified, however in Microsoft advisory #2963983 released the same day FireEye announced the exploit discovery, Microsoft provided limited guidance and did not state when it would release a fix. Historically patches have occurred either before or on the day regular security updates were released on a monthly cycle (typically the second Tuesday of each month).
The Internet is a threat vector for all sizes of organizations, whether private or public. New technologies are constantly being introduced in order to keep pace with industry trends and with these new technologies come new vulnerabilities. Many of these vulnerabilities among software will be discovered in the testing phases or early days of release, however, there are some vulnerabilities that will remain unknown to the masses. These unknown vulnerabilities, once discovered, become the pathway for a zero-day exploits (Zetter, 2015). The term zero-day does not have a specific definition but it is often referred to as the amount of time that the IT community has to the newly implemented attack (Kliarsky, 2011).
A.2.2: Ease of exploit: Again, automated tools available to exploit these vulnerabilities so this is extremely easy to pull off. (9.0 - High)
In these days, cyber-attacks have become a huge problem for online communities. Malware, such as viruses, Trojans, worms, spware, ad-ware, and many other forms are becoming an increasingly popular methods to infect computer machines. Malware, also known as malicious software, is used by hackers, and criminals around the world to disrupt computer activities, and gain access to private, or important information in computer systems, and to gather that information illegally. There are countless forms of malicious software, and they can be located everywhere, such as on widely known websites, advertisements being displayed, and more.
Another method not previously mentioned is RAM scraping. This method of hacking uses a form
High level encryption or cryptography is used in a number of applications ranging from those which impact national security to those which are more mundane. Essentially, cryptography is the methodology of encoding information so that one’s privacy is ensured. This is particularly important when it comes to transactions which occur over the Internet. The risk of individuals gaining access to personal information or information which is critical to a country or a nation over the Internet is a very real one. The practice of cryptography lessens the likelihood of this happening.
The term “computer virus” is often used as a blanket term for all types of malware. The opposite is true. A computer virus is, simply, yet another type of malware, although one of the most common. This paper will discuss several of the different types of malware, from viruses, to worms, to Trojan horses, what exactly they are, the ways they are used to attack us, and ways to combat them. Perhaps the most important in the fight against malware is the prevention of them. We will discuss ways to prevent being infected by malware, by using programs
After the violation of several layers of protection, it has been observed that the attacker or hacker may want to perform the below listed attacks.
The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break
The section below explores the section of code that was patched in the initial patch in 2010 and how the vulnerability remained vulnerable. The definition of the function shown below is taken from a function called CControlPanelFolder::GetUiObjectOf() in Shell32.dll. Shown in the diagram below is the first block that was changed after zero day vulnerability was discovered.
It is not possible to provide a complete glossary of security-related terms within the scope of this chapter, but in this section, we will define some of the more common words and phrases that you may encounter as you begin to explore the fascinating world of computer security:
The ability of the attackers to rapidly gain control of vast number of Internet hosts poses an immense threat to the overall security of the Internet (Staniford, Paxson & Weaver, 2002). Once compromised, these hosts can not only be used for massive Distributed Denial of Service (DDoS) attacks, but also steal or corrupt great quantities of sensitive information by confusing and disrupting the network in more subtle ways (Honeynet, 2005).