Sie sind auf Seite 1von 15

Anatomy of a Cyber Attack

Tactical Security Studies chuksjonia.blogspot.com Nairobi, Kenya

By Gichuki John

About Me Security Analyst Specialize in Penetration Testing Forensics Surveillance Red Team Assessment
About Me
Security Analyst
Specialize in
Penetration Testing
Forensics
Surveillance
Red Team Assessment
Behavior Analysis
Clandestine recovery
Covert Data Acquisition
Malware Development and Analysis
Exploit Development
Chuksjonia.blogspot.com
2
October 2013
Penetration Testing The means to identify the presence of points where something can find or
Penetration Testing
The means to identify the presence of points where something can find or force
its way into or through something else.
IT Security Penetration Testing:
This is most often used to positively identify points of vulnerabilities
Determine the genuineness of the vulnerabilities that they identify by use of
exploitation.
Findings that cannot be exploited are either not reported or are reported as theoretical
findings when justified
Testing and Uses
These are mostly commonly applied to Networks, Web Applications and physical
Security. In theory, anything can undergo a Penetration Test.
3
October 2013
Penetration Testing VS Vulnerability Assessment Major difference, confuses clients and organizations Penetration
Penetration Testing VS Vulnerability Assessment
Major difference, confuses clients and organizations
Penetration testing will exploit the vulnerabilities either physical or operational,
Vulnerability Assessment wont.
Penetration testing gains access, Vulnerability testing doesn't.
Social Engineering cannot be performed in tandem with a Vulnerability
Assessment. Social Engineering exploits human vulnerabilities and that
exploitation crosses the boundaries of a Vulnerability Assessment.
Vulnerability Assessments cannot be applied to running Web Applications.
Testing a running Web Application requires the submission of malformed and /
or augmented data. When the data is received by the application, if the
application is vulnerable, then an error or unexpected result is returned. This
error or unintended result constitutes a degree of exploitation and as such
crosses the Vulnerability Assessment boundaries.
Pivoting or rather, Distributed Metastasis cannot be performed during a
Vulnerability Assessment. This is because Pivoting depends on the attackers
ability to exploit vulnerabilities as a method of propagating a penetration.
4
October 2013
Types of Pentests Internal Penetration Testing (WhiteBox and Gray Box) External /Remote Penetration Testing
Types of Pentests
Internal Penetration Testing (WhiteBox and Gray
Box)
External /Remote Penetration Testing (Blackbox)
5
October 2013
Black boxing Stages: Reconnaissance, Surveillance, Intel gathering and hours of stake-outs Network Mapping, Office
Black boxing
Stages:
Reconnaissance, Surveillance, Intel gathering and hours of
stake-outs
Network Mapping, Office locations, Employees names their
offices and their bosses and family
Social media Intel / Data Acquisition
The hardest, but always the best.
Takes longer, but its worthy it.
6
October 2013
Malware attacks 7 October 2013
Malware attacks
7
October 2013
Social Engineering 8 October 2013
Social Engineering
8
October 2013
Domain Vulnerabilities especially in Banking 9 October 2013
Domain Vulnerabilities especially in
Banking
9
October 2013
Government can be taken easy .e.g KRA 10 October 2013
Government can be taken easy .e.g
KRA
10
October 2013
Client Side attacks 11 October 2013
Client Side attacks
11
October 2013
Questions 12 October 2013
Questions
12
October 2013
Types of Risk 13 October 2013
Types of Risk
13
October 2013
References 14 October 2013
References
14
October 2013
References 15 October 2013
References
15
October 2013