SlideShare une entreprise Scribd logo

KILLING THE CYBER SECURITY KILL CHAIN

Télécharger en tant que PPTX, PDF
Niranjan Meegammana
Niranjan Meegammana

Threat Modelling aims to identify threats and vulnerabilities to apply controls to mitigate the risks. Killing the Cyber Security Kill Chain is an approach for Threat Modelling with ISO 27001 controls. Here is the link to the presentation (c) Creative Commons Attributed

Technologie
1  sur  16
KILLING THE CYBER SECURITY KILL CHAIN Niranjan Meegammana MSc in Cyber Security Sri Lanka Institute of Information Technology
Threat modeling identify potential threats and vulnerabilities in a threat landscape to help implement effective security controls for mitigations. THREAT MODELLING METHODOLOGIES STRIDE, PASTA, VAST, Trike, Attack Trees, CVSS, hTMMD MITRE ATT&CK OWASP METHOD DEPENDS ON THREAT LANDSCAPE
THREAT MODELLING PROCESS CYBER SECURITY KILL CHAIN APPLIES TO ALL
CYBER SECURITY KILL CHAIN ● A GENERIC ATTACK MODEL. ● STAGES OF AN ATTACKER. ● DESIGNED FOR A SUCCESSFUL ATTACK. ● REQUIRES DEFENCE IN EVERY STEP.
ATTACK STEPS OF KILL CHAIN RECONNAISSANCE WEAPONIZATION DELIVERY EXPLOITATION INSTALLATION COMMAND & CONTROL ACTION ON OBJECTIVE
RECONNAISSANCE GATHER INFORMATION ABOUT THE TARGET PASSIVE WHOIS ARIN GOOGLE SHODAN COMPANY WEBSITE JOB LISTINGS PROTECTION LIMIT PUBLIC INFORMATION ACCEPTABLE SOCIAL MEDIA USE MODIFY SERVER ERROR MESSAGES DOMAIN PRIVACY CONTROLS SCREENING PEOPLE
RECONNAISSANCE GATHER INFORMATION ABOUT THE TARGET ACTIVE NMAP PORT SCANNING BANNER GRABBING VULNERABILITY SCANNING PROTECTION DISABLE UNUSED PORTS DISABLE UNUSED SERVICES HONEYPOTS FIREWALL, IDS/ IPS TOR AND VPNs INBOUND BLOCKING
WEAPONIZATION FIND OR CREATE THE ATTACK THE WEAKNESS TOOLS METASPLOIT AIRCRACK NG BURP SUITE SOCIAL ENGINEERING TOOLKIT VEIL FRAMEWORK SQLMAP WAPITI AND MORE …. DEFENSES PATCH MANAGEMENT DISABLE OFFICE MACROS BROWSER PLUGINS ANTI VIRUS EMAIL SECURITY AUDIT LOGGING ADMINISTRATIVE CONTROLS TECHNICAL CONTROLS
DELIVERY SELECTING WHICH AVENUE TO DELIVER THE EXPLOIT ATTACK WEBSITES SOCIAL MEDIA WIRELESS ACCESS USER INPUT EMAIL USB INSIDER DEFENCE USER AWARENESS WEB FILTERING IDS/IPS DKIM/SPF DISABLE USB LIMIT ADMIN RIGHTS DNS FILTERING ENCRYPTION
EXPLOITATION WEAPONS DELIVERED AND ATTACK CARRIED OUT ATTACK SQL INJECTION MALWARE BUFFER OVERFLOW JAVASCRIPT HIJACK DDOS ATTACKS DEFENCE LINUX CHROOT DISABLE POWERSHELL UBA/EDR SOLUTION INCIDENT RESPONSE RECOVERY PLAN
INSTALLATION GAIN BETTER ACCESS ATTACK PAYLOAD INJECTION REMOTE ACCESS TOOLS REGISTRY CHANGES POWERSHELL COMMANDS GAIN PERSISTENT ACCESS DEFENCE ANIT-EXPLOIT SECURE PROGRAMMING WEB FILTERING IPS/IDS ADVANCED PERSISTENT THREAT (APT)
COMMAND AND CONTROL REMOTE CONTROL BY THE ATTACKER ATTACK REMOTE LOGIN BOTNETS TROJANS PRIVILEGE ESCALATION ADVANCED PERSISTENCE DEFENCE NETWORK SEGMENTATION NGFW : C & C BLOCKING DNS REDIRECT APPLICATION CONTROLS RESTRICT PROTOCOLS ISOLATION IOC: INDICATORS OF COMPROMISE
ACTION ON OBJECTIVE ATTACKER EXECUTES DESIRED ACTION ATTACK MOTIVATION FINANCIAL POLITICAL ESPIONAGE MALICIOUS INSIDER LATERAL MOVEMENT DEFENCE DATA LEAKAGE PREVENTION (DLP) USER BEHAVIOR ANALYSIS ZERO TRUST SECURITY DETECT > RESPOND > RECOVER DEVELOP MULTIPLE LAYERS OF SECURITY
DEFENCE FOR THE KILL CHAIN RECONNAISSANCE WEAPONIZATION DELIVERY EXPLOITATION INSTALLATION COMMAND & CONTROL ACTION ON OBJECTIVE ● PHYSICAL CONTROLS ● ADMINISTRATIVE CONTROLS ● TECHNICAL CONTROLS
ISO 27001: ANNEX A CONTROLS A.5 SECURITY POLICIES A.6 DATA SECURITY A.7 HUMAN SECURITY A.8 ASSET MANAGEMENT A.9 ACCESS CONTROL A.10 CRYPTOGRAPHY A.11 PHYSICAL SECURITY A.12 OPERATIONAL SECURITY (PENTESTING) A.13 COMMUNICATIONS SECURITY A.14 SYSTEM ACQUISITION & MAINTENANCE A.15 SUPPLIER RELATIONSHIPS A.16 INCIDENT RESPONSE A.17 BUSINESS CONTINUITY A.18 COMPLIANCE ADMINISTRATIVE - PHYSICAL - TECHNICAL THREAT RISK CONTROL MITIGATION
Niranjan Meegammana MSc in Cyber Security (2022) Sri Lanka Institute of Information Technology Thank you

Recommandé

Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformation
Sergey Soldatov
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Cyber security
Cyber securityCyber security
Cyber security
abithajayavel
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
Shah Sheikh
 
Network security using data mining concepts
Network security using data mining conceptsNetwork security using data mining concepts
Network security using data mining concepts
Jaideep Ghosh
 

Recommandé

Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformation
Sergey Soldatov
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Cyber security
Cyber securityCyber security
Cyber security
abithajayavel
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
Shah Sheikh
 
Network security using data mining concepts
Network security using data mining conceptsNetwork security using data mining concepts
Network security using data mining concepts
Jaideep Ghosh
 
Understanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemUnderstanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent Them
MarketingArrowECS_CZ
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez
 
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief inCYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
OllieShoresna
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
 
Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050
Pamela Dempster
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPS
Data#3 Limited
 
Surviving Web Security
Surviving Web SecuritySurviving Web Security
Surviving Web Security
Gergely Németh
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
Dhishant Abrol
 
Prezentare_RSA.pptx
Prezentare_RSA.pptxPrezentare_RSA.pptx
Prezentare_RSA.pptx
AgusNursidik
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
EC-Council
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
OWASP-Qatar Chapter
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Angeloluca Barba
 
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentationKaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentation
ShapeBlue
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Symantec
 
Shadow IT
Shadow ITShadow IT
Shadow IT
Risk Analysis Consultants, s.r.o.
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
Blue Coat
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Stephanie Beckett
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
ChristopherTHyatt
 

Contenu connexe

Similaire à KILLING THE CYBER SECURITY KILL CHAIN

CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief inCYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
OllieShoresna
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
 
Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050
Pamela Dempster
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
Dhishant Abrol
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
Blue Coat
 

Similaire à KILLING THE CYBER SECURITY KILL CHAIN (20)

Understanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent ThemUnderstanding Advanced Threats and How to Prevent Them
Understanding Advanced Threats and How to Prevent Them
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief inCYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPS
 
Surviving Web Security
Surviving Web SecuritySurviving Web Security
Surviving Web Security
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
Prezentare_RSA.pptx
Prezentare_RSA.pptxPrezentare_RSA.pptx
Prezentare_RSA.pptx
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Cyber security
Cyber securityCyber security
Cyber security
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
 
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentationKaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentation
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
 
Shadow IT
Shadow ITShadow IT
Shadow IT
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 

Dernier

Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 

Dernier (20)

What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Intelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdfIntelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdf
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 

KILLING THE CYBER SECURITY KILL CHAIN

  • 1. KILLING THE CYBER SECURITY KILL CHAIN Niranjan Meegammana MSc in Cyber Security Sri Lanka Institute of Information Technology
  • 2. Threat modeling identify potential threats and vulnerabilities in a threat landscape to help implement effective security controls for mitigations. THREAT MODELLING METHODOLOGIES STRIDE, PASTA, VAST, Trike, Attack Trees, CVSS, hTMMD MITRE ATT&CK OWASP METHOD DEPENDS ON THREAT LANDSCAPE
  • 3. THREAT MODELLING PROCESS CYBER SECURITY KILL CHAIN APPLIES TO ALL
  • 4. CYBER SECURITY KILL CHAIN ● A GENERIC ATTACK MODEL. ● STAGES OF AN ATTACKER. ● DESIGNED FOR A SUCCESSFUL ATTACK. ● REQUIRES DEFENCE IN EVERY STEP.
  • 5. ATTACK STEPS OF KILL CHAIN RECONNAISSANCE WEAPONIZATION DELIVERY EXPLOITATION INSTALLATION COMMAND & CONTROL ACTION ON OBJECTIVE
  • 6. RECONNAISSANCE GATHER INFORMATION ABOUT THE TARGET PASSIVE WHOIS ARIN GOOGLE SHODAN COMPANY WEBSITE JOB LISTINGS PROTECTION LIMIT PUBLIC INFORMATION ACCEPTABLE SOCIAL MEDIA USE MODIFY SERVER ERROR MESSAGES DOMAIN PRIVACY CONTROLS SCREENING PEOPLE
  • 7. RECONNAISSANCE GATHER INFORMATION ABOUT THE TARGET ACTIVE NMAP PORT SCANNING BANNER GRABBING VULNERABILITY SCANNING PROTECTION DISABLE UNUSED PORTS DISABLE UNUSED SERVICES HONEYPOTS FIREWALL, IDS/ IPS TOR AND VPNs INBOUND BLOCKING
  • 8. WEAPONIZATION FIND OR CREATE THE ATTACK THE WEAKNESS TOOLS METASPLOIT AIRCRACK NG BURP SUITE SOCIAL ENGINEERING TOOLKIT VEIL FRAMEWORK SQLMAP WAPITI AND MORE …. DEFENSES PATCH MANAGEMENT DISABLE OFFICE MACROS BROWSER PLUGINS ANTI VIRUS EMAIL SECURITY AUDIT LOGGING ADMINISTRATIVE CONTROLS TECHNICAL CONTROLS
  • 9. DELIVERY SELECTING WHICH AVENUE TO DELIVER THE EXPLOIT ATTACK WEBSITES SOCIAL MEDIA WIRELESS ACCESS USER INPUT EMAIL USB INSIDER DEFENCE USER AWARENESS WEB FILTERING IDS/IPS DKIM/SPF DISABLE USB LIMIT ADMIN RIGHTS DNS FILTERING ENCRYPTION
  • 10. EXPLOITATION WEAPONS DELIVERED AND ATTACK CARRIED OUT ATTACK SQL INJECTION MALWARE BUFFER OVERFLOW JAVASCRIPT HIJACK DDOS ATTACKS DEFENCE LINUX CHROOT DISABLE POWERSHELL UBA/EDR SOLUTION INCIDENT RESPONSE RECOVERY PLAN
  • 11. INSTALLATION GAIN BETTER ACCESS ATTACK PAYLOAD INJECTION REMOTE ACCESS TOOLS REGISTRY CHANGES POWERSHELL COMMANDS GAIN PERSISTENT ACCESS DEFENCE ANIT-EXPLOIT SECURE PROGRAMMING WEB FILTERING IPS/IDS ADVANCED PERSISTENT THREAT (APT)
  • 12. COMMAND AND CONTROL REMOTE CONTROL BY THE ATTACKER ATTACK REMOTE LOGIN BOTNETS TROJANS PRIVILEGE ESCALATION ADVANCED PERSISTENCE DEFENCE NETWORK SEGMENTATION NGFW : C & C BLOCKING DNS REDIRECT APPLICATION CONTROLS RESTRICT PROTOCOLS ISOLATION IOC: INDICATORS OF COMPROMISE
  • 13. ACTION ON OBJECTIVE ATTACKER EXECUTES DESIRED ACTION ATTACK MOTIVATION FINANCIAL POLITICAL ESPIONAGE MALICIOUS INSIDER LATERAL MOVEMENT DEFENCE DATA LEAKAGE PREVENTION (DLP) USER BEHAVIOR ANALYSIS ZERO TRUST SECURITY DETECT > RESPOND > RECOVER DEVELOP MULTIPLE LAYERS OF SECURITY
  • 14. DEFENCE FOR THE KILL CHAIN RECONNAISSANCE WEAPONIZATION DELIVERY EXPLOITATION INSTALLATION COMMAND & CONTROL ACTION ON OBJECTIVE ● PHYSICAL CONTROLS ● ADMINISTRATIVE CONTROLS ● TECHNICAL CONTROLS
  • 15. ISO 27001: ANNEX A CONTROLS A.5 SECURITY POLICIES A.6 DATA SECURITY A.7 HUMAN SECURITY A.8 ASSET MANAGEMENT A.9 ACCESS CONTROL A.10 CRYPTOGRAPHY A.11 PHYSICAL SECURITY A.12 OPERATIONAL SECURITY (PENTESTING) A.13 COMMUNICATIONS SECURITY A.14 SYSTEM ACQUISITION & MAINTENANCE A.15 SUPPLIER RELATIONSHIPS A.16 INCIDENT RESPONSE A.17 BUSINESS CONTINUITY A.18 COMPLIANCE ADMINISTRATIVE - PHYSICAL - TECHNICAL THREAT RISK CONTROL MITIGATION
  • 16. Niranjan Meegammana MSc in Cyber Security (2022) Sri Lanka Institute of Information Technology Thank you