nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Technical Aspects of Cyber Kill Chain

verfasst von : Tarun Yadav, Arvind Mallari Rao

Erschienen in: Security in Computing and Communications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recent trends in targeted cyber-attacks has increased the interest of research in the field of cyber security. Such attacks have massive disruptive effects on organizations, enterprises and governments. Cyber kill chain is a model to describe cyber-attacks so as to develop incident response and analysis capabilities. Cyber kill chain in simple terms is an attack chain, the path that an intruder takes to penetrate information systems over time to execute an attack on the target. This paper broadly categories the methodologies, techniques and tools involved in cyber-attacks. This paper intends to help a cyber security researcher to realize the options available to an attacker at every stage of a cyber-attack.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Analysis of Accountability Property in Payment Systems Using Strand Space Model

Nächstes Kapitel Detection and Mitigation of Android Malware Through Hybrid Approach

Malware Risks And Mitigation Report. 1st ed. BITS - The financial services roundtable (2011). http://www.nist.gov/itl/upload/BITS-Malware-Report-Jun2011.pdf

Ranum, M.J.: Breaking Cyber Kill Chains. Tenable Network Security (2014). http://www.tenable.com/blog/breaking-cyber-kill-chains

Sager, T.: Killing Advanced Threats in Their Tracks: An Intelligent Approach to Attack Prevention. Sansorg (2014). http://www.sans.org/reading-room/whitepapers/detection/killing-advanced-threats-tracks-intelligent-approach-attack-prevention-35302

The Cyber Attack Cycle. http://www.eur.army.mil/vigilance/Cyber_Attack_Cycle.pdf

Hartley, M.: Strengthening Cyber Kill Chain with Cyber Threat Intelligence. iSIGHT Partners (2014). http://www.isightpartners.com/2014/09/strenghtening-cyber-kill-chain-cyber-threat-intelligence-part-1-of-2/

Hartley, M.: The Cyber Threat Kill Chain Part 2 of 2 - iSIGHT partners. iSIGHT partners (2014). http://www.isightpartners.com/2014/10/cyber-threat-kill-chain-part-2-2/

Davis, R.: Exploit Kill Chain with Controls — Critical Start. Criticalstartcom (2015). http://www.criticalstart.com/2014/01/exploit-kill-chain-with-controls/

Engel, G: Deconstructing the Cyber Kill Chain. Dark Reading (2014). http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542

IT Security Reconnaissance. http://itsecurity.telelink.com/reconnaissance/

10.

Pernet, C.: APT Kill chain - Part 3: Reconnaissance - Airbus D&S CyberSecurity blog (2014). http://blog.cassidiancybersecurity.com/post/2014/05/APT-Kill-chain-Part-3-Reconnaissance

11.

Bhamidipati, S.: The Art of Reconnaissance - Simple Techniques. sans.org (2002). http://www.sans.org/reading-room/whitepapers/auditing/art-reconnaissance-simple-techniques-60

12.

Security Threat Report 2013. 1st ed. SOPHOS. http://www.sophos.com/en-us/medialibrary/pdfs/other/sophossecuritythreatrep-ort2013.pdf

13.

Security Threat Report 2014. 1st ed. SOPHOS. https://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf

14.

Rodionov, E., Matrosov, A.: Defeating Anti-Forensics in Contemporary Complex Threats

15.

Securelist.com.: The Ventir Trojan: Assemble Your MacOS Spy - Securelist. N.p (2015)

16.

Anley, C., et al.: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. John Wiley & Sons, New York (2011)

17.

Research.zscaler.com.: Zscaler Research: Njrat & H-Worm Variant Infections Continue To Rise. N.p (2015)

18.

CVE -Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/

19.

Pernet, C.: APT Kill chain - Part 4: Initial compromise - Airbus D&S CyberSecurity blog 2014. http://blog.airbuscybersecurity.com/post/2014/06/APT-Kill-chain-Part-4-%3A-Initial-compromise

20.

GitHub, DeviceFingerprint. https://github.com/dimalinux/DeviceFingerprint

21.

CVE security vulnerability database. Security vulnerabilities, exploits, references and more. http://www.cvedetails.com/

22.

Oehlert, P.: Violating assumptions with fuzzing. IEEE Secur. Priv. 3(2), 58–62 (2005)CrossRef

23.

Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Pearson Education, Upper Saddle River (2007)

24.

Godefroid, P., Levin, M.Y., Molnar, D.: SAGE: whitebox fuzzing for security testing. Queue 10(1), 20 (2012)CrossRef

25.

Contagio: An Overview of Exploit Packs (Update 24), March 2015. http://contagiodump.blogspot.in/2010/06/overview-of-exploit-packs-update.html

26.

Chien, E., Szr, P.: Symantec Security Response: Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses Virus Bulletin (2002). http://www.symantec.com/avcenter/reference/blended.attacks.pdf

27.

Hardikar, A.: Malware 101 - Viruses. sansorg (2008). http://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848

28.

Kleissner, P.: Stoned bootkit. In: Black Hat, USA, pp. 5–7 (2009)

29.

Gradiner, J., Cova, M.: Shishir Nagaraja: Command and Control : Understanding, Denying and Detecting (2014)

30.

Seenivasan, D., Shanthi, K.: Categories of botnet: a survey. Int. J. Comput. Control Quantum Inf. Eng. 8(9), 1589–1592 (2014)

31.

Yen, T.-F., Heorhiadi, V., Oprea, A., Reiter, M.K., Juels, A.: An epiemiological study of malware encounters in a large enterprise. In: ACM SIGSAC Conference on Computer and Communications Security (2014)

32.

QinetiQ. Command & Control: Understanding, Denying, Detecting, 36 February 2014. http://www.cpni.gov.uk/Documents/Publications/2014/2014-04-11-cc/qinetiq/report.pdf

33.

Porras, P., Saidi, H., Yegneswaran, V.: A multi-perspective analysis of the Storm (Peacomm) worm. In: SRI Technical Report 10–01 (2007)

34.

Statista. Facebook: figures of monthly active users 2014 — Statistic (2015). http://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/

35.

Fireeye.com. Evasive Tactics: Taidoor Threat Research — FireEye Inc. (2013). https://www.fireeye.com/blog/threat-research/2013/09/evasive-tactics-taidoor-3.html

36.

Tools.ietf.org. RFC 1459 - Internet Relay Chat Protocol (2015). https://tools.ietf.org/html/rfc1459

37.

Ietf.org. RFC 2616 - Hypertext Transfer Protocol - HTTP/1.1 (1999). https://www.ietf.org/rfc/rfc2616.txt

38.

Ietf.org. RFC 959 - FILE TRANSFER PROTOCOL (FTP) (1985). https://www.ietf.org/rfc/rfc959.txt

39.

Ietf.org. RFC 793 - TRANSMISSION CONTROL PROTOCOL (1981). https://www.ietf.org/rfc/rfc793.txt

40.

Fox-IT International blog. Large botnet cause of recent Tor network overload (2013). http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload. Accessed 24 March 2015

41.

IOActive Inc. Reversal and Analysis of Zeus and SpyEye Banking Trojans (1st ed., p. 31). Seattle: IOActive, Incorporated (2012). http://www.ioactive.com/pdfs/ZeusSpyEyeBankingTrojanAnalysis.pdf

42.

FireEye. Poison Ivy: Assessing Damage and Extracting Intelligence (1st ed., p. 33). California: FireEye Inc (2014). https://www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf

43.

ydklijnsma: Large botnet cause of recent Tor network overload 2013. http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/

44.

Ietf.org. RFC 1035 - DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (1987). https://www.ietf.org/rfc/rfc1035.txt

45.

Porras, P., Saidi, H., Yegneswaran, V.: A foray into confickers logic and rendezvous points. In: Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2009)

46.

Dietrich, C.J., Rossow, C., Pohlmann, N.: CoCoSpot: clustering and recognizing botnet command and control channels using traffic analysis. Comput. Netw. 57(2), 475–486 (2013)CrossRef

47.

DAMBALLA. Behind Todays Crimeware Installation Lifecycle: How Advanced Malware Morphs to Remain Stealthy and Persistent 10 (1st ed., p. 10). Atlanta: DAMBALLA (2015). https://www.damballa.com/downloads/r_pubs/WP_Advanced_Malware_Install_LifeCycle.pdf

48.

A View From Front Lines. 1st ed. MANDIANT A FireEye Company (2015). http://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf

49.

Pernet, C.: APT Kill chain - Part 5: Access Strenghtening and lateral movements - Airbus D&S CyberSecurity blog (2014). http://blog.airbuscybersecurity.com/post/2014/11/APT-Kill-chain-Part-5-3A-Access-Strenghtening-and-lateral-movements

50.

Naseem, F., shafqat, M., Sabir, U., Shahzad, A.: A survey of botnet technology and detectiion. Int. J. Video Image Process. Netw. Secur. IJVIPNS-IJENS 10(01), 9–12 (2010)

Titel: Technical Aspects of Cyber Kill Chain
verfasst von: Tarun Yadav
Arvind Mallari Rao
Verlag: Springer International Publishing
Buch: Security in Computing and Communications
Print ISBN: 978-3-319-22914-0

Electronic ISBN: 978-3-319-22915-7

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-22915-7_40

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner