Cyber Security Hacking and Attack Tree Analysis

Cyber Security A. Avinash, Ph.D., Assistant Professor School of Computer Science and Engineering (SCOPE) Vellore Institute of Technology (VIT), Chennai

Scanning is a critical process in cyber security used to identify vulnerabilities, weaknesses, and potential threats in networks, systems, and applications. Importance of Scanning Proactive Defense : Helps identify and fix vulnerabilities before they can be exploited by attackers. Compliance : Assists in meeting regulatory requirements and industry standards (e.g., PCI DSS, HIPAA). Risk Management : Enables organizations to assess and mitigate risks effectively. Continuous Monitoring : Provides ongoing visibility into the security posture of the organization . Hacking Methodology

Types of Scanning 1. Network Scanning: Network scanning is the process of discovering devices, services, and open ports in a network. Purpose : To map the network, identify active devices, and detect open ports and services. Tools : Nmap : A powerful network scanner that can discover hosts and services on a network. Angry IP Scanner : A fast and easy-to-use IP address and port scanner. Advanced IP Scanner : A network scanner to analyze LAN. Methods : Ping Sweeps : Sending ICMP echo requests to multiple hosts to determine which are up and responding. Port Scanning : Checking the status of ports (open, closed, or filtered) on devices to identify running services. OS Detection : Identifying the operating systems running on network devices. Hacking Methodology

Hacking Methodology 2. Vulnerability Scanning: Vulnerability scanning aims to detect security weaknesses in systems and applications. Purpose : To identify vulnerabilities that can be exploited by attackers. Tools : Nessus : A widely used vulnerability scanner that identifies vulnerabilities, configuration issues, and malware. OpenVAS : An open-source vulnerability scanner that offers a comprehensive scanning and vulnerability management solution. Qualys : A cloud-based platform that provides continuous vulnerability scanning and compliance monitoring. Methods : Authenticated Scanning : Uses valid credentials to perform a deeper and more accurate scan of the target system. Unauthenticated Scanning : Scans the target system without using credentials, simulating an attack from an external threat actor. Configuration Checks : Evaluates the system's configuration against best practices and security standards.

3. Web Application Scanning: Web application scanning focuses on identifying security vulnerabilities in web applications. Purpose : To find vulnerabilities that can be exploited in web applications. Tools : OWASP ZAP (Zed Attack Proxy) : An open-source web application security scanner. Burp Suite : A comprehensive platform for performing security testing of web applications. Nikto : An open-source web server scanner that checks for dangerous files, outdated server software, and other issues. Methods : Static Analysis : Examines the application's source code to identify vulnerabilities. Dynamic Analysis : Tests the running application to identify security issues. Fuzzing : Inputs a large amount of random data ("fuzz") to the application to find security flaws. Hacking Methodology

4. Database Scanning: Database scanning identifies vulnerabilities and misconfigurations in databases. Purpose : To ensure the security and integrity of databases. Tools : DBScan : A database vulnerability scanner that checks for security issues in various types of databases. SQLmap : An open-source tool that automates the detection and exploitation of SQL injection flaws. Methods : Configuration Checks : Ensures that database settings are secure and follow best practices. Content Scans : Identifies sensitive data, such as Personally Identifiable Information (PII) or credit card numbers, that might be exposed. Hacking Methodology

5. Host-based Scanning: Host-based scanning focuses on the security of individual hosts or devices. Purpose : To identify vulnerabilities and misconfigurations on specific devices. Tools : Nessus : Also used for host-based scanning to check for vulnerabilities on individual hosts. OpenVAS : Provides host-based scanning capabilities to identify vulnerabilities on specific systems. Retina Network Security Scanner : A comprehensive vulnerability assessment solution for identifying security risks on hosts. Methods : Patch Management : Ensures that all software and systems are up-to-date with the latest security patches. Configuration Audits : Evaluates the configuration of the host against security best practices. Hacking Methodology

6. Wireless Network Scanning: Wireless network scanning identifies and assesses wireless networks and their security. Purpose : To detect and secure wireless networks. Tools : Aircrack -ng : A suite of tools for assessing Wi-Fi network security. Kismet : A wireless network and device detector, sniffer, and intrusion detection system. Wireshark : A network protocol analyzer that can capture and analyze wireless traffic. Methods : SSID Discovery : Identifies available wireless networks and their SSIDs. Encryption Analysis : Checks the encryption methods used by wireless networks to ensure they are secure. Rogue Access Point Detection : Identifies unauthorized access points that may pose a security risk. Hacking Methodology

Attack Tree Analysis An attack tree is a visual representation that models the security of a system from the perspective of an attacker. It starts with a single root node representing the main goal of the attack (e.g., gaining unauthorized access). Node is then expanded into branches that represent different ways to achieve this goal. Each branch can further divide into sub-branches, representing more specific attack methods or steps .

Attack Tree Analysis Components of an Attack Tree Root Node : The ultimate goal of the attack (e.g., stealing sensitive data). Branches : Different methods or steps to achieve the goal. Leaf Nodes : The final steps or specific actions in each attack path. AND Nodes : Represent steps that must all occur together for an attack to succeed. OR Nodes : Represent alternative steps, where any one can lead to the next stage in the attack .

Attack Tree Analysis

Attack Tree Analysis Example of an Attack Tree: Consider an attack tree for gaining unauthorized access to a secure system Root Node : Gain unauthorized access Branch 1 : Exploit software vulnerability (OR Node) Leaf Node: Identify vulnerability Leaf Node: Develop exploit Branch 2 : Obtain login credentials (OR Node) Sub-Branch: Phishing (AND Node) Leaf Node: Create phishing email Leaf Node: Send email to target Sub-Branch: Social engineering (AND Node) Leaf Node: Impersonate IT support Leaf Node: Convince user to reveal password Branch 3 : Physical access (OR Node) Leaf Node: Steal access card Leaf Node: Bypass physical security

Attack Tree Analysis

Attack Tree Analysis Benefits of Attack Tree Analysis Structured Approach : Provides a clear and organized way to think about and document potential attack vectors. Comprehensive Coverage : Ensures that all possible attack paths are considered. Prioritization : Helps prioritize threats based on likelihood and impact, enabling more effective resource allocation. Risk Assessment : Assists in evaluating the risk associated with each attack path. Mitigation Planning : Facilitates the development of strategies to counteract identified threats .

Attack Tree Analysis Steps to Create an Attack Tree Define the Goal : Identify the main objective of the potential attacker (e.g., data theft, system disruption). Identify Attack Vectors : Brainstorm all possible ways to achieve the goal. Break Down Steps : Decompose each attack vector into smaller, manageable steps. Organize the Tree : Structure the attack vectors and steps into a hierarchical tree format. Analyze the Tree : Evaluate the likelihood and impact of each attack path. Identify vulnerabilities and possible defenses .

Attack Tree Analysis Applications of Attack Tree Analysis Security Assessment : Used by security professionals to assess the robustness of systems and identify weak points. Incident Response Planning : Helps in preparing for potential security incidents by understanding attack methods. Compliance and Auditing : Supports regulatory and compliance requirements by demonstrating thorough security analysis. Training and Awareness : Educates employees and stakeholders about potential security threats and defenses.

Assessing vulnerabilities Assessing vulnerabilities is a critical process in cyber security aimed at identifying, evaluating, and mitigating weaknesses in systems, networks, and applications. Key steps involved in assessing vulnerabilities: 1. Planning and Preparation a. Define Scope: Determine the assets, systems, and networks to be assessed. Identify the boundaries and limitations of the assessment. b. Gather Information: Collect data on the target environment, including network topology, operating systems, applications, and security policies. Identify the stakeholders and obtain necessary permissions.

Assessing vulnerabilities 2 . Asset Identification and Prioritization a. Inventory Assets: Create a comprehensive list of all hardware, software, and data assets. Include details such as IP addresses, versions, configurations, and dependencies. b. Classify and Prioritize: Categorize assets based on their criticality to the organization. Assign priority levels to assets based on their importance and the potential impact of a vulnerability. 3. Vulnerability Identification a. Automated Scanning: Use automated vulnerability scanning tools (e.g., Nessus, Qualys , OpenVAS) to perform initial assessments. Configure the tools to scan for known vulnerabilities in the target environment. b. Manual Testing: Conduct manual tests to identify vulnerabilities that automated tools may miss. Use techniques such as penetration testing, code review, and configuration review .

Assessing vulnerabilities 4 . Vulnerability Analysis a. Validate Findings: Verify the vulnerabilities identified by automated tools and manual tests. Eliminate false positives and ensure accuracy. b. Assess Impact and Exploitability: Evaluate the potential impact of each vulnerability on the organization. Determine how easily the vulnerability can be exploited by an attacker. c. Classify Vulnerabilities: Categorize vulnerabilities based on their severity (e.g., critical, high, medium, low). Use standardized scoring systems such as CVSS (Common Vulnerability Scoring System) to quantify severity .

Assessing vulnerabilities 5 . Reporting and Documentation a. Create a Detailed Report: Document the findings, including the identified vulnerabilities, their severity, and potential impact. Provide detailed descriptions, screenshots, and steps to reproduce the vulnerabilities. b. Recommend Mitigations: Suggest specific actions to remediate or mitigate each vulnerability. Include both short-term fixes and long-term strategies. c. Communicate with Stakeholders: Present the findings and recommendations to relevant stakeholders. Ensure clear communication of the risks and necessary actions .

Assessing vulnerabilities 6. Continuous Monitoring and Improvement a. Establish Continuous Monitoring: Implement continuous monitoring tools and processes to detect new vulnerabilities and threats. Regularly update vulnerability databases and scanning tools. b. Review and Update Policies: Periodically review and update security policies, procedures, and controls. Ensure ongoing training and awareness for staff to stay informed about emerging threats and best practices .

P enetration Testing Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities. The process of pen testing involves gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. Penetration testing can be automated with software applications or performed manually either way. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network. A white-box penetration testers are given full access to source code, architecture documentation etc.

Phases of a Penetration Test It is the process of collecting information before deploying any real attacks . It is the process of identifying the likely entry points into the target system . It is the process which defines , locates, and classifies the security leaks in a computer, network, or application . It is the process of enabling pen testers to compromise a system and expose to further attacks . It is the process of documenting all the steps that led to a successful attack during the test .

Penetration Test Terms 1. Common vulnerabilities and exposures (CVE ) program cataloging software and firmware vulnerabilities for 18 years. 2. Vulnerability is a weak point or a bug in a piece of software , hardware or operating system that leaves a system open and vulnerable to attacks and unauthorized access. 3. E xploit is a code that takes advantage of a software vulnerability or security flaw . Exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network or computer systems. 4. P ayload is a piece of code that executed through exploit.

Most Common Types of Cyber Attacks 1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks 2. Man in The Middle Attack (MITM ) 3. Phishing and spear Attacks 4. SQL Injection Attack 5. Cross-Site Scripting (XSS) Attack

Common Network Attacks 1. CDP Manipulation: CDP packets are enabled by default on Cisco switches and transmitted in a clear text which allows the attacker to analyze the packets and gain information about the network device, so the attacker can search for a known vulnerability and execute against this device. 2. Telnet Enabled VTY: Telnet also transmits packets in clear text which can reveal to an attacker who’s sniffing the network , as well as SSH v1 which is also vulnerable and compromised. 3. Mac Flooding: The attacker floods the Mac table with Mac Address more than the switch can store or handle , which makes the switch operating as a hub giving the attacker the opportunity to sniff all traffic on the segment. 4. DHCP Spoofing: the attacker listens for DHCP requests and answers them , giving it’s IP address the default gateway for the clients , the attacker becomes a (MITM). 5. ARP Spoofing: similar to dhcp spoofing but related to ARP Messages.

Common Pentest Tools 1. Nmap is a very popular tool predominantly aids in understanding the characteristics of any target network, the characteristics include host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced. 2. Nessus is a scanner, robust vulnerability identifier tool. It specializes in compliance checks, Sensitive data searches, IPs scan, website scanning etc. and aids in finding the ‘weak-spots’. 3. Acunetix is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS. 4. Metasploit is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. It runs a ‘payload’, a code that performs operations on a target machine, thus creating a perfect framework for penetration testing. 5. Wireshark is a network protocol analyzer, details about network protocols, packet information, decryption etc. 6. Burp-Suite : Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable .

Pentest roles and responsibilities 1. Network and application tests to check the general security vulnerabilities across a network. 2. Physical security test checking for disaster hardening of servers to non-cyber threats 3. Security audits is a fundamental and ongoing aspect of the penetration tester’s role. 4. General security report writing and the use of metrics from tests to help develop security strategies 5. Involvement in security team and security policy review need to be able to communicate with team and help with security policy review

Penetration Testing certificates Here is a list of the most common certificates in penetration Testing: EC-Council Licensed Penetration Tester (LPT ) Master IACRB Certified Penetration Tester (CPT ) Certified Expert Penetration Tester (CEPT ) Certified Penetration Testing Engineer (CPTE ) GIAC Exploit Researcher and Advanced Penetration Tester (GXPN ) GIAC Web Application Penetration Tester (GWAPT ) GIAC Penetration Tester (GPEN )

Security Testing Tools The process of identifying and mitigating security vulnerabilities in applications and networks. Importance : Ensures the protection of data, compliance with regulations, and maintains user trust. Types of Security Testing: Vulnerability Scanning Penetration Testing Security Audits

Security Testing Tools Categories of Security Testing Tools Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Interactive Application Security Testing (IAST) Network Security Tools Web Application Security Tools Database Security Tools

Security Testing Tools Static Application Security Testing (SAST) Tools: Analyzes source code for security vulnerabilities without executing the program . Examples: SonarQube : Detects bugs and vulnerabilities in code. Checkmarx : Provides detailed security analysis and compliance checks. Veracode : Offers comprehensive security testing and remediation guidance. Dynamic Application Security Testing (DAST) Tools: Tests applications in runtime, simulating attacks to find vulnerabilities. Examples: OWASP ZAP: Open-source tool for finding vulnerabilities in web applications. Burp Suite: Integrated platform for performing security testing of web applications. Acunetix : Automated web vulnerability scanner that detects and reports on a wide range of web application vulnerabilities .

Security Testing Tools Interactive Application Security Testing (IAST) Tools: Combines elements of SAST and DAST to provide real-time analysis. Examples: Contrast Security: Embeds sensors to analyze application behavior. Seeker by Synopsys: Provides actionable insights by monitoring application interactions . Network Security Tools: Scans networks to identify vulnerabilities and potential security breaches. Examples: Nessus : Comprehensive vulnerability scanner for identifying network vulnerabilities. OpenVAS : Open-source vulnerability scanning tool. Nmap : Network mapping tool that discovers hosts and services on a computer network .

Security Testing Tools Web Application Security Tools : Focuses on identifying vulnerabilities in web applications. Examples: Nikto : Open-source web server scanner which performs comprehensive tests. Netsparker : Automated web application security scanner. W3AF : Open-source web application attack and audit framework. Database Security Tools: Ensures the security of databases by identifying vulnerabilities and misconfigurations. Examples: SQLMap : Open-source tool for automating the process of detecting and exploiting SQL injection flaws. DBProtect : Provides database activity monitoring and vulnerability management. AppDetectivePro : Identifies security vulnerabilities in database environments.

Cyber Security Hacking and Attack Tree Analysis

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Cyber Security Hacking and Attack Tree Analysis

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......