Welcome to Scribd!

Anatomy of An Attack

Uploaded by

0% found this document useful (0 votes)

244 views15 pages

Security analyst chuksjonia specialises in - Penetration Testing - Forensics - Surveillance - Red Team Assessment - Behavior Analysis - Covert Data Acquisition - Malware Development and Analysis. Penetration Testing will exploit the vulnerabilities either physical or operational, Vulnerability Assessment wont.

Original Description:

Original Title

Anatomy of an Attack

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

244 views15 pages

Anatomy of An Attack

Uploaded by

ICT AUTHORITY

Copyright:

Attribution Non-Commercial (BY-NC)

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 15

Search inside document

Anatomy of a Cyber Attack

Tactical Security Studies chuksjonia.blogspot.com Nairobi, Kenya By Gichuki John

About Me

Security Analyst Specialize in Penetration Testing Forensics Surveillance Red Team Assessment Behavior Analysis Clandestine recovery Covert Data Acquisition Malware Development and Analysis Exploit Development
October 2013

Chuksjonia.blogspot.com

Penetration Testing
The means to identify the presence of points where something can find or force its way into or through something else. IT Security Penetration Testing:
This is most often used to positively identify points of vulnerabilities Determine the genuineness of the vulnerabilities that they identify by use of exploitation. Findings that cannot be exploited are either not reported or are reported as theoretical findings when justified

Testing and Uses

These are mostly commonly applied to Networks, Web Applications and physical Security. In theory, anything can undergo a Penetration Test.

October 2013

Penetration Testing VS Vulnerability Assessment

Major difference, confuses clients and organizations Penetration testing will exploit the vulnerabilities either physical or operational, Vulnerability Assessment wont. Penetration testing gains access, Vulnerability testing doesn't. Social Engineering cannot be performed in tandem with a Vulnerability Assessment. Social Engineering exploits human vulnerabilities and that exploitation crosses the boundaries of a Vulnerability Assessment. Vulnerability Assessments cannot be applied to running Web Applications. Testing a running Web Application requires the submission of malformed and / or augmented data. When the data is received by the application, if the application is vulnerable, then an error or unexpected result is returned. This error or unintended result constitutes a degree of exploitation and as such crosses the Vulnerability Assessment boundaries. Pivoting or rather, Distributed Metastasis cannot be performed during a Vulnerability Assessment. This is because Pivoting depends on the attackers ability to exploit vulnerabilities as a method of propagating a penetration.

October 2013

Types of Pentests
Internal Penetration Testing (WhiteBox and Gray Box) External /Remote Penetration Testing (Blackbox)

October 2013

Black boxing
Stages:
Reconnaissance, Surveillance, Intel gathering and hours of stake-outs Network Mapping, Office locations, Employees names their offices and their bosses and family Social media Intel / Data Acquisition

The hardest, but always the best. Takes longer, but its worthy it.
October 2013

Malware attacks

October 2013

Social Engineering

October 2013

Domain Vulnerabilities especially in Banking

October 2013

Government can be taken easy .e.g KRA

October 2013

Client Side attacks

October 2013

Questions

October 2013

Types of Risk

October 2013

References

October 2013

References

October 2013

Itec413 15
Document33 pages
Itec413 15
Burak Ulucinar
No ratings yet
Unit 9 Penetration Testing
Document29 pages
Unit 9 Penetration Testing
zalak.desai
No ratings yet
Vulnerability Exploitation and Defense Strategies
Document4 pages
Vulnerability Exploitation and Defense Strategies
lt_shak875
No ratings yet
lec3
Document22 pages
lec3
Misbah Irum
No ratings yet
Penetration Testing Explained
Document23 pages
Penetration Testing Explained
Tarun Sahu
No ratings yet
SecureOps Types of Penetration Testing v6
Document29 pages
SecureOps Types of Penetration Testing v6
Ludmil Iordanov
No ratings yet
CEH Notes Cybrary PDF
Document34 pages
CEH Notes Cybrary PDF
Jashan Singh
100% (1)
Vulnerability Assessment and Penetration Testing
Document6 pages
Vulnerability Assessment and Penetration Testing
seventhsensegroup
100% (1)
Planning For Information Security Testing - Joa - Eng - 0916
Document10 pages
Planning For Information Security Testing - Joa - Eng - 0916
RSA Archer
No ratings yet
Vulnerability Assessment and Penetration Testing PDF
Document6 pages
Vulnerability Assessment and Penetration Testing PDF
proftechitspecialist
No ratings yet
1 - MSF-I - Introduction To MSF
Document28 pages
1 - MSF-I - Introduction To MSF
Glowing Star
No ratings yet
Chapter 1 Introduction To Vulnerability Assessment and Penetration Testing
Document29 pages
Chapter 1 Introduction To Vulnerability Assessment and Penetration Testing
CHI QING LIM
No ratings yet
EasyChair Preprint 11719
Document16 pages
EasyChair Preprint 11719
phbck.up.kb
No ratings yet
Vulnerability Assessment and Penetration Testing Techniques
Document6 pages
Vulnerability Assessment and Penetration Testing Techniques
Vamsi Krishna
No ratings yet
A Complete Guide To Penetration Testing
Document4 pages
A Complete Guide To Penetration Testing
raghunandhan.cv
No ratings yet
Introduction To ISA
Document35 pages
Introduction To ISA
Screamer Fever
No ratings yet
(IViettech) - Chapter11 - What Is Security Testing
Document15 pages
(IViettech) - Chapter11 - What Is Security Testing
GML Kill
No ratings yet
Penetration Testing Fundamentals Webinar
Document38 pages
Penetration Testing Fundamentals Webinar
kingnachi
No ratings yet
Web Security Audit Basics
Document20 pages
Web Security Audit Basics
rzpjck6xrm
No ratings yet
Certified Red Team Physical PenTest Leader - Quick Training
Document83 pages
Certified Red Team Physical PenTest Leader - Quick Training
Ash Ketchum
100% (1)
Introduction to Ethical Hacking: Understanding Hacker Classifications and Penetration Testing Techniques
Document29 pages
Introduction to Ethical Hacking: Understanding Hacker Classifications and Penetration Testing Techniques
Rahul Choudhary
100% (1)
Vulnerabilities Vs Penetration Testing
Document9 pages
Vulnerabilities Vs Penetration Testing
D
No ratings yet
Module-3: Information Security Management
Document28 pages
Module-3: Information Security Management
Akshi Chauhan
No ratings yet
Vulnerability Assessment and Penetration Testing
Document25 pages
Vulnerability Assessment and Penetration Testing
Yonas Mengistu
No ratings yet
It20153540 - Aia 2
Document15 pages
It20153540 - Aia 2
wedamew444
No ratings yet
Hacking: - Muhammad Adib B Saarani - 4 Teknologi 1 - PN Noraini BT Mohamed Noor
Document12 pages
Hacking: - Muhammad Adib B Saarani - 4 Teknologi 1 - PN Noraini BT Mohamed Noor
uhuhhu
No ratings yet
Threat and Vulnerability Management - Ryan Elmer - Frsecure
Document34 pages
Threat and Vulnerability Management - Ryan Elmer - Frsecure
ahmad.nawaz
No ratings yet
Unit 1 Ethical Hacking
Document56 pages
Unit 1 Ethical Hacking
anjali sowmya
No ratings yet
Mod 3
Document94 pages
Mod 3
Triparna Poddar
No ratings yet
Vulnerability Scanning vs. Penetration Testing
Document13 pages
Vulnerability Scanning vs. Penetration Testing
Tarun Sahu
No ratings yet
Pentester and Network Security for a Secure Modern Society
Document8 pages
Pentester and Network Security for a Secure Modern Society
Ofrates Siringan
No ratings yet
Definitive Guide To Penetration Testing
Document19 pages
Definitive Guide To Penetration Testing
[]
No ratings yet
Introduction To Ethical Hacking - Foot Printing and Reconnaissance - Scanning Networks - Enumeration - System Hacking - Malware Threats - Sniffing
Document40 pages
Introduction To Ethical Hacking - Foot Printing and Reconnaissance - Scanning Networks - Enumeration - System Hacking - Malware Threats - Sniffing
jaya prasanna
100% (1)
Module 1 Ehp PDF
Document21 pages
Module 1 Ehp PDF
chempa1
No ratings yet
Vulnerability Assessment & Penetration Testing: By: Michael Lassiter JR
Document9 pages
Vulnerability Assessment & Penetration Testing: By: Michael Lassiter JR
Jack
No ratings yet
Assignment CSF
Document12 pages
Assignment CSF
GOLDEN BIRD
No ratings yet
Study Paper On Penetration Testing - Final
Document20 pages
Study Paper On Penetration Testing - Final
rontechtips
No ratings yet
NMCSP 2008 Batch-I: Introduction To Ethical Hacking
Document41 pages
NMCSP 2008 Batch-I: Introduction To Ethical Hacking
Jitendra Kumar Dash
100% (1)
An Overview of Network Penetration Testing: Cite This Paper
Document7 pages
An Overview of Network Penetration Testing: Cite This Paper
Did you know THAT
No ratings yet
Module-4: Information Security Audit Preparation
Document35 pages
Module-4: Information Security Audit Preparation
Nirabhra Ray
No ratings yet
7-System Security
Document113 pages
7-System Security
ep230842
No ratings yet
Q No.1: Vulnerability Assessment
Document5 pages
Q No.1: Vulnerability Assessment
waqas amjad
No ratings yet
Compusoft, 3 (4), 752-757 PDF
Document6 pages
Compusoft, 3 (4), 752-757 PDF
Ijact Editor
No ratings yet
(IJCST-V7I3P25) :Dr.K.Sai Manoj, Ms. K. Mrudula, Mrs G.Maanasa, Prof.K.Phani Srinivas
Document5 pages
(IJCST-V7I3P25) :Dr.K.Sai Manoj, Ms. K. Mrudula, Mrs G.Maanasa, Prof.K.Phani Srinivas
EighthSenseGroup
No ratings yet
ISAA
Document38 pages
ISAA
rishabh agrawal
No ratings yet
Testing Practice-TA-Security Testing-Introduction05
Document14 pages
Testing Practice-TA-Security Testing-Introduction05
nagesh
No ratings yet
Evaluation and Taxonomy of Penetration Testing PDF
Document6 pages
Evaluation and Taxonomy of Penetration Testing PDF
Editor IJRITCC
No ratings yet
Pentretion Testing
Document15 pages
Pentretion Testing
Jimmyko
No ratings yet
Effective Penetration Testing
Document8 pages
Effective Penetration Testing
flaviodemenezes
No ratings yet
98-367 2E Lesson 1 Slides
Document41 pages
98-367 2E Lesson 1 Slides
Esraa Sayed Abdelhamed Sayed
No ratings yet
Application Layer Vulnerabilities
Document26 pages
Application Layer Vulnerabilities
VishwasSharma
0% (1)
ETHICAL HACKING: 40-character guide to security testing
Document37 pages
ETHICAL HACKING: 40-character guide to security testing
Abdul Hannan Faisal
No ratings yet
VAPT Interview Questions and Answers
Document110 pages
VAPT Interview Questions and Answers
tanmay
75% (4)
Risk - Assessment & Forensic Analysis
Document15 pages
Risk - Assessment & Forensic Analysis
rjkj123
No ratings yet
Information Security Chapter 2
Document20 pages
Information Security Chapter 2
bscitsemv
No ratings yet
Penetration Testing Services For PC Centre
Document5 pages
Penetration Testing Services For PC Centre
David Aagulu
No ratings yet
Unit-2 Notes With Reference To Question Bank Topics (E-Next - In)
Document13 pages
Unit-2 Notes With Reference To Question Bank Topics (E-Next - In)
Krutika Ruke
No ratings yet
Presentation 1.3
Document15 pages
Presentation 1.3
Kannan
No ratings yet
Software Penetration Testing
Document9 pages
Software Penetration Testing
Kishore Reddy
No ratings yet
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
From Everand
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
alasdair gilchrist
Rating: 3 out of 5 stars
3/5 (9)
Silicon Kenya - Harnessing ICT Innovations For Economic Development 2013
Document60 pages
Silicon Kenya - Harnessing ICT Innovations For Economic Development 2013
ICT AUTHORITY
No ratings yet
State of Public Service and Access To Justice in Kenya
Document70 pages
State of Public Service and Access To Justice in Kenya
opangavich
100% (1)
ICT Authority Legal Notice
Document13 pages
ICT Authority Legal Notice
ICT AUTHORITY
No ratings yet
Tender Notice: Integrated City Revenue Management System For Nairobi City County
Document397 pages
Tender Notice: Integrated City Revenue Management System For Nairobi City County
ICT AUTHORITY
No ratings yet
Digitizing Govt Payments Kenya Study - FINAL
Document32 pages
Digitizing Govt Payments Kenya Study - FINAL
ICT AUTHORITY
0% (1)
Julisha Final Report 1
Document83 pages
Julisha Final Report 1
ICT AUTHORITY
No ratings yet
Julisha Phase 2-KICTB Survey Results Phase II - Results Launchv2
Document45 pages
Julisha Phase 2-KICTB Survey Results Phase II - Results Launchv2
ICT AUTHORITY
No ratings yet
Final Speakers List and Statistics at Connected East Africa Summit 2015
Document6 pages
Final Speakers List and Statistics at Connected East Africa Summit 2015
ICT AUTHORITY
No ratings yet
HeadofEastAfrica SEACOM Joseph Muriithi Transport and Communication Infrastructure ConnectedEA2015 1-03-15
Document3 pages
HeadofEastAfrica SEACOM Joseph Muriithi Transport and Communication Infrastructure ConnectedEA2015 1-03-15
ICT AUTHORITY
No ratings yet
Talent Pool and Workforce Development - ZensarESDCase Study - Connected EA 2015 - 31!04!15
Document10 pages
Talent Pool and Workforce Development - ZensarESDCase Study - Connected EA 2015 - 31!04!15
ICT AUTHORITY
No ratings yet
ICT Authority - Conference Rapperteour - Connected EA 2015 Summit Summary and Action Points - 09!04!15
Document2 pages
ICT Authority - Conference Rapperteour - Connected EA 2015 Summit Summary and Action Points - 09!04!15
ICT AUTHORITY
No ratings yet
Research Scientist IBM Research Africa DR - Charity Wayua EaseofDoingBusinessReport ConnectedEA2015 1-04-15
Document28 pages
Research Scientist IBM Research Africa DR - Charity Wayua EaseofDoingBusinessReport ConnectedEA2015 1-04-15
ICT AUTHORITY
No ratings yet
Women in Technology - Presentation - 30 March 2015
Document18 pages
Women in Technology - Presentation - 30 March 2015
ICT AUTHORITY
No ratings yet
Connected East Africa 2015 Key Action Poinst & Recommendations 1
Document3 pages
Connected East Africa 2015 Key Action Poinst & Recommendations 1
ICT AUTHORITY
100% (1)
Head C4DLab UniversityofNairobi DR Tonny Omwansa Cloud Infrastructure ConnectedEA 2015-01!04!15
Document49 pages
Head C4DLab UniversityofNairobi DR Tonny Omwansa Cloud Infrastructure ConnectedEA 2015-01!04!15
ICT AUTHORITY
No ratings yet
Africa Open 4business: Amr Kamel Director - Enterprise Business Microsoft SSA
Document7 pages
Africa Open 4business: Amr Kamel Director - Enterprise Business Microsoft SSA
ICT AUTHORITY
No ratings yet
CEO ICT Authority Victor Kyalo ConnectedEA2015 WelcomeSpeech 31-03-15
Document3 pages
CEO ICT Authority Victor Kyalo ConnectedEA2015 WelcomeSpeech 31-03-15
ICT AUTHORITY
No ratings yet
Program Connected EA2015 Public
Document2 pages
Program Connected EA2015 Public
ICT AUTHORITY
No ratings yet
Consultant Kentrade Donald Lim-Fat Cashless Economy ConnectedEA2015 1-04-15
Document20 pages
Consultant Kentrade Donald Lim-Fat Cashless Economy ConnectedEA2015 1-04-15
ICT AUTHORITY
No ratings yet
Chairman Presidential Digital Talent Program Muchemi Wambugu PDTP Report ConnectedEA2015 1-04-15
Document10 pages
Chairman Presidential Digital Talent Program Muchemi Wambugu PDTP Report ConnectedEA2015 1-04-15
ICT AUTHORITY
No ratings yet
Connected East Africa 2015 Sponsorship Opportunities
Document53 pages
Connected East Africa 2015 Sponsorship Opportunities
ICT AUTHORITY
No ratings yet
Director ICT CRA Joseph Kuria County Government Planning and Role of Data ConnectedEA2015 31-03-15
Document21 pages
Director ICT CRA Joseph Kuria County Government Planning and Role of Data ConnectedEA2015 31-03-15
ICT AUTHORITY
No ratings yet
Country Manager Microsoft Kenya Kunle Awosika ConnectedEA 2015 Welcome Speech 31-03-15
Document6 pages
Country Manager Microsoft Kenya Kunle Awosika ConnectedEA 2015 Welcome Speech 31-03-15
ICT AUTHORITY
No ratings yet
Consultant Kentrade Donald Lim-Fat Cashless Economy ConnectedEA2015 1-04-15
Document20 pages
Consultant Kentrade Donald Lim-Fat Cashless Economy ConnectedEA2015 1-04-15
ICT AUTHORITY
No ratings yet
Chairman Enterprise Kenya Strategic Advisory Committee MikeMacharia EnterpriseKenya ConnectedEA 1-04-15
Document17 pages
Chairman Enterprise Kenya Strategic Advisory Committee MikeMacharia EnterpriseKenya ConnectedEA 1-04-15
ICT AUTHORITY
No ratings yet
CS MoICT DR - Fred Matiangi ConnectedEastAfrica2015 31-03-15
Document13 pages
CS MoICT DR - Fred Matiangi ConnectedEastAfrica2015 31-03-15
ICT AUTHORITY
No ratings yet
Netherlands Trust Fund Project Summary
Document5 pages
Netherlands Trust Fund Project Summary
ICT AUTHORITY
No ratings yet
Netherlands Trust Fund III Kenya - IT&ITeS Project Plan
Document60 pages
Netherlands Trust Fund III Kenya - IT&ITeS Project Plan
ICT AUTHORITY
100% (1)
Chairman ICT Authority Board Hon - Edwinyinda ConnectedEastAfrica WelcomeSpeech 31-03-15
Document3 pages
Chairman ICT Authority Board Hon - Edwinyinda ConnectedEastAfrica WelcomeSpeech 31-03-15
ICT AUTHORITY
No ratings yet
Connected East Africa Guide Web
Document96 pages
Connected East Africa Guide Web
ICT AUTHORITY
No ratings yet
IAPP Certification Foundation Study Guide Overview
Document13 pages
IAPP Certification Foundation Study Guide Overview
Renato Leite Monteiro
33% (3)
IRM 10 SocialEngineering
Document2 pages
IRM 10 SocialEngineering
taek
No ratings yet
RHDSA Red Hat Directory Services and Authentication
Document2 pages
RHDSA Red Hat Directory Services and Authentication
Ranjith TK
No ratings yet
ISA 62443 Controls
Document96 pages
ISA 62443 Controls
kindxavier
No ratings yet
Skybox Security Sales&Tech Overview
Document46 pages
Skybox Security Sales&Tech Overview
erdem
100% (1)
Brian Dyes Ethics Complaint Against Naples Mayor Theresa Heitmann - May 17 2021
Document7 pages
Brian Dyes Ethics Complaint Against Naples Mayor Theresa Heitmann - May 17 2021
Omar Rodriguez Ortiz
No ratings yet
Bsimm 12
Document31 pages
Bsimm 12
Adel 507
No ratings yet
PR 18 0944 11 Mitre Attack Design and Philosophy PDF
Document37 pages
PR 18 0944 11 Mitre Attack Design and Philosophy PDF
kaustubhmedhe
No ratings yet
Computational Course Microsyllabus
Document6 pages
Computational Course Microsyllabus
Manoj Khanal
75% (4)
Upgrade RPD Webcat OBIEE 10g To 11g
Document7 pages
Upgrade RPD Webcat OBIEE 10g To 11g
Padmanabha Venkatesh
No ratings yet
Encryption and Security: Travis Michette
Document44 pages
Encryption and Security: Travis Michette
Aung Aung
No ratings yet
Soft Token User Guide
Document27 pages
Soft Token User Guide
Sreekar Pamu
No ratings yet
KLC Consulting: SMAC MAC Address Changer Software
Document3 pages
KLC Consulting: SMAC MAC Address Changer Software
Jens
No ratings yet
CAAF-220-AWRG-1.0 - AMS User ID Creation Form
Document3 pages
CAAF-220-AWRG-1.0 - AMS User ID Creation Form
Iftikhar Jawed
No ratings yet
CompTIA Security
Document53 pages
CompTIA Security
David Caetano
No ratings yet
Dell Executive Summary FINAL 063008
Document18 pages
Dell Executive Summary FINAL 063008
Esse Gée
No ratings yet
Cloud Security Policy Essentials
Document16 pages
Cloud Security Policy Essentials
Surnaz Singh
No ratings yet
Gartner Critical Capabilities For SIEM
Document32 pages
Gartner Critical Capabilities For SIEM
alexio
No ratings yet
Cyber Defense Emagazine - 2018 Global Annual Edition PDF
Document76 pages
Cyber Defense Emagazine - 2018 Global Annual Edition PDF
SASA
No ratings yet
Electronic Mail Security
Document35 pages
Electronic Mail Security
KAVITHA T
No ratings yet
Free Cyber Resources
Document97 pages
Free Cyber Resources
Jesús Peralta
No ratings yet
Dino Entertainment Account Issue Application Title
Document1 page
Dino Entertainment Account Issue Application Title
Muhammad Irfan Bachdim
No ratings yet
Cyber Security Policy Notes
Document2 pages
Cyber Security Policy Notes
Raúl Cálcamo Alonzo
No ratings yet
Lessons Learned From Lessons Learned From Analyzing 100 Data Analyzing 100 Data Breaches Breaches
Document11 pages
Lessons Learned From Lessons Learned From Analyzing 100 Data Analyzing 100 Data Breaches Breaches
santsat
No ratings yet
Cyber Physical System
Document40 pages
Cyber Physical System
kannanchammy
100% (1)
Intrusion Detection Systems (IDS) : Different Types Detection Methods Types of Attacks
Document21 pages
Intrusion Detection Systems (IDS) : Different Types Detection Methods Types of Attacks
Bryan Ascher
No ratings yet
Eligibility for assistance under CITUS scheme
Document2 pages
Eligibility for assistance under CITUS scheme
Balasubramaniam Murugan
No ratings yet
RBI - Revised Lockers Rules Dated 18th Aug 21
Document20 pages
RBI - Revised Lockers Rules Dated 18th Aug 21
PRIYANSHU AGRAWAL
No ratings yet
Software Testing Code - 22518
Document2 pages
Software Testing Code - 22518
Isha Rangari
No ratings yet
Cyber Security in Industrial Controls Systems
Document5 pages
Cyber Security in Industrial Controls Systems
Shoaib Iqbal
No ratings yet