survey of cyber moving targets second edition
play

Survey of Cyber Moving Targets Second Edition Authors: B.C. Ward - PowerPoint PPT Presentation

Apr 05, 2024 •184 likes •562 views

Survey of Cyber Moving Targets Second Edition Authors: B.C. Ward S.R. Gomez R.W. Skowyra D. Bigelow J.N. Martin J.W. Landry H. Okhravi Presenter: Jinghui Liao Outline Cyber Kill Chain Attack technique Moving-targets technique

  1. Survey of Cyber Moving Targets Second Edition Authors: B.C. Ward S.R. Gomez R.W. Skowyra D. Bigelow J.N. Martin J.W. Landry H. Okhravi Presenter: Jinghui Liao

  2. Outline ´ Cyber Kill Chain ´ Attack technique ´ Moving-targets technique ´ Weakness

  3. Cyber Kill Chain ´ Reconnaissance ´ Access ´ Exploit Development ´ Attack Launch ´ Persistence

  4. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  5. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  6. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Leakage of cryptographic keys from memory(WannaCry) ´ Side-channel attacks(spectre meltdown)

  7. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  8. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Exhaust or manipulate shared resources ´ Denial-of-service using CPU saturation

  9. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  10. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  11. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ buffer overflow ´ script injection ´ SQL injection

  12. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  13. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Timing ´ Ordering ´ Arguments ´ Return-oriented programming (ROP)

  14. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  15. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Fake identity ´ Man-in-the-middle ´ Phishing

  16. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  17. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Compromise authentication process ´ Cross-site scripting

  18. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  19. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  20. ATTACK TECHNIQUES ´ Data Leakage Attacks ´ Resource Attacks ´ Injection ´ Code Injection ´ Control Injection ´ Spoofing ´ Exploitation of Authentication ´ Exploitation of Privilege/Trust ´ Scanning ´ Supply Chain/Physical Attacks

  21. https://www.bloomberg.com/news/features/2018- 10-04/the-big-hack-how-china-used-a-tiny-chip-to- infiltrate-america-s-top-companies

  22. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks

  23. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks

  24. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Format ´ Syntax ´ Encoding ´ Encryption ´ Representation

  25. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks

  26. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Instructions ´ Order ´ Grouping ´ Format

  27. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks

  28. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks

  29. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Code ´ Libraries ´ Stack/heap ´ Functions

  30. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks

  31. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Interface presented by the operating system

  32. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks

  33. Moving-Targets ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ OS version ´ CPU architecture ´ OS instance ´ Platform data format

  34. Moving-Targets ´ Any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system less homogeneous, static, or deterministic ´ Dynamic Data ´ Dynamic Software ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks

  35. Moving-Targets ´ Dynamic Runtime Environment ´ Address Space Randomization ´ Instruction Set Randomization ´ Dynamic Platforms ´ Dynamic Networks ´ Protocols ´ Addresses

  36. WEAKNESSES ´ Overcome Movement ´ Predict Movement ´ Limit Movement ´ Disable Movement

  37. Thank you!

Recommend

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system

728 views • 27 slides
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target

Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target

Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system Increase the complexity of cyber

442 views • 40 slides
Estimation of moving targets located behind reinforced concrete wall using moving sensor arrays

Estimation of moving targets located behind reinforced concrete wall using moving sensor arrays

Estimation of moving targets located behind reinforced concrete wall using moving sensor arrays Marija M. Nikoli 1 , Arye Nehorai 2 , and Antonije R. Djordjevi 1 1 University of Belgrade, Serbia 2 Washington University in St. Louis, USA

213 views • 20 slides
Small Arms Survey 2012 New York, 1-5 June 2015 Small arms, new technologies, and MGE2 Moving

Small Arms Survey 2012 New York, 1-5 June 2015 Small arms, new technologies, and MGE2 Moving

Second Open-ended Meeting of Governmental Experts under the UNPoA Small Arms Survey 2012 New York, 1-5 June 2015 Small arms, new technologies, and MGE2 Moving Targets Glenn McDonald MGE2 (June 2015) SMALL ARMS SURVEY Second Open-ended

547 views • 26 slides
Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1

Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1

Cyber security for automotive Moving Britain Ahead March 17 OFFICIAL Rail Cyber Security 1 Challenges for the automotive industry Cultural: Cyber security is new to the industry They need to get the right structures and

377 views • 5 slides
Caveats Themes are moving targets FC of 2008 is not identical/coincidental but co

Caveats Themes are moving targets FC of 2008 is not identical/coincidental but co

Caveats Themes are moving targets FC of 2008 is not identical/coincidental but co relational to Euro crisis Causes of the Euro crisis vary between the countries Effects, for the most part, early to measure of steps taken to

551 views • 40 slides
LuckyCat Organized Cyber-Crime (tracing back to China) Targets in India, Japan and Tibet.

LuckyCat Organized Cyber-Crime (tracing back to China) Targets in India, Japan and Tibet.

LuckyCat Organized Cyber-Crime (tracing back to China) Targets in India, Japan and Tibet. Research facilities belonging to Military, Universities and Governments Areas of aerospace, energy and astronautics. The gang behind

576 views • 22 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
SLO Growth Targets How to determine & set growth targets Todays Learning Targets I CAN

SLO Growth Targets How to determine & set growth targets Todays Learning Targets I CAN

SLO Growth Targets How to determine & set growth targets Todays Learning Targets I CAN evaluate pre-assessment data & group my students by score ranges. I CAN set growth targets that are rigorous yet attainable. I CAN complete

927 views • 26 slides
CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up

CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up

Announcements Reading assignments Today and Monday: CSE 311 Foundations of 4.3 7 th Edition Computing I 3.5, 3.6 6 th Edition 2.5, 2.6 up to p. 191 5 th Edition Lecture 11 Wednesday Modular Exponentiation and Primes

345 views • 5 slides
Oxfordshire Online Pupil Survey 2020 - Home Edition Health and Wellbeing in Oxfordshire School

Oxfordshire Online Pupil Survey 2020 - Home Edition Health and Wellbeing in Oxfordshire School

Oxfordshire Online Pupil Survey 2020 - Home Edition Health and Wellbeing in Oxfordshire School Pupils Home Survey: May June 2020 Oxfordshire Online Pupil Survey 2020 - Home Edition This survey Oxfordshire Online Pupil Survey 2020 Home

241 views • 6 slides
Understanding the Uncertainty in 1D Unidirectional Moving Target Selection Jin Huang , Feng Tian,

Understanding the Uncertainty in 1D Unidirectional Moving Target Selection Jin Huang , Feng Tian,

Understanding the Uncertainty in 1D Unidirectional Moving Target Selection Jin Huang , Feng Tian, Xiangmin Fan, Xiaolong(Luke) Zhang, Shumin Zhai CHI 2018 April 26 th , 2018 INTRODUCTION MOVING TARGETS EVERYWHERE Screenshot of StarCraft II

430 views • 39 slides
Securing Cyber-Physical Systems: moving beyond fear Stefano Zanero, PhD Associate Professor,

Securing Cyber-Physical Systems: moving beyond fear Stefano Zanero, PhD Associate Professor,

Securing Cyber-Physical Systems: moving beyond fear Stefano Zanero, PhD Associate Professor, Politecnico di Milano Welcome to the security circus! Stefano Zanero We all like to see the attractions Stefano Zanero We all like to see the

922 views • 46 slides
CSE 311 Foundations of 12.1 12.3 7 th Edition Computing I 11.1 11.3 6 th Edition

CSE 311 Foundations of 12.1 12.3 7 th Edition Computing I 11.1 11.3 6 th Edition

Announcements Reading assignments Boolean Algebra CSE 311 Foundations of 12.1 12.3 7 th Edition Computing I 11.1 11.3 6 th Edition 10.1 10.3 5 th Edition Lecture 4, Boolean Logic Predicates and Quantifiers

360 views • 5 slides
WORLDWIDE CYBER-ATTACKS: THEIR IMPACT ON THE INTERNATIONAL HEALTH SERVICES AND THEIR ANSWER IN

WORLDWIDE CYBER-ATTACKS: THEIR IMPACT ON THE INTERNATIONAL HEALTH SERVICES AND THEIR ANSWER IN

MOL2NET 2017, International Conference on Multidisciplinary Sciences, 3rd edition. Section 08: LAWSCI-01: Wokshop on Challenges in Law, Technology, Life, and Social Sciences. 25 30 July, 2017. Bilbao, Spain. WORLDWIDE CYBER-ATTACKS: THEIR

78 views • 5 slides
Thoughts from the Shire Geoff Wright A standard for moving surveys between survey One Ring to

Thoughts from the Shire Geoff Wright A standard for moving surveys between survey One Ring to

Thoughts from the Shire Geoff Wright A standard for moving surveys between survey One Ring to rule them all, One Ring to find them, packages on various hardware and software platforms One Ring to bring them all and in the darkness bind them

229 views • 10 slides
The Protective Factors Survey, 2 nd Edition (PFS-2) Background and Introduction December 12, 2018

The Protective Factors Survey, 2 nd Edition (PFS-2) Background and Introduction December 12, 2018

December 2018 PLC: The Protective Factors Survey, 2 nd Edition (PFS-2) Background and Introduction December 12, 2018 Childrens Bureau Updates December 12, 2018 2019 Prevention Resource Guide Preorder Information The preorder for the

1.22k views • 27 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Fall Opening Looking Back and Moving Forward Reading School Committee June 25, 2020 District

Fall Opening Looking Back and Moving Forward Reading School Committee June 25, 2020 District

Fall Opening Looking Back and Moving Forward Reading School Committee June 25, 2020 District Leadership Family Survey Staff Survey Results Team Reflections on Latest Information Results on Fall Questions on Fall Reopening Remote

721 views • 47 slides
High-Performance Numerical Simulation of Biodegradation Process with Moving Boundaries FreeFEM

High-Performance Numerical Simulation of Biodegradation Process with Moving Boundaries FreeFEM

High-Performance Numerical Simulation of Biodegradation Process with Moving Boundaries FreeFEM Days, 11th Edition Mojtaba Barzegari, Liesbet Geris Biomechanics Section, Department of Mechanical Engineering, KU Leuven December 2019 0 Our

712 views • 36 slides

More recommend