Uploaded byAvinashAvuthu2
PPTX, PDF220 views

Cyber Security Hacking and Attack Tree Analysis

The document provides an in-depth overview of cybersecurity, focusing on scanning processes used to identify and mitigate vulnerabilities in various systems, networks, and applications. It discusses different types of scanning methods, including network, vulnerability, web application, database, host-based, and wireless network scanning, along with the tools and techniques used in each. Additionally, it covers attack tree analysis, penetration testing, and security testing tools, emphasizing their importance for identifying security threats and ensuring compliance with regulations.

Embed presentation

Download to read offline
Cyber Security A. Avinash, Ph.D., Assistant Professor School of Computer Science and Engineering (SCOPE) Vellore Institute of Technology (VIT), Chennai
• Scanning is a critical process in cyber security used to identify vulnerabilities, weaknesses, and potential threats in networks, systems, and applications. Importance of Scanning • Proactive Defense: Helps identify and fix vulnerabilities before they can be exploited by attackers. • Compliance: Assists in meeting regulatory requirements and industry standards (e.g., PCI DSS, HIPAA). • Risk Management: Enables organizations to assess and mitigate risks effectively. • Continuous Monitoring: Provides ongoing visibility into the security posture of the organization. Hacking Methodology
Types of Scanning 1. Network Scanning: Network scanning is the process of discovering devices, services, and open ports in a network. • Purpose: To map the network, identify active devices, and detect open ports and services. • Tools: • Nmap: A powerful network scanner that can discover hosts and services on a network. • Angry IP Scanner: A fast and easy-to-use IP address and port scanner. • Advanced IP Scanner: A network scanner to analyze LAN. • Methods: • Ping Sweeps: Sending ICMP echo requests to multiple hosts to determine which are up and responding. • Port Scanning: Checking the status of ports (open, closed, or filtered) on devices to identify running services. • OS Detection: Identifying the operating systems running on network devices. Hacking Methodology
Hacking Methodology 2. Vulnerability Scanning: Vulnerability scanning aims to detect security weaknesses in systems and applications. • Purpose: To identify vulnerabilities that can be exploited by attackers. • Tools: • Nessus: A widely used vulnerability scanner that identifies vulnerabilities, configuration issues, and malware. • OpenVAS: An open-source vulnerability scanner that offers a comprehensive scanning and vulnerability management solution. • Qualys: A cloud-based platform that provides continuous vulnerability scanning and compliance monitoring. • Methods: • Authenticated Scanning: Uses valid credentials to perform a deeper and more accurate scan of the target system. • Unauthenticated Scanning: Scans the target system without using credentials, simulating an attack from an external threat actor. • Configuration Checks: Evaluates the system's configuration against best practices and security standards.
3. Web Application Scanning: Web application scanning focuses on identifying security vulnerabilities in web applications. • Purpose: To find vulnerabilities that can be exploited in web applications. • Tools: • OWASP ZAP (Zed Attack Proxy): An open-source web application security scanner. • Burp Suite: A comprehensive platform for performing security testing of web applications. • Nikto: An open-source web server scanner that checks for dangerous files, outdated server software, and other issues. • Methods: • Static Analysis: Examines the application's source code to identify vulnerabilities. • Dynamic Analysis: Tests the running application to identify security issues. • Fuzzing: Inputs a large amount of random data ("fuzz") to the application to find security flaws. Hacking Methodology
4. Database Scanning: Database scanning identifies vulnerabilities and misconfigurations in databases. • Purpose: To ensure the security and integrity of databases. • Tools: • DBScan: A database vulnerability scanner that checks for security issues in various types of databases. • SQLmap: An open-source tool that automates the detection and exploitation of SQL injection flaws. • Methods: • Configuration Checks: Ensures that database settings are secure and follow best practices. • Content Scans: Identifies sensitive data, such as Personally Identifiable Information (PII) or credit card numbers, that might be exposed. Hacking Methodology
5. Host-based Scanning: Host-based scanning focuses on the security of individual hosts or devices. • Purpose: To identify vulnerabilities and misconfigurations on specific devices. • Tools: • Nessus: Also used for host-based scanning to check for vulnerabilities on individual hosts. • OpenVAS: Provides host-based scanning capabilities to identify vulnerabilities on specific systems. • Retina Network Security Scanner: A comprehensive vulnerability assessment solution for identifying security risks on hosts. • Methods: • Patch Management: Ensures that all software and systems are up-to-date with the latest security patches. • Configuration Audits: Evaluates the configuration of the host against security best practices. Hacking Methodology
6. Wireless Network Scanning: Wireless network scanning identifies and assesses wireless networks and their security. • Purpose: To detect and secure wireless networks. • Tools: • Aircrack-ng: A suite of tools for assessing Wi-Fi network security. • Kismet: A wireless network and device detector, sniffer, and intrusion detection system. • Wireshark: A network protocol analyzer that can capture and analyze wireless traffic. • Methods: • SSID Discovery: Identifies available wireless networks and their SSIDs. • Encryption Analysis: Checks the encryption methods used by wireless networks to ensure they are secure. • Rogue Access Point Detection: Identifies unauthorized access points that may pose a security risk. Hacking Methodology
Attack Tree Analysis • An attack tree is a visual representation that models the security of a system from the perspective of an attacker. • It starts with a single root node representing the main goal of the attack (e.g., gaining unauthorized access). • Node is then expanded into branches that represent different ways to achieve this goal. • Each branch can further divide into sub-branches, representing more specific attack methods or steps.
Attack Tree Analysis Components of an Attack Tree • Root Node: The ultimate goal of the attack (e.g., stealing sensitive data). • Branches: Different methods or steps to achieve the goal. • Leaf Nodes: The final steps or specific actions in each attack path. • AND Nodes: Represent steps that must all occur together for an attack to succeed. • OR Nodes: Represent alternative steps, where any one can lead to the next stage in the attack.
Attack Tree Analysis
Attack Tree Analysis
Attack Tree Analysis Example of an Attack Tree: Consider an attack tree for gaining unauthorized access to a secure system • Root Node: Gain unauthorized access • Branch 1: Exploit software vulnerability (OR Node) • Leaf Node: Identify vulnerability • Leaf Node: Develop exploit • Branch 2: Obtain login credentials (OR Node) • Sub-Branch: Phishing (AND Node) • Leaf Node: Create phishing email • Leaf Node: Send email to target • Sub-Branch: Social engineering (AND Node) • Leaf Node: Impersonate IT support • Leaf Node: Convince user to reveal password • Branch 3: Physical access (OR Node) • Leaf Node: Steal access card • Leaf Node: Bypass physical security
Attack Tree Analysis
Attack Tree Analysis Benefits of Attack Tree Analysis • Structured Approach: Provides a clear and organized way to think about and document potential attack vectors. • Comprehensive Coverage: Ensures that all possible attack paths are considered. • Prioritization: Helps prioritize threats based on likelihood and impact, enabling more effective resource allocation. • Risk Assessment: Assists in evaluating the risk associated with each attack path. • Mitigation Planning: Facilitates the development of strategies to counteract identified threats.
Attack Tree Analysis Steps to Create an Attack Tree • Define the Goal: Identify the main objective of the potential attacker (e.g., data theft, system disruption). • Identify Attack Vectors: Brainstorm all possible ways to achieve the goal. • Break Down Steps: Decompose each attack vector into smaller, manageable steps. • Organize the Tree: Structure the attack vectors and steps into a hierarchical tree format. • Analyze the Tree: Evaluate the likelihood and impact of each attack path. Identify vulnerabilities and possible defenses.
Attack Tree Analysis Applications of Attack Tree Analysis • Security Assessment: Used by security professionals to assess the robustness of systems and identify weak points. • Incident Response Planning: Helps in preparing for potential security incidents by understanding attack methods. • Compliance and Auditing: Supports regulatory and compliance requirements by demonstrating thorough security analysis. • Training and Awareness: Educates employees and stakeholders about potential security threats and defenses.
Assessing vulnerabilities Assessing vulnerabilities is a critical process in cyber security aimed at identifying, evaluating, and mitigating weaknesses in systems, networks, and applications. Key steps involved in assessing vulnerabilities: 1. Planning and Preparation a. Define Scope: • Determine the assets, systems, and networks to be assessed. • Identify the boundaries and limitations of the assessment. b. Gather Information: • Collect data on the target environment, including network topology, operating systems, applications, and security policies. • Identify the stakeholders and obtain necessary permissions.
Assessing vulnerabilities 2. Asset Identification and Prioritization a. Inventory Assets: • Create a comprehensive list of all hardware, software, and data assets. • Include details such as IP addresses, versions, configurations, and dependencies. b. Classify and Prioritize: • Categorize assets based on their criticality to the organization. • Assign priority levels to assets based on their importance and the potential impact of a vulnerability. 3. Vulnerability Identification a. Automated Scanning: • Use automated vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS) to perform initial assessments. • Configure the tools to scan for known vulnerabilities in the target environment. b. Manual Testing: • Conduct manual tests to identify vulnerabilities that automated tools may miss. • Use techniques such as penetration testing, code review, and configuration review.
Assessing vulnerabilities 4. Vulnerability Analysis a. Validate Findings: • Verify the vulnerabilities identified by automated tools and manual tests. • Eliminate false positives and ensure accuracy. b. Assess Impact and Exploitability: • Evaluate the potential impact of each vulnerability on the organization. • Determine how easily the vulnerability can be exploited by an attacker. c. Classify Vulnerabilities: • Categorize vulnerabilities based on their severity (e.g., critical, high, medium, low). • Use standardized scoring systems such as CVSS (Common Vulnerability Scoring System) to quantify severity.
Assessing vulnerabilities 5. Reporting and Documentation a. Create a Detailed Report: • Document the findings, including the identified vulnerabilities, their severity, and potential impact. • Provide detailed descriptions, screenshots, and steps to reproduce the vulnerabilities. b. Recommend Mitigations: • Suggest specific actions to remediate or mitigate each vulnerability. • Include both short-term fixes and long-term strategies. c. Communicate with Stakeholders: • Present the findings and recommendations to relevant stakeholders. • Ensure clear communication of the risks and necessary actions.
Assessing vulnerabilities 6. Continuous Monitoring and Improvement a. Establish Continuous Monitoring: • Implement continuous monitoring tools and processes to detect new vulnerabilities and threats. • Regularly update vulnerability databases and scanning tools. b. Review and Update Policies: • Periodically review and update security policies, procedures, and controls. • Ensure ongoing training and awareness for staff to stay informed about emerging threats and best practices.
Penetration Testing ● Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities. ● The process of pen testing involves gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. ● Penetration testing can be automated with software applications or performed manually either way. ● A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network. ● A white-box penetration testers are given full access to source code, architecture documentation etc.
Phases of a Penetration Test 1. It is the process of collecting information before deploying any real attacks. 2. It is the process of identifying the likely entry points into the target system. 3. It is the process which defines, locates, and classifies the security leaks in a computer, network, or application. 4. It is the process of enabling pen testers to compromise a system and expose to further attacks. 5. It is the process of documenting all the steps that led to a successful attack during the test.
Penetration Test Terms 1. Common vulnerabilities and exposures (CVE) program cataloging software and firmware vulnerabilities for 18 years. 2. Vulnerability is a weak point or a bug in a piece of software , hardware or operating system that leaves a system open and vulnerable to attacks and unauthorized access. 3. Exploit is a code that takes advantage of a software vulnerability or security flaw. Exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network or computer systems. 4. Payload is a piece of code that executed through exploit.
Most Common Types of Cyber Attacks 1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks 2. Man in The Middle Attack (MITM) 3. Phishing and spear Attacks 4. SQL Injection Attack 5. Cross-Site Scripting (XSS) Attack
Common Network Attacks 1. CDP Manipulation: CDP packets are enabled by default on Cisco switches and transmitted in a clear text which allows the attacker to analyze the packets and gain information about the network device, so the attacker can search for a known vulnerability and execute against this device. 2. Telnet Enabled VTY: Telnet also transmits packets in clear text which can reveal to an attacker who’s sniffing the network , as well as SSH v1 which is also vulnerable and compromised. 3. Mac Flooding: The attacker floods the Mac table with Mac Address more than the switch can store or handle , which makes the switch operating as a hub giving the attacker the opportunity to sniff all traffic on the segment. 4. DHCP Spoofing: the attacker listens for DHCP requests and answers them , giving it’s IP address the default gateway for the clients , the attacker becomes a (MITM). 5. ARP Spoofing: similar to dhcp spoofing but related to ARP Messages.
Common Pentest Tools 1. Nmap is a very popular tool predominantly aids in understanding the characteristics of any target network, the characteristics include host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced. 2. Nessus is a scanner, robust vulnerability identifier tool. It specializes in compliance checks, Sensitive data searches, IPs scan, website scanning etc. and aids in finding the ‘weak-spots’. 3. Acunetix is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS. 4. Metasploit is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. It runs a ‘payload’, a code that performs operations on a target machine, thus creating a perfect framework for penetration testing. 5. Wireshark is a network protocol analyzer, details about network protocols, packet information, decryption etc. 6. Burp-Suite: Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable.
Pentest roles and responsibilities 1. Network and application tests to check the general security vulnerabilities across a network. 2. Physical security test checking for disaster hardening of servers to non-cyber threats 3. Security audits is a fundamental and ongoing aspect of the penetration tester’s role. 4. General security report writing and the use of metrics from tests to help develop security strategies 5. Involvement in security team and security policy review need to be able to communicate with team and help with security policy review
Penetration Testing certificates Here is a list of the most common certificates in penetration Testing: ● EC-Council Licensed Penetration Tester (LPT) Master ● IACRB Certified Penetration Tester (CPT) ● Certified Expert Penetration Tester (CEPT) ● Certified Penetration Testing Engineer (CPTE) ● GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) ● GIAC Web Application Penetration Tester (GWAPT) ● GIAC Penetration Tester (GPEN)
Security Testing Tools The process of identifying and mitigating security vulnerabilities in applications and networks. Importance: Ensures the protection of data, compliance with regulations, and maintains user trust. Types of Security Testing: ● Vulnerability Scanning ● Penetration Testing ● Security Audits
Security Testing Tools Categories of Security Testing Tools ● Static Application Security Testing (SAST) ● Dynamic Application Security Testing (DAST) ● Interactive Application Security Testing (IAST) ● Network Security Tools ● Web Application Security Tools ● Database Security Tools
Security Testing Tools Static Application Security Testing (SAST) Tools: Analyzes source code for security vulnerabilities without executing the program. Examples: ● SonarQube: Detects bugs and vulnerabilities in code. ● Checkmarx: Provides detailed security analysis and compliance checks. ● Veracode: Offers comprehensive security testing and remediation guidance. Dynamic Application Security Testing (DAST) Tools: Tests applications in runtime, simulating attacks to find vulnerabilities. Examples: ● OWASP ZAP: Open-source tool for finding vulnerabilities in web applications. ● Burp Suite: Integrated platform for performing security testing of web applications. ● Acunetix: Automated web vulnerability scanner that detects and reports on a wide range of web application vulnerabilities.
Security Testing Tools Interactive Application Security Testing (IAST) Tools: Combines elements of SAST and DAST to provide real-time analysis. Examples: ● Contrast Security: Embeds sensors to analyze application behavior. ● Seeker by Synopsys: Provides actionable insights by monitoring application interactions. Network Security Tools: Scans networks to identify vulnerabilities and potential security breaches. Examples: ● Nessus: Comprehensive vulnerability scanner for identifying network vulnerabilities. ● OpenVAS: Open-source vulnerability scanning tool. ● Nmap: Network mapping tool that discovers hosts and services on a computer network.
Security Testing Tools Web Application Security Tools : Focuses on identifying vulnerabilities in web applications. Examples: ● Nikto: Open-source web server scanner which performs comprehensive tests. ● Netsparker: Automated web application security scanner. ● W3AF: Open-source web application attack and audit framework. Database Security Tools: Ensures the security of databases by identifying vulnerabilities and misconfigurations. Examples: ● SQLMap: Open-source tool for automating the process of detecting and exploiting SQL injection flaws. ● DBProtect: Provides database activity monitoring and vulnerability management. ● AppDetectivePro: Identifies security vulnerabilities in database environments.

More Related Content

PPTX
Cia security model
byImran Ahmed
 
PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
PPTX
Penetration testing in wireless network
byHadi Fadlallah
 
PDF
Cyber Security Vulnerabilities
bySiemplify
 
PPTX
What is Penetration Testing?
bybtpsec
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
PPT
Keyloggers and Spywares
byAnkit Mistry
 
Cia security model
byImran Ahmed
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
Penetration testing in wireless network
byHadi Fadlallah
 
Cyber Security Vulnerabilities
bySiemplify
 
What is Penetration Testing?
bybtpsec
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
Keyloggers and Spywares
byAnkit Mistry
 

What's hot

PDF
Computer Security Threats
byQuick Heal Technologies Ltd.
 
PPTX
zero day exploits
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PPT
Ethical Hacking and Penetration Testing
byRishabh Upadhyay
 
PPTX
Cyber attack
byManjushree Mashal
 
PPTX
Web security
byPadam Banthia
 
PDF
Nmap basics
byitmind4u
 
PPTX
Password Cracking
bySina Manavi
 
PPT
Trojan horse
byGaurang Rathod
 
PDF
Introduction to MITRE ATT&CK
byArpan Raval
 
PPTX
Introduction to ethical hacking
byVikram Khanna
 
PDF
The Cyber Attack Lifecycle
byCybereason
 
PPTX
System security
byinvertis university
 
PPTX
Ethical Hacking PPT (CEH)
byUmesh Mahawar
 
PPTX
Basics of Denial of Service Attacks
byHansa Nidushan
 
PPTX
Phases of penetration testing
byAbdul Rahman
 
PPTX
Reconnaissance
byn|u - The Open Security Community
 
PPTX
Network traffic analysis with cyber security
byKAMALI PRIYA P
 
PPTX
Types of cyber attacks
bykrishh sivakrishna
 
PDF
KHNOG 3: DDoS Attack Prevention
byAPNIC
 
PPTX
Penetration testing reporting and methodology
byRashad Aliyev
 
Computer Security Threats
byQuick Heal Technologies Ltd.
 
zero day exploits
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Ethical Hacking and Penetration Testing
byRishabh Upadhyay
 
Cyber attack
byManjushree Mashal
 
Web security
byPadam Banthia
 
Nmap basics
byitmind4u
 
Password Cracking
bySina Manavi
 
Trojan horse
byGaurang Rathod
 
Introduction to MITRE ATT&CK
byArpan Raval
 
Introduction to ethical hacking
byVikram Khanna
 
The Cyber Attack Lifecycle
byCybereason
 
System security
byinvertis university
 
Ethical Hacking PPT (CEH)
byUmesh Mahawar
 
Basics of Denial of Service Attacks
byHansa Nidushan
 
Phases of penetration testing
byAbdul Rahman
 
Reconnaissance
byn|u - The Open Security Community
 
Network traffic analysis with cyber security
byKAMALI PRIYA P
 
Types of cyber attacks
bykrishh sivakrishna
 
KHNOG 3: DDoS Attack Prevention
byAPNIC
 
Penetration testing reporting and methodology
byRashad Aliyev
 

Similar to Cyber Security Hacking and Attack Tree Analysis

PPTX
Adv Sec part onesakjslkajslkjakljssasa.pptx
byssuser45b0e7
 
PPTX
Vapt life cycle
bypenetration Tester
 
PPTX
Web hacking 1.0
byQ Fadlan
 
PDF
Types of Vulnerability Scanning An in depth investigation.pdf
byCyber security professional services- Detox techno
 
PDF
Vulnerability assessment-info-savvy
byinfosavvy
 
PPTX
Penetration Testing vs. Vulnerability Scanning
bySecurityMetrics
 
PPTX
Hacking - penetration tools
byJenishChauhan4
 
PPT
Ethical hacking
bySourabh Badve
 
PDF
NSA and PT
byRahmat Suhatman
 
PDF
Analysis on Common Network Attacks & Vulnerability Scanners
byPROBOTEK
 
PPTX
Introduction to cyber security
byGeevarghese Titus
 
PDF
Nessus Assesment Vulnerability Management.pdf
bysurajpatil318663
 
PDF
Network Vulnerability and Patching
byEmmanuel Udeagha B.
 
PPTX
501 ch 8 risk managment tool
bygocybersec
 
PPT
BSidesJXN 2017 - Improving Vulnerability Management
byAndrew McNicol
 
PPTX
What is a Port Scan in data visualization
byKomal Khanna
 
PDF
Vulnerability
byMohit Dholakiya
 
PDF
Web App Security Presentation by Ryan Holland - 05-31-2017
byTriNimbus
 
PDF
Understanding Vulnerability Assessment.pdf
by247 tech
 
PDF
Exploring the Key Types of Cybersecurity Testing
byjatniwalafizza786
 
Adv Sec part onesakjslkajslkjakljssasa.pptx
byssuser45b0e7
 
Vapt life cycle
bypenetration Tester
 
Web hacking 1.0
byQ Fadlan
 
Types of Vulnerability Scanning An in depth investigation.pdf
byCyber security professional services- Detox techno
 
Vulnerability assessment-info-savvy
byinfosavvy
 
Penetration Testing vs. Vulnerability Scanning
bySecurityMetrics
 
Hacking - penetration tools
byJenishChauhan4
 
Ethical hacking
bySourabh Badve
 
NSA and PT
byRahmat Suhatman
 
Analysis on Common Network Attacks & Vulnerability Scanners
byPROBOTEK
 
Introduction to cyber security
byGeevarghese Titus
 
Nessus Assesment Vulnerability Management.pdf
bysurajpatil318663
 
Network Vulnerability and Patching
byEmmanuel Udeagha B.
 
501 ch 8 risk managment tool
bygocybersec
 
BSidesJXN 2017 - Improving Vulnerability Management
byAndrew McNicol
 
What is a Port Scan in data visualization
byKomal Khanna
 
Vulnerability
byMohit Dholakiya
 
Web App Security Presentation by Ryan Holland - 05-31-2017
byTriNimbus
 
Understanding Vulnerability Assessment.pdf
by247 tech
 
Exploring the Key Types of Cybersecurity Testing
byjatniwalafizza786
 

More from AvinashAvuthu2

PPTX
Block chain and its basic terminology include mining
byAvinashAvuthu2
 
PPTX
Different Internet of Things Applications
byAvinashAvuthu2
 
PPTX
Computer Networks Packet Switchings.pptx
byAvinashAvuthu2
 
PPTX
Game Programming Module - 6 AR and VR.pptx
byAvinashAvuthu2
 
PPT
Information Security Analysis and Audit 1
byAvinashAvuthu2
 
PPT
Security issues in the wireless networks.ppt
byAvinashAvuthu2
 
PPTX
M.Tech Internet of Things Unit - III.pptx
byAvinashAvuthu2
 
PPTX
M.Tech Internet of Things Unit - IV.pptx
byAvinashAvuthu2
 
PPTX
M.Tech Internet of Things Embeed Systems
byAvinashAvuthu2
 
PPTX
III CSE Internet of Things Unit - II.pptx
byAvinashAvuthu2
 
PPT
Information Security Audit and Analysis Module
byAvinashAvuthu2
 
PPT
Module - 2 - Security Device Management.ppt
byAvinashAvuthu2
 
PPT
Module - 3 - Device Configuration ISM.ppt
byAvinashAvuthu2
 
PPT
Module - 6 - Data and Information Management.ppt
byAvinashAvuthu2
 
PPT
Module - 5 - Managing Health and Safety.ppt
byAvinashAvuthu2
 
PPT
Module - 4 - Team Work and Communication.ppt
byAvinashAvuthu2
 
PPTX
Internet of Things Communication API and Levels
byAvinashAvuthu2
 
PPTX
Internet of Things Basics and its protocols
byAvinashAvuthu2
 
PPTX
Cyber Security Penetration Testing Tools
byAvinashAvuthu2
 
PPTX
Game Programming Module for Sprite, Scripting
byAvinashAvuthu2
 
Block chain and its basic terminology include mining
byAvinashAvuthu2
 
Different Internet of Things Applications
byAvinashAvuthu2
 
Computer Networks Packet Switchings.pptx
byAvinashAvuthu2
 
Game Programming Module - 6 AR and VR.pptx
byAvinashAvuthu2
 
Information Security Analysis and Audit 1
byAvinashAvuthu2
 
Security issues in the wireless networks.ppt
byAvinashAvuthu2
 
M.Tech Internet of Things Unit - III.pptx
byAvinashAvuthu2
 
M.Tech Internet of Things Unit - IV.pptx
byAvinashAvuthu2
 
M.Tech Internet of Things Embeed Systems
byAvinashAvuthu2
 
III CSE Internet of Things Unit - II.pptx
byAvinashAvuthu2
 
Information Security Audit and Analysis Module
byAvinashAvuthu2
 
Module - 2 - Security Device Management.ppt
byAvinashAvuthu2
 
Module - 3 - Device Configuration ISM.ppt
byAvinashAvuthu2
 
Module - 6 - Data and Information Management.ppt
byAvinashAvuthu2
 
Module - 5 - Managing Health and Safety.ppt
byAvinashAvuthu2
 
Module - 4 - Team Work and Communication.ppt
byAvinashAvuthu2
 
Internet of Things Communication API and Levels
byAvinashAvuthu2
 
Internet of Things Basics and its protocols
byAvinashAvuthu2
 
Cyber Security Penetration Testing Tools
byAvinashAvuthu2
 
Game Programming Module for Sprite, Scripting
byAvinashAvuthu2
 

Recently uploaded

PPTX
Details of Muscular-and-Nervous-Tissues.pptx
byAshish Umale
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
Handwritten notes of Toxicity 1. Genotoxicity 2 Carcinogenicity 3 Teratogenic...
byjagdeepsinghynr7
 
PDF
Blue / Green: Troop Leading Procedure (TLP) Overview.pdf
byBlue / Green Training
 
PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PDF
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
PDF
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PDF
Types of Vegetable Gardens, College of Agriculture Balaghat.pdf
bybisensharad
 
PDF
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
PPTX
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
PDF
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
PPTX
York "Collaboration for Research Support at U-M Library"
byNational Information Standards Organization (NISO)
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
Digital Wellness in University Communities: Libraries as Guardians of Healthy...
bySylvester Ebhonu
 
PPTX
The Art Pastor's Guide to the Liturgical Calendar
bySteve Thomason
 
DOCX
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
PPTX
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
PDF
“RF-MEMS: Technologies, Components, Challenges and Modern Applications”
byGS Virdi
 
PDF
Principles and Practices of GST 2.0 Study material
bySri Ramakrishna College of Arts and science
 
PPTX
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
Details of Muscular-and-Nervous-Tissues.pptx
byAshish Umale
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
Handwritten notes of Toxicity 1. Genotoxicity 2 Carcinogenicity 3 Teratogenic...
byjagdeepsinghynr7
 
Blue / Green: Troop Leading Procedure (TLP) Overview.pdf
byBlue / Green Training
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
Types of Vegetable Gardens, College of Agriculture Balaghat.pdf
bybisensharad
 
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
York "Collaboration for Research Support at U-M Library"
byNational Information Standards Organization (NISO)
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
Digital Wellness in University Communities: Libraries as Guardians of Healthy...
bySylvester Ebhonu
 
The Art Pastor's Guide to the Liturgical Calendar
bySteve Thomason
 
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
“RF-MEMS: Technologies, Components, Challenges and Modern Applications”
byGS Virdi
 
Principles and Practices of GST 2.0 Study material
bySri Ramakrishna College of Arts and science
 
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 

Cyber Security Hacking and Attack Tree Analysis

  • 1.
    Cyber Security A. Avinash,Ph.D., Assistant Professor School of Computer Science and Engineering (SCOPE) Vellore Institute of Technology (VIT), Chennai
  • 2.
    • Scanning isa critical process in cyber security used to identify vulnerabilities, weaknesses, and potential threats in networks, systems, and applications. Importance of Scanning • Proactive Defense: Helps identify and fix vulnerabilities before they can be exploited by attackers. • Compliance: Assists in meeting regulatory requirements and industry standards (e.g., PCI DSS, HIPAA). • Risk Management: Enables organizations to assess and mitigate risks effectively. • Continuous Monitoring: Provides ongoing visibility into the security posture of the organization. Hacking Methodology
  • 3.
    Types of Scanning 1.Network Scanning: Network scanning is the process of discovering devices, services, and open ports in a network. • Purpose: To map the network, identify active devices, and detect open ports and services. • Tools: • Nmap: A powerful network scanner that can discover hosts and services on a network. • Angry IP Scanner: A fast and easy-to-use IP address and port scanner. • Advanced IP Scanner: A network scanner to analyze LAN. • Methods: • Ping Sweeps: Sending ICMP echo requests to multiple hosts to determine which are up and responding. • Port Scanning: Checking the status of ports (open, closed, or filtered) on devices to identify running services. • OS Detection: Identifying the operating systems running on network devices. Hacking Methodology
  • 4.
    Hacking Methodology 2. VulnerabilityScanning: Vulnerability scanning aims to detect security weaknesses in systems and applications. • Purpose: To identify vulnerabilities that can be exploited by attackers. • Tools: • Nessus: A widely used vulnerability scanner that identifies vulnerabilities, configuration issues, and malware. • OpenVAS: An open-source vulnerability scanner that offers a comprehensive scanning and vulnerability management solution. • Qualys: A cloud-based platform that provides continuous vulnerability scanning and compliance monitoring. • Methods: • Authenticated Scanning: Uses valid credentials to perform a deeper and more accurate scan of the target system. • Unauthenticated Scanning: Scans the target system without using credentials, simulating an attack from an external threat actor. • Configuration Checks: Evaluates the system's configuration against best practices and security standards.
  • 5.
    3. Web ApplicationScanning: Web application scanning focuses on identifying security vulnerabilities in web applications. • Purpose: To find vulnerabilities that can be exploited in web applications. • Tools: • OWASP ZAP (Zed Attack Proxy): An open-source web application security scanner. • Burp Suite: A comprehensive platform for performing security testing of web applications. • Nikto: An open-source web server scanner that checks for dangerous files, outdated server software, and other issues. • Methods: • Static Analysis: Examines the application's source code to identify vulnerabilities. • Dynamic Analysis: Tests the running application to identify security issues. • Fuzzing: Inputs a large amount of random data ("fuzz") to the application to find security flaws. Hacking Methodology
  • 6.
    4. Database Scanning:Database scanning identifies vulnerabilities and misconfigurations in databases. • Purpose: To ensure the security and integrity of databases. • Tools: • DBScan: A database vulnerability scanner that checks for security issues in various types of databases. • SQLmap: An open-source tool that automates the detection and exploitation of SQL injection flaws. • Methods: • Configuration Checks: Ensures that database settings are secure and follow best practices. • Content Scans: Identifies sensitive data, such as Personally Identifiable Information (PII) or credit card numbers, that might be exposed. Hacking Methodology
  • 7.
    5. Host-based Scanning:Host-based scanning focuses on the security of individual hosts or devices. • Purpose: To identify vulnerabilities and misconfigurations on specific devices. • Tools: • Nessus: Also used for host-based scanning to check for vulnerabilities on individual hosts. • OpenVAS: Provides host-based scanning capabilities to identify vulnerabilities on specific systems. • Retina Network Security Scanner: A comprehensive vulnerability assessment solution for identifying security risks on hosts. • Methods: • Patch Management: Ensures that all software and systems are up-to-date with the latest security patches. • Configuration Audits: Evaluates the configuration of the host against security best practices. Hacking Methodology
  • 8.
    6. Wireless NetworkScanning: Wireless network scanning identifies and assesses wireless networks and their security. • Purpose: To detect and secure wireless networks. • Tools: • Aircrack-ng: A suite of tools for assessing Wi-Fi network security. • Kismet: A wireless network and device detector, sniffer, and intrusion detection system. • Wireshark: A network protocol analyzer that can capture and analyze wireless traffic. • Methods: • SSID Discovery: Identifies available wireless networks and their SSIDs. • Encryption Analysis: Checks the encryption methods used by wireless networks to ensure they are secure. • Rogue Access Point Detection: Identifies unauthorized access points that may pose a security risk. Hacking Methodology
  • 9.
    Attack Tree Analysis •An attack tree is a visual representation that models the security of a system from the perspective of an attacker. • It starts with a single root node representing the main goal of the attack (e.g., gaining unauthorized access). • Node is then expanded into branches that represent different ways to achieve this goal. • Each branch can further divide into sub-branches, representing more specific attack methods or steps.
  • 10.
    Attack Tree Analysis Componentsof an Attack Tree • Root Node: The ultimate goal of the attack (e.g., stealing sensitive data). • Branches: Different methods or steps to achieve the goal. • Leaf Nodes: The final steps or specific actions in each attack path. • AND Nodes: Represent steps that must all occur together for an attack to succeed. • OR Nodes: Represent alternative steps, where any one can lead to the next stage in the attack.
  • 11.
  • 12.
  • 13.
    Attack Tree Analysis Exampleof an Attack Tree: Consider an attack tree for gaining unauthorized access to a secure system • Root Node: Gain unauthorized access • Branch 1: Exploit software vulnerability (OR Node) • Leaf Node: Identify vulnerability • Leaf Node: Develop exploit • Branch 2: Obtain login credentials (OR Node) • Sub-Branch: Phishing (AND Node) • Leaf Node: Create phishing email • Leaf Node: Send email to target • Sub-Branch: Social engineering (AND Node) • Leaf Node: Impersonate IT support • Leaf Node: Convince user to reveal password • Branch 3: Physical access (OR Node) • Leaf Node: Steal access card • Leaf Node: Bypass physical security
  • 14.
  • 15.
    Attack Tree Analysis Benefitsof Attack Tree Analysis • Structured Approach: Provides a clear and organized way to think about and document potential attack vectors. • Comprehensive Coverage: Ensures that all possible attack paths are considered. • Prioritization: Helps prioritize threats based on likelihood and impact, enabling more effective resource allocation. • Risk Assessment: Assists in evaluating the risk associated with each attack path. • Mitigation Planning: Facilitates the development of strategies to counteract identified threats.
  • 16.
    Attack Tree Analysis Stepsto Create an Attack Tree • Define the Goal: Identify the main objective of the potential attacker (e.g., data theft, system disruption). • Identify Attack Vectors: Brainstorm all possible ways to achieve the goal. • Break Down Steps: Decompose each attack vector into smaller, manageable steps. • Organize the Tree: Structure the attack vectors and steps into a hierarchical tree format. • Analyze the Tree: Evaluate the likelihood and impact of each attack path. Identify vulnerabilities and possible defenses.
  • 17.
    Attack Tree Analysis Applicationsof Attack Tree Analysis • Security Assessment: Used by security professionals to assess the robustness of systems and identify weak points. • Incident Response Planning: Helps in preparing for potential security incidents by understanding attack methods. • Compliance and Auditing: Supports regulatory and compliance requirements by demonstrating thorough security analysis. • Training and Awareness: Educates employees and stakeholders about potential security threats and defenses.
  • 18.
    Assessing vulnerabilities Assessing vulnerabilitiesis a critical process in cyber security aimed at identifying, evaluating, and mitigating weaknesses in systems, networks, and applications. Key steps involved in assessing vulnerabilities: 1. Planning and Preparation a. Define Scope: • Determine the assets, systems, and networks to be assessed. • Identify the boundaries and limitations of the assessment. b. Gather Information: • Collect data on the target environment, including network topology, operating systems, applications, and security policies. • Identify the stakeholders and obtain necessary permissions.
  • 19.
    Assessing vulnerabilities 2. AssetIdentification and Prioritization a. Inventory Assets: • Create a comprehensive list of all hardware, software, and data assets. • Include details such as IP addresses, versions, configurations, and dependencies. b. Classify and Prioritize: • Categorize assets based on their criticality to the organization. • Assign priority levels to assets based on their importance and the potential impact of a vulnerability. 3. Vulnerability Identification a. Automated Scanning: • Use automated vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS) to perform initial assessments. • Configure the tools to scan for known vulnerabilities in the target environment. b. Manual Testing: • Conduct manual tests to identify vulnerabilities that automated tools may miss. • Use techniques such as penetration testing, code review, and configuration review.
  • 20.
    Assessing vulnerabilities 4. VulnerabilityAnalysis a. Validate Findings: • Verify the vulnerabilities identified by automated tools and manual tests. • Eliminate false positives and ensure accuracy. b. Assess Impact and Exploitability: • Evaluate the potential impact of each vulnerability on the organization. • Determine how easily the vulnerability can be exploited by an attacker. c. Classify Vulnerabilities: • Categorize vulnerabilities based on their severity (e.g., critical, high, medium, low). • Use standardized scoring systems such as CVSS (Common Vulnerability Scoring System) to quantify severity.
  • 21.
    Assessing vulnerabilities 5. Reportingand Documentation a. Create a Detailed Report: • Document the findings, including the identified vulnerabilities, their severity, and potential impact. • Provide detailed descriptions, screenshots, and steps to reproduce the vulnerabilities. b. Recommend Mitigations: • Suggest specific actions to remediate or mitigate each vulnerability. • Include both short-term fixes and long-term strategies. c. Communicate with Stakeholders: • Present the findings and recommendations to relevant stakeholders. • Ensure clear communication of the risks and necessary actions.
  • 22.
    Assessing vulnerabilities 6. ContinuousMonitoring and Improvement a. Establish Continuous Monitoring: • Implement continuous monitoring tools and processes to detect new vulnerabilities and threats. • Regularly update vulnerability databases and scanning tools. b. Review and Update Policies: • Periodically review and update security policies, procedures, and controls. • Ensure ongoing training and awareness for staff to stay informed about emerging threats and best practices.
  • 23.
    Penetration Testing ● Penetrationtesting, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities. ● The process of pen testing involves gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. ● Penetration testing can be automated with software applications or performed manually either way. ● A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network. ● A white-box penetration testers are given full access to source code, architecture documentation etc.
  • 24.
    Phases of aPenetration Test 1. It is the process of collecting information before deploying any real attacks. 2. It is the process of identifying the likely entry points into the target system. 3. It is the process which defines, locates, and classifies the security leaks in a computer, network, or application. 4. It is the process of enabling pen testers to compromise a system and expose to further attacks. 5. It is the process of documenting all the steps that led to a successful attack during the test.
  • 25.
    Penetration Test Terms 1.Common vulnerabilities and exposures (CVE) program cataloging software and firmware vulnerabilities for 18 years. 2. Vulnerability is a weak point or a bug in a piece of software , hardware or operating system that leaves a system open and vulnerable to attacks and unauthorized access. 3. Exploit is a code that takes advantage of a software vulnerability or security flaw. Exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network or computer systems. 4. Payload is a piece of code that executed through exploit.
  • 26.
    Most Common Typesof Cyber Attacks 1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks 2. Man in The Middle Attack (MITM) 3. Phishing and spear Attacks 4. SQL Injection Attack 5. Cross-Site Scripting (XSS) Attack
  • 27.
    Common Network Attacks 1.CDP Manipulation: CDP packets are enabled by default on Cisco switches and transmitted in a clear text which allows the attacker to analyze the packets and gain information about the network device, so the attacker can search for a known vulnerability and execute against this device. 2. Telnet Enabled VTY: Telnet also transmits packets in clear text which can reveal to an attacker who’s sniffing the network , as well as SSH v1 which is also vulnerable and compromised. 3. Mac Flooding: The attacker floods the Mac table with Mac Address more than the switch can store or handle , which makes the switch operating as a hub giving the attacker the opportunity to sniff all traffic on the segment. 4. DHCP Spoofing: the attacker listens for DHCP requests and answers them , giving it’s IP address the default gateway for the clients , the attacker becomes a (MITM). 5. ARP Spoofing: similar to dhcp spoofing but related to ARP Messages.
  • 28.
    Common Pentest Tools 1.Nmap is a very popular tool predominantly aids in understanding the characteristics of any target network, the characteristics include host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced. 2. Nessus is a scanner, robust vulnerability identifier tool. It specializes in compliance checks, Sensitive data searches, IPs scan, website scanning etc. and aids in finding the ‘weak-spots’. 3. Acunetix is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS. 4. Metasploit is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. It runs a ‘payload’, a code that performs operations on a target machine, thus creating a perfect framework for penetration testing. 5. Wireshark is a network protocol analyzer, details about network protocols, packet information, decryption etc. 6. Burp-Suite: Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable.
  • 29.
    Pentest roles andresponsibilities 1. Network and application tests to check the general security vulnerabilities across a network. 2. Physical security test checking for disaster hardening of servers to non-cyber threats 3. Security audits is a fundamental and ongoing aspect of the penetration tester’s role. 4. General security report writing and the use of metrics from tests to help develop security strategies 5. Involvement in security team and security policy review need to be able to communicate with team and help with security policy review
  • 30.
    Penetration Testing certificates Hereis a list of the most common certificates in penetration Testing: ● EC-Council Licensed Penetration Tester (LPT) Master ● IACRB Certified Penetration Tester (CPT) ● Certified Expert Penetration Tester (CEPT) ● Certified Penetration Testing Engineer (CPTE) ● GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) ● GIAC Web Application Penetration Tester (GWAPT) ● GIAC Penetration Tester (GPEN)
  • 31.
    Security Testing Tools Theprocess of identifying and mitigating security vulnerabilities in applications and networks. Importance: Ensures the protection of data, compliance with regulations, and maintains user trust. Types of Security Testing: ● Vulnerability Scanning ● Penetration Testing ● Security Audits
  • 32.
    Security Testing Tools Categoriesof Security Testing Tools ● Static Application Security Testing (SAST) ● Dynamic Application Security Testing (DAST) ● Interactive Application Security Testing (IAST) ● Network Security Tools ● Web Application Security Tools ● Database Security Tools
  • 33.
    Security Testing Tools StaticApplication Security Testing (SAST) Tools: Analyzes source code for security vulnerabilities without executing the program. Examples: ● SonarQube: Detects bugs and vulnerabilities in code. ● Checkmarx: Provides detailed security analysis and compliance checks. ● Veracode: Offers comprehensive security testing and remediation guidance. Dynamic Application Security Testing (DAST) Tools: Tests applications in runtime, simulating attacks to find vulnerabilities. Examples: ● OWASP ZAP: Open-source tool for finding vulnerabilities in web applications. ● Burp Suite: Integrated platform for performing security testing of web applications. ● Acunetix: Automated web vulnerability scanner that detects and reports on a wide range of web application vulnerabilities.
  • 34.
    Security Testing Tools InteractiveApplication Security Testing (IAST) Tools: Combines elements of SAST and DAST to provide real-time analysis. Examples: ● Contrast Security: Embeds sensors to analyze application behavior. ● Seeker by Synopsys: Provides actionable insights by monitoring application interactions. Network Security Tools: Scans networks to identify vulnerabilities and potential security breaches. Examples: ● Nessus: Comprehensive vulnerability scanner for identifying network vulnerabilities. ● OpenVAS: Open-source vulnerability scanning tool. ● Nmap: Network mapping tool that discovers hosts and services on a computer network.
  • 35.
    Security Testing Tools WebApplication Security Tools : Focuses on identifying vulnerabilities in web applications. Examples: ● Nikto: Open-source web server scanner which performs comprehensive tests. ● Netsparker: Automated web application security scanner. ● W3AF: Open-source web application attack and audit framework. Database Security Tools: Ensures the security of databases by identifying vulnerabilities and misconfigurations. Examples: ● SQLMap: Open-source tool for automating the process of detecting and exploiting SQL injection flaws. ● DBProtect: Provides database activity monitoring and vulnerability management. ● AppDetectivePro: Identifies security vulnerabilities in database environments.