Upload File

Ç < ] o o z ] v u ] u } v d } o v v o Ç ] d z } x h v v ...€¦ · title: microsoft...

  • Home
  • Documents
  • Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM
12
David Peers Bournemouth OWASP, 2019 Cyber Kill Chains, Diamond Models and Analysis Methods. Understanding how Intelligence works.

Upload: others

Post on 26-Aug-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

David PeersBournemouth OWASP, 2019

Cyber Kill Chains, Diamond Modelsand Analysis Methods.

Understanding how Intelligence works.

Page 2: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

Who am I?Royal Corps of SignalsMicrosoftCRESTGCHQ

What am [email protected]

Introductions

Page 3: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

• Jargon• Intelligence Cycle• Typical installation of malware• Cyber Kill Chains• Diamond Model• Threat actor types• 3 Scenarios

Covered tonight…

Page 4: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

Jargon

• Events and Incidents• IoA• IoC• IoT• TTP• Bias• Risk• Black Swan• Hypothesis

• APT• Assets• Asset• Adversary• Adversary Operator• Adversary Customer• Attack• Campaign• Cyber (enabled) crime

Page 5: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

Intelligence Cycle

1

Planning and

Direction

2

Collection

3

Processing

4

Analysis

5

Delivery

Generationof

Intelligence

Consumption of

Intelligence

Creates Data

Creates Information

Creates Intelligence

CreatesDecisions

Page 6: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM
Page 7: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

Cyber Kill Chain

7 step process, developed by Lockheed Martin, to breakdown the process of intrusion and compromise.

Page 8: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

Diamond Model #1

Infrastructure

Victim

Capability

Adversary

Page 9: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

Diamond Model #2

Capability

Adversary

Victim

Infrastructure

Uses

Connects to Exploits

Develops

Page 10: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

Threat Actor Types

State Sponsored

Organised Crime

Criminal Hacktivists

Disgruntled Employees

Script Kiddies

Low High

Population, Commitment, TimeStealth, Knowledge, Funding

Low

Impact

Nuisance

DoS, Data Breech

Brand, Reputation

Fraud, Identity, Espionage

National Infrastructure, ElectionsAbility

Page 11: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

Scenarios 1, 2 & 3

Let’s have some fun!

Page 12: Ç < ] o o Z ] v U ] u } v D } o v v o Ç ] D Z } X h v v ...€¦ · Title: Microsoft PowerPoint - Cyber Kill Chains Author: T470s Created Date: 5/15/2019 6:16:36 AM

] v P ] Ç U ] P v ] Ç X ^ Z } Á Ç } µ o ( ] v o o } u } o ... · & µ Ç } u u µ v ] } v W } v vd Ç } v v d } v Ç ^ Á ] P o } ( Z t l W } v v d v v ~ Z } u ô ñ õ r ï

Registration System.pdfKE>/E Z '/^dZ dKE ó ñ X } v ] v µ } ] o } ( Z o v ~ ] ( v Ç X W µ o ] l Ç ~< Ç ] o } ( Z o v ] } ] } v o X / ( o v P v µ o ] l Ç U o } v ] v µ

W ( } u v D v Á < Ç K v o Ç ~

o ] v / v ( } u ] } v W l P ( } Z } } µ v ] Ç } ( t } l ~z } µ Z & u ] o ] & µ o o ... Pack... · x ^ o Ç W l P ] v P t À } o µ v Ç } P u Z v ] v Ç } µ l Z } u Ç Ç Æ

v ] ( ] l v l Ç } l Ç } À o

Ç µ ] Ç } v ] ] } v ( } < r í î^ Z } } o v ^ Z } } o ] ]

Rudolph the Red-Nosed Reindeer...& } Ç Z ^ v } Á u v U Á i } o o Ç Z Ç } µ o X t ] Z } v } ] v µ } v v } v Á } Ç u } µ } ( } o X & } Ç Z ^ v } Á u v U Á

^ v ] v v ] À v ] v ] v P ] u W ( o ] } v ( } u Z ^ Z D ] o v , Ç } Z Ç ^ À ] ] v ... · 2020-05-29 · ] Ì Z Ç M } o ] v W t Z À Á } Z Ç } Z Ç } } o U Z o P } } o ] í

Learn Angular 2 · d Z Á Ç } o v v Ç v Á Z v } o } P Ç ] Ç ] v P } i X ^ } ] v Z ] Ç ]

W> ^ WZ/Ed W ] v , ] } Ç Y µ ] } v v ] W Z } } z z z z z z ... · ,/W W ] À Ç W } o ] Ç / l v } Á o P Z u Ç u ] o Z ] } Ç u Ç } } v o ] v Z } µ P Z D o o Ç [ } u µ Ç

E ] } r Ç v yW D v ] ( } o Ç o ] v v ^ Ç u · d o } ( } v v W P / v í õ ò ð U Á o ] À } µ ( ] u v ] ( } o Ç u } µ } u Á Z } Z } ] ( } ] } v ] v ( } Á ] Z À Ç } l U

Rwanda W µ Ç ] v ] v µ } v o µ } v ] o ] v€¦ · RES-Research Studies Z ] o ] v ] v µ } v ^ Ç u W Z Á v ^ µ Ç Rwanda W µ Ç ] v ] v µ } v o µ } v ] o ] v

K v } v } u Ç v o } } v } u Ç

v o Ç ] } ( Z o } } µ ] v v / D } o ] Z Ç o Z o } } µ ] v Ç > …...v o Ç ] } ( Z o } } µ ] v v / D } o ] Z Ç o Z o } } µ ] v Ç > rD^ lD^ µ ] v P < ] v Æ } r^

u o , ] P Z À ] o ] o ] Ç ( } v Ç o ] ] } v ] v o } µ } K ... · w z Ç ] o u s ] µ o u o } µ u } v Ç } u ] v ] } v o ] ] } v z } À Ç < ] ~ z< z } À Ç k z ] } v z µ v

W ]W ] v ] v D o Ç ] · 2019-04-09 · í& µ o Ç } ( v Ç U h v ] À ] d l v } o } P ] D Z î v } ( W o ] v ] o ^ ] v ^ µ ] U & µ o Ç } ( v Ç h v ] À ] d l v } o } P ] D Z

d } o Ç W ] u Ç ^ Z } } o t l ó z ï t v Ç v Á · , } Á u µ Z u } v Ç } Z Ç Z À o } P Z M v v o o µ Ç ( } ¬ ò v ñ ì X ^ Z o } µ Ç l Ç ] v P X

CURRICULUM’VITAE ... · D ] o o À ] o o h v ] À ] Ç v ^ Z } } o ] ] v µ ] v } Z ] ] [ u ] v } ] Ç

P o } o Ç µ } v µ v ] v o } u } i } Ç o u ] P ] v - UNAM

d u } Ç d ] u l ] v P o ] ] } v ( } t l o Ç u o } Ç

< o o Ç < v n u Ç ( i } µ v Ç X } u o / v r ^ u ] v o v ~ î ì î ì h ( } } v o ... · 2020-05-24 · ( } } v o µ } v o Ç Title: Microsoft Word - Clear Case Insert - Stampin

W o l } & X u o } v Ç ] v À v } ( Ç } µ O«ROTPVHHNRQN# ... · 7

t Z P Ç Á Z ( } P } o ( } v & ] Ç U } o Ç } v } ( Z Ç } o

Settlement and Locality Names - calico.scot · Z ] v } µ ( o Ç ( } Ç o o Ç o } µ v Z Ç

Zuma Line- CENNIK 07.03.2019 V.1materials.zumaline.pl/mailing/Zumaline_cennik.pdf · $UNXV] ^ } v E Ì Á < } o u Ç K ] o u Ç v Z µ } Á v } v o ] Ì v < o v P Ç Ì v < } Ç E

dZM:t Z^dtKt D ^

K Ì ^ Z } Á · 2019. 8. 9. · î ì í õ ] Ç > Á o o Ç v ^ Z } o Z ] / v ( } u ] } v í } ( ò ] Ç v U Z v > Á o o Ç v > Ç > Á o o Ç v U o ] Z Z

Devlopment of Urinary System - mymedschool.org€¦ · À o } u v } ( h ] v Ç ^ Ç u • } v v À o } u v } ( h ] v Ç ^ Ç u ^ u

} v ( ] v ] } o & ] o ] Ç

] À s o µ ] u h ] v ' v o ] Ì W } o ] Ç / ] } v Ç v u ] W ...faculty.salisbury.edu/~ealu/REU/Projects_File/2018/... · ] À s o µ ] u h ] v ' v o ] Ì W } o ] Ç / ] } v Ç

*ROGPDQ ,V * : } µ v Ç } ( Z ^ } µ o X...i } ] v ( } Á ] Z ^ v X t Z Ç } , o o } Á o o Z ] o u ] ( } µ v } ( o o µ M v Ç U Á l v } Á Z Z o o Ç v µ o Ç } o } À µ X

BTSG Green Bond at Towards the Sustaibable …...^ µ ] v ] o ] Ç d^ ' } µ K µ Z } Á µ ] v ] o ] Ç d^ ' } µ ' v } v W v ] } v ñ ^ } } ^ µ ] v ] o ] Ç W } o ] Ç _ ] v o (

, o Ç Ì v À ( X , o Ç v À / l } o d P } l W } v } v Ç ñ í ..., o Ç Ì _ v À ( X , o Ç v À / l } o d P } l W } v } v Ç ñ í X < ] Á ] l ^ Ì } o v } l U ^ Ì P ' } o

À ] , o Z v ] v , Ç v · ^Z X E } ] ] E u & ] o Ç E u P } Ç d Ç & ] o Ç / E } ] ] E u d } o / } o ] } v ~ Æ o µ ] v P

&DPSXV /RFDWLRQ %XLOGLQJmams.rmit.edu.au/cryxlju486l2.pdf · E } } ( Z ] µ o ] ] } v u Ç } µ ] v v Ç ( } u } Ç v Ç u v U o