SlideShare ist ein Scribd-Unternehmen logo

Information Security Overview

n|u - The Open Security Community
n|u - The Open Security Community

null Dharmashala Chapter - March 2014 Meet

BildungTechnologie
1 von 14
Downloaden Sie, um offline zu lesen
Information Security By Murtuja Bharmal
Agenda • Classical Penetration Attacks • Current Threat Landscape • New Attack Vector
Classical Penetration attacks • Penetration attack steps: o Reconnaissance o Fingerprinting o Application Analysis o Threat Analysis o Exploitation of vulnerability
Evolution • How Solution Evolved – Firewall become smarter – IPS evolved, can stop netowork base attack in real time – Policy control can be strongly enfored for enterprise assets (DMZ, Server etc.)
Classical attack simulation Local Lan Firewall/IPS INTERNET DMZ LAN 12 3 4
Current Threat Landscape • Paradigm shift in Threat landscape • More than 80% attacks today are web based • Attack vector is shifting from Network to Application • Malware growth has been exponential • Number of compromised active hosts on internet are in millions • Data theft is on all time high • Hacking is no more about thrill, it's all money
New Attack Vector
Latest attack technique • Attacks are highly automated • Dynamic host generation • User generated forums for C & C (Twitter, google groups,IRC) • Automated polymorphic malware generation • Built-in debugger evasion • Malicious code-injection in legitimate sites(msn canada, BOI). There goes your URL Filter! • Advanced encrypted channels for communication
Botnet Command and Control BOT BOT BOT BOT C & C
Favorite attack vectors • Browser is the most preferred attack vector: o Exploiting browser plugins: • PDF (aka Penetration Document Format) , Flash, Java and other client applications • Or plain old reliable user who'll do anything if you ask nicely :)
The Ultimate Problem INPUT
Exploiting System Flaws ATM Fraud in Kolkat and Bihar http://www.currentweek.net/2010/08/atm-sbi-boi-fraud- tools-screw-drivers.html Double refund fraud in kolkata http://timesofindia.indiatimes.com/city/kolkata-/Police- crack-Rs-2-crore-double- refund/articleshow/6904492.cms
Top Security Trends Nation-sponsored hacking: When APT meets industrialization The insider threat is much more than you had imagined Man in the Browser attacks will man up Misanthropes and anti-socials: Privacy vs. security in social networks File security takes centre stage Data security goes to the cloud Mobile devices compromise data security Hackers feeling the heat Cyber security becomes a business process Convergence of data security and privacy regulation worldwide Source: http://blog.imperva.com/2010/11/index.html
void@null.co.in

Empfohlen

Information Systems Security: An Overview
Information Systems Security: An OverviewInformation Systems Security: An Overview
Information Systems Security: An OverviewApostolos Syropoulos
 
Information Security Overview
Information Security OverviewInformation Security Overview
Information Security OverviewSupriyaGaikwad28
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Cyber security
Cyber securityCyber security
Cyber securityAshok Mankodi
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computingEduardo Cambinda
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeShaheer Khalid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityADGP, Public Grivences, Bangalore
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityS.M. Towhidul Islam
 

Empfohlen

Information Systems Security: An Overview
Information Systems Security: An OverviewInformation Systems Security: An Overview
Information Systems Security: An OverviewApostolos Syropoulos
 
Information Security Overview
Information Security OverviewInformation Security Overview
Information Security OverviewSupriyaGaikwad28
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Cyber security
Cyber securityCyber security
Cyber securityAshok Mankodi
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computingEduardo Cambinda
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeShaheer Khalid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityADGP, Public Grivences, Bangalore
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityS.M. Towhidul Islam
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityrahulbhardwaj312501
 
4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attackisc2-hellenic
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCAT-NET Services, Inc. - Charleston Division
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
Cyber security
Cyber securityCyber security
Cyber securityAnkush Verma
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013Dr. Amitabha Yadav
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionageMarie Elisabeth Gaup Moe
 
Covid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsCovid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsArun Kannoth
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problemShiva Bissessar
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan nullRaghunath G
 
Raspberry pi 2
Raspberry pi 2Raspberry pi 2
Raspberry pi 2Raghunath G
 

Weitere ähnliche Inhalte

Was ist angesagt?

CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attackisc2-hellenic
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Covid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsCovid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsArun Kannoth
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 

Was ist angesagt? (20)

CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack
 
Data security
Data securityData security
Data security
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
 
Data Security
Data SecurityData Security
Data Security
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionage
 
Covid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsCovid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber Threats
 
презентация1
презентация1презентация1
презентация1
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 

Andere mochten auch

Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan nullRaghunath G
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News BytesRaghunath G
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Andere mochten auch (8)

Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan null
 
Raspberry pi 2
Raspberry pi 2Raspberry pi 2
Raspberry pi 2
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News Bytes
 
IronSAP
IronSAP IronSAP
IronSAP
 
Intro to IronWASP
Intro to IronWASPIntro to IronWASP
Intro to IronWASP
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-I
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Ähnlich wie Information Security Overview

The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
 
Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Atlantic Security Conference
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxamalouwarda1
 
How to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksHow to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksImperva
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cloudflare
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACristian Garcia G.
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
 

Ähnlich wie Information Security Overview (20)

The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011Jean pier talbot - web is the battlefield - atlseccon2011
Jean pier talbot - web is the battlefield - atlseccon2011
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptx
 
Cloud security
Cloud securityCloud security
Cloud security
 
How to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksHow to Stop Man in the Browser Attacks
How to Stop Man in the Browser Attacks
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
 
BOTNET
BOTNETBOTNET
BOTNET
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Brooks18
Brooks18Brooks18
Brooks18
 
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

Kürzlich hochgeladen (20)

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 

Information Security Overview

  • 2. Agenda • Classical Penetration Attacks • Current Threat Landscape • New Attack Vector
  • 3. Classical Penetration attacks • Penetration attack steps: o Reconnaissance o Fingerprinting o Application Analysis o Threat Analysis o Exploitation of vulnerability
  • 4. Evolution • How Solution Evolved – Firewall become smarter – IPS evolved, can stop netowork base attack in real time – Policy control can be strongly enfored for enterprise assets (DMZ, Server etc.)
  • 5. Classical attack simulation Local Lan Firewall/IPS INTERNET DMZ LAN 12 3 4
  • 6. Current Threat Landscape • Paradigm shift in Threat landscape • More than 80% attacks today are web based • Attack vector is shifting from Network to Application • Malware growth has been exponential • Number of compromised active hosts on internet are in millions • Data theft is on all time high • Hacking is no more about thrill, it's all money
  • 8. Latest attack technique • Attacks are highly automated • Dynamic host generation • User generated forums for C & C (Twitter, google groups,IRC) • Automated polymorphic malware generation • Built-in debugger evasion • Malicious code-injection in legitimate sites(msn canada, BOI). There goes your URL Filter! • Advanced encrypted channels for communication
  • 9. Botnet Command and Control BOT BOT BOT BOT C & C
  • 10. Favorite attack vectors • Browser is the most preferred attack vector: o Exploiting browser plugins: • PDF (aka Penetration Document Format) , Flash, Java and other client applications • Or plain old reliable user who'll do anything if you ask nicely :)
  • 12. Exploiting System Flaws ATM Fraud in Kolkat and Bihar http://www.currentweek.net/2010/08/atm-sbi-boi-fraud- tools-screw-drivers.html Double refund fraud in kolkata http://timesofindia.indiatimes.com/city/kolkata-/Police- crack-Rs-2-crore-double- refund/articleshow/6904492.cms
  • 13. Top Security Trends Nation-sponsored hacking: When APT meets industrialization The insider threat is much more than you had imagined Man in the Browser attacks will man up Misanthropes and anti-socials: Privacy vs. security in social networks File security takes centre stage Data security goes to the cloud Mobile devices compromise data security Hackers feeling the heat Cyber security becomes a business process Convergence of data security and privacy regulation worldwide Source: http://blog.imperva.com/2010/11/index.html