Download as pdf or txt
Download as pdf or txt
You are on page 1of 15

Anatomy of a Cyber Attack

Tactical Security Studies Nairobi, Kenya By Gichuki John

About Me

Security Analyst Specialize in Penetration Testing Forensics Surveillance Red Team Assessment Behavior Analysis Clandestine recovery Covert Data Acquisition Malware Development and Analysis Exploit Development
October 2013

Penetration Testing
The means to identify the presence of points where something can find or force its way into or through something else. IT Security Penetration Testing:
This is most often used to positively identify points of vulnerabilities Determine the genuineness of the vulnerabilities that they identify by use of exploitation. Findings that cannot be exploited are either not reported or are reported as theoretical findings when justified

Testing and Uses

These are mostly commonly applied to Networks, Web Applications and physical Security. In theory, anything can undergo a Penetration Test.

October 2013

Penetration Testing VS Vulnerability Assessment

Major difference, confuses clients and organizations Penetration testing will exploit the vulnerabilities either physical or operational, Vulnerability Assessment wont. Penetration testing gains access, Vulnerability testing doesn't. Social Engineering cannot be performed in tandem with a Vulnerability Assessment. Social Engineering exploits human vulnerabilities and that exploitation crosses the boundaries of a Vulnerability Assessment. Vulnerability Assessments cannot be applied to running Web Applications. Testing a running Web Application requires the submission of malformed and / or augmented data. When the data is received by the application, if the application is vulnerable, then an error or unexpected result is returned. This error or unintended result constitutes a degree of exploitation and as such crosses the Vulnerability Assessment boundaries. Pivoting or rather, Distributed Metastasis cannot be performed during a Vulnerability Assessment. This is because Pivoting depends on the attackers ability to exploit vulnerabilities as a method of propagating a penetration.

October 2013

Types of Pentests
Internal Penetration Testing (WhiteBox and Gray Box) External /Remote Penetration Testing (Blackbox)

October 2013

Black boxing
Reconnaissance, Surveillance, Intel gathering and hours of stake-outs Network Mapping, Office locations, Employees names their offices and their bosses and family Social media Intel / Data Acquisition

The hardest, but always the best. Takes longer, but its worthy it.
October 2013

Malware attacks

October 2013

Social Engineering

October 2013

Domain Vulnerabilities especially in Banking

October 2013

Government can be taken easy .e.g KRA

October 2013


Client Side attacks

October 2013



October 2013


Types of Risk

October 2013



October 2013



October 2013


You might also like