create_a_purely_technical_test_with_the_malware_testing_suite
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
create_a_purely_technical_test_with_the_malware_testing_suite [2019/01/21 13:09] – lucy | create_a_purely_technical_test_with_the_malware_testing_suite [2019/02/08 15:40] – lucy | ||
---|---|---|---|
Line 3: | Line 3: | ||
{{ 85.jpg?600 }} | {{ 85.jpg?600 }} | ||
- | ==== The idea behind | + | ==== The idea behind |
- | You have invested time, effort, and money in defenses. But, how do you know they are working? Unless you are willing to intentionally get owned or you want to introduce a piece of malware into your environment, | + | You have invested time, effort, and money in defences. But, how do you know they are working? Unless you are willing to intentionally get owned or you want to introduce a piece of malware into your environment, |
* **Firewalls** (unfortunately, | * **Firewalls** (unfortunately, | ||
* **Web Proxies** | * **Web Proxies** | ||
- | * **IDS** (an intrusion detection system can potentially detect malware activity if a rule is triggered. This is useful as a layered | + | * **IDS** (an intrusion detection system can potentially detect malware activity if a rule is triggered. This is useful as a layered |
* **Malware/ | * **Malware/ | ||
* **Security Information and Event Management (SIEM) solutions** (Security Information and Event Management solutions can also help detect the presence of a malware, but it is usually using logs from one or more of the devices mentioned above. The advantage here is greater visibility by using multiple different types of logs—from hosts to network gear. Additionally, | * **Security Information and Event Management (SIEM) solutions** (Security Information and Event Management solutions can also help detect the presence of a malware, but it is usually using logs from one or more of the devices mentioned above. The advantage here is greater visibility by using multiple different types of logs—from hosts to network gear. Additionally, | ||
Line 20: | Line 20: | ||
Those who deal in APTs have the following in common: | Those who deal in APTs have the following in common: | ||
- | * **Customized** – An attack on your network is a carefully planned heist. Attackers carry out extensive research and tailor the attack to evade your set defenses, explore your network, and steal determined types of high-value data. | + | * **Customized** – An attack on your network is a carefully planned heist. Attackers carry out extensive research and tailor the attack to evade your set defences, explore your network, and steal determined types of high-value data. |
* **Surgical** – Rather than being scattered to the wind, targeted attacks and APTs are carefully delivered to specific targets, often using highly convincing emails intended for a single individual within your organization as a penetration vector. | * **Surgical** – Rather than being scattered to the wind, targeted attacks and APTs are carefully delivered to specific targets, often using highly convincing emails intended for a single individual within your organization as a penetration vector. | ||
- | * **Highly Sophisticated** – Today’s targeted attacks and Advanced Persistent Threats use complex techniques to conceal themselves from your defenses. Once inside the network, they can alter their appearance, switch ports and protocols, and remain undetected for long periods of time as they move around the network to find and steal your data. Detecting these attacks requires a modern advanced solution that provides visibility into every corner of your network. | + | * **Highly Sophisticated** – Today’s targeted attacks and Advanced Persistent Threats use complex techniques to conceal themselves from your defences. Once inside the network, they can alter their appearance, switch ports and protocols, and remain undetected for long periods of time as they move around the network to find and steal your data. Detecting these attacks requires a modern advanced solution that provides visibility into every corner of your network. |
- | Since there are millions of Malware types, and even more combinations of attack patterns: How would a IT security officer know if the network can prevent APT attacks? This question can now be answered with LUCY’s Malware Testing Module (initially called Low Hanging Fruit Collector). It simulates APT behavior without harming your infrastructure. It enables you to test your defenses | + | Since there are millions of Malware types, and even more combinations of attack patterns: How would a IT security officer know if the network can prevent APT attacks? This question can now be answered with LUCY’s Malware Testing Module (initially called Low Hanging Fruit Collector). It simulates APT behavior without harming your infrastructure. It enables you to test your defences |
So What is the Typical APT Behavior? APTs rapidly escalate from compromising a single computer to taking over the whole environment. They do this by reading an authentication database, stealing credentials, | So What is the Typical APT Behavior? APTs rapidly escalate from compromising a single computer to taking over the whole environment. They do this by reading an authentication database, stealing credentials, | ||
Line 179: | Line 179: | ||
===== Malware Testing Templates ===== | ===== Malware Testing Templates ===== | ||
- | Beside single checks | + | Beside single checks |
{{ templateslhcf.png? | {{ templateslhcf.png? | ||
Line 205: | Line 205: | ||
* Set an option to leave a copy of data on PC/Share or delete it after running. When the ransomware works with dummy data, it deletes the files right after the creation even if " | * Set an option to leave a copy of data on PC/Share or delete it after running. When the ransomware works with dummy data, it deletes the files right after the creation even if " | ||
- | When started the tool will create a separate executable (example: C: | + | When started the tool will create a separate executable (example: C: |
{{ xor.png?600 }} | {{ xor.png?600 }} |
create_a_purely_technical_test_with_the_malware_testing_suite.txt · Last modified: 2019/07/25 12:49 by 127.0.0.1