HackingTheUniverse

You are browsing the archives of Attack Methodology.

Integrated attack strategies involve combining hacking computer systems with attack vectors such as: espionage, blackmail, medical/health attacks, asymmetric “guerrilla-style” attacks, weapons of mass destruction, and conventional kinetic military attacks. The video below shows an example using a medical vector, and an unprotected printer, to compromise patient and identity records that can be used in future […]

When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even longer to get the community to accept them and install them. This always leaves a gap of some time between the discovery and when the […]

Hacking computers is a mysterious and dangerous world that most of us don’t really understand. This video shows some hackers at DEFCON demonstrating their techniques on a reporter who volunteered to be hacked. The video shows some basic “social engineering” which may use technical knowledge and experience, but involves classic “confidence” manipulation to gain credentials […]

Kali Linux is a penetration testing framework that contains over 600 penetration testing tools. It is a Debian based toolkit built on the foundation created by BackTrack. Some of the better known tools include: Wireshark – packet sniffer and protocol analysis nmap – port scanner john the ripper – password hash cracker metasploit framework – […]

Kaspersky Lab uncovers online spy tools with potential NSA connections – [youtube.com] Equation Group: The Crown Creator of Cyber-Espionage – [kaspersky.com] For several years, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been closely monitoring more than 60 advanced threat actors responsible for cyber-attacks worldwide. The team has seen nearly everything, with attacks becoming […]

Shodan is a hackers search engine that can help you find any device connected to the internet. Shodan: Search Engine for Hackers – [youtube.com] Shodan has been getting a lot of publicity lately as a “scary” search engine that can be used to facilitate hacking. Annie explains how the site works, and talks with Shodan […]

Advanced Persistent Threat (APT) is a cyber attack threat that typically comes from a team of attackers with advanced penetration skills, deep resources, specific target profiles and they tend to be very persistent in their efforts. They often have tools that are capable of circumventing defenses. They use stealthy tactics and show good situational awareness […]

Cyber attackers have a variety of motivations, but it is possible to categorize them and attempt to understand the different strategies they might use and how to defend against them. Here are some of the categories of motivations behind threats: Use data from your system Identity theft – mostly for financial fraud Business information – […]

We already know that cyber attackers have a methodology. They usually perform variations on the following theme: Reconnaissance Penetration Entrench Pivot Disrupt Counter Defense is mixed in throughout But it’s also useful to consider their psychology because it is often different from the thinking used by defenders. When this is true, defenders trying to study […]

Cyber strategies continually evolve as the state of the art changes rapidly. Long ago and far away, the attackers just wanted to deface web pages, but that is no longer true. From Advanced Persistent Threats (APT) to Stuxnet, the attackers are now far more organized, experienced and sophisticated. Our defensive strategies must evolve to match […]