Reverse Deception: Organized Cyber Threat Counter-Exploitation (133 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
13.55Mb size Format: txt, pdf, ePub
        profiling
research-based honeynets
researchers
research/technology protection
resilience provider
resources
        attack attribution
        described
        legal
        measuring for attackers
        profiling
        used for deception
Ressler, Robert
resurrectors
Retina tool
retrospective profiling
return on investment (ROI)
risk assessment
risk tolerance
Robtex website
Rogers, Marcus
rogue AV-based products
ROI (return on investment)
Rootkit.com
website
Rossmo, Kim
routers
RSA breach
RSA Corp.
RSYNC (remote synchronization)
ruses
Russia
Russian Business Network (RBN)
Russian counterintelligence
Russian hacking gangs
Russian Maskirovka deception

S

salience
SALUTE (Size, Activity, Location, Unit, Time Equipment)
SandBox Analyzer Pro
sandboxes
Savid Corporation
SCADA (supervisory control and data acquisition) systems
Schwarzkoph, Norman (General)
Second Life
Secure Shell (SSH)
Secure Sockets Layer (SSL)
Securelist website
SecurID technology
security.
See also
computer security
        acquisition
        host/server
        importance of
        improving for networks
        OPSEC
        passwords.
See
passwords
        physical
        public data sources/forums
security management tools
security researchers
semiotics
sensory components
“Sequencing Rule”
server/host vulnerability tools
servers
        CnC back-end
        Shadowserver
        vulnerability tools
Service Set Identification (SSID)
Service-Level Agreement (SLA)
session laws
Shadowserver data repository
Shannon, Claude
Shaw, Eric
shortened URLs
Sinowal Trojan
SIPRNET
Size, Activity, Location, Unit, Time Equipment (SALUTE)
skill level
skills/methods
SLA (Service-Level Agreement)
The Sleuth Kit
Smith, Joe
social communications/connections
social engineering
        considerations
        described
        e-mail
        example of
        success of
social networks
        attacking via
        described
        example of
        as profiling tool
        terms-of-service agreements
        utilizing
social psychology
software suites
spear phishing
Spectrum tool
SpyEye botnet
SpyEye Tracker
spying.
See
espionage SQL injection
SSCT (state-sponsored cyber threat)
SSH (Secure Shell)
SSID (Service Set Identification)
SSL (Secure Sockets Layer)
SSR (System Security Readiness)
Stakkato APT
state-sponsored cyber threat (SSCT)
statistical models
status
statutes.
See also
legal issues
statutory schemes
Stormworm APT
Stormworm botnet
Strings tool
Stuxnet APT
subleasing
supervisory control and data acquisition
(SCADA) systems
surveillance
Symantec
Symantec Endpoint Protection tool
symbols
System Security Readiness (SSR)

T

tactics.
See also
tools considerations
tactics vector
tailored valid services
Tall Tale (malware)
Tall Tale 1
Tall Tale 2
Tall Tale 3
Tall Tale 4
targeted attacks
        cost of
        opportunistic turned targeted
        overview
        scenario
        types of organizations
targeted subleasing
taxonomies
TDL Gang
Team Cymru website
teams, criminal
TeamViewer
techcrafters
technology dimension
temporal vector
terminology
terrorists
        9/11
        attack
        domestic
        group culture
        Total Information Awareness
Teten, Howard
THC-Hydra tool
Threat Management System
ThreatExpert website
threats.
See also
attacks; tradecraft
        academic research abuse
        actionable intelligence
        advanced persistent threats.
See
APTs
        analyzing
        application vulnerability scenario
        botnets.
See
botnets
        categories
        circles of trust
        conclusion
        countering
        criminal teams
        criminal tools/techniques
        cyber threat acquisition
        determining severity of
        distinguishing between
        distinguishing objectives
        “end game”
        engagement tactics
        evaluating success in mitigating
        evolution of vectors
        hacking back
        infiltration response planning
        knowledge source
        persistent
        postmortems
        questions to ask
        skills/methods
        tailored valid services
        targeted attack scenario
        “whack and tag a mole”
thumb drives
TIA (Total Information Awareness)
time vector
time zones
timeliness
Tital Rain APT

Other books

FLIGHT 22 by Davis, Dyanne
Revenger by Cain, Tom
Trust in Me by Dee Tenorio
Patricia Rice by Wayward Angel
Bare by Morgan Black
The Heart Whisperer by Ella Griffin
SurrendersMischief by Alvania Scarborough
Perfectly Flawed by Shirley Marks