Scribd Logo
Upload

Welcome to Scribd!

  • Serangan Cyber PDF

    Uploaded by

    Merta Wirama
    10 views20 pages

    Original Title

    2._Serangan_Cyber_.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views20 pages

    Serangan Cyber PDF

    Uploaded by

    Merta Wirama

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Jenis Serangan Cyber

    Definisi Jenis Serangan Cyber Secara Umum


    Jenis Serangan
    Backdoors
    Denial-of-Service Attack
    Direct-access Attack
    Eavesdropping
    Spoofing
    Tampering
    Repudiation Attack
    Information Disclosure
    Jenis Serangan
    Privilege Escalation Attack
    Exploits
    Social Engineering
    Indirect attack
    Computer crime
    Malware
    Adware
    Bots
    Jenis Serangan
    Ransomware
    Rootkits
    Spyware
    Scareware
    Trojan Horses
    Virus
    Worm
    Phishing
    Jenis Serangan
    Identity Theft
    Intellectual Property Theft
    Password Attacks
    Bluesnarfing
    Bluejacking
    DDoS
    Keylogger
    Anatomi
    Langkah Umum Serangan Cyber dan Tipe Malware
    Proses Serangan

    Intrusion and
    Clean-up
    Phishing (Email) advanced attacks Backdoor
    Pharming (website) RAT (Remote Access
    "zero-day" exploits Trojan) Log wiping
    drive-by pharming
    (DNS /AP) DoS/DDoS Rootkit History cleanup
    Service Scanning Ping flood Virus, Worm
    Ping-of-death
    Reconnaissance SYN flood Malware
    and enumeration insertion
    Tipe Malware

    Nuisance Spyware
    malware Adware/Tracker

    Trojan-executable
    Controlling
    RAT
    malware
    Rootkit

    Destructive Virus
    malware Worm
    Skenario Umum
    Studi Kasus: Skenario Umum Serangan Cyber
    Application Level Attack

    SURVEY DELIVERY BREACH AFFECT

    Identify SQL Extract database,


    Scan for app. Upload webshell,
    injection and craft compromise
    vulnerability on gain control of
    an attack to credentials, move
    public websites webserver
    deliver webshell laterally
    Bruteforce

    SURVEY DELIVERY BREACH AFFECT

    Lateral movement was


    Compromise of the
    Identification of the achieved through the Sensitive business
    corporate email,
    webmail service used compromise of information, used for
    through a password
    by company multiple email competitive advantage
    guessing attack
    accounts
    Distributed Denial of Service

    SURVEY DELIVERY BREACH AFFECT

    Construction of a
    Six hour system
    Scanning and probing Botnet capable of Launch a persistent
    outage. Severe decline
    of payments exhausting system attack against the
    in revenue and
    processing servers resources and targeted systems
    customer confidence
    bandwidth
    Network Protocol Attack

    SURVEY DELIVERY BREACH AFFECT

    Enumerate extensions Set up SIP forwarding Intercept calls and


    Scan for SIP protocol & management and attempt VLAN attempt access to data
    on the internet interfaces for hopping into data network for access to
    vulnerabilities network data assets
    Vulnerability Exploitation

    SURVEY DELIVERY BREACH AFFECT

    Exploit Shellshock and Scan internal network


    Scan for Shellshock SCP copy data directly
    upload Nmap & Socat for shellshock. Move,
    vulnerability on from systems of
    directly through steal credentials,
    internet side interest
    exploit lateral SSH
    Exploitation of novel / 0-day
    vulnerability

    SURVEY DELIVERY BREACH AFFECT

    When vulnerability is Payload executes, steal Steal credentials from


    Set up fake website
    identified, weaponise credentials from domain controllers.
    and prepare phishing
    and send phishing administrator account, Attempt to acquire
    campaign
    emails to targets escalate privileges data
    Phishing for Credentials

    SURVEY DELIVERY BREACH AFFECT

    Use fake wifi to Use compromised Social engineer


    Identify target and
    Intercept and steal accounts to bypass employees to
    a place they can be
    credentials through filtering and email deploy RAT and
    attacked
    redirection malicious payload exfiltrate data
    Phishing with Malware

    SURVEY DELIVERY BREACH AFFECT

    Identify company Send phishing email Malware downloads Malware hijacks


    customers or broad to companys other malicious files. banking session and
    range of email customers containing Monitors for banking transfers funds from
    addresses malware activity account holder
    Rogue Update

    SURVEY DELIVERY BREACH AFFECT

    Scan for internet Return regularly to


    Log in to company Downgrade POS
    facing remote access. collect card data
    network and identify software to a
    Carry out automated stored by POS
    POS software vulnerable version
    password guessing software
    Watering-Hole Attack

    SURVEY DELIVERY BREACH AFFECT

    Identification of Uploaded and Payload downloaded,


    equipment of interest, replaced legitimate RAT introduced giving Unknown given lack of
    manufacture and drivers with included attacker control of the evidence available
    distribution method malicious code host
    ~Matur Nuwun~

    You might also like