Trng i hc K thut Hu cn Cng an Nhn dn

BO CO NGHIN CU KHOA
HC
TI:
NGHIN CU QUY TRNH IU TRA TN
CNG WEB.

GV hng dn:
NHM NGHIN CU:
1. Nguyn Vn Tun B1D6
2. Dip Quang Thng B3D6
 NI DUNG BO CO

TNH CP Thc trng hin nay

THIT Vn t ra

Phn tch quy trnh iu tra tn cng Web

S dng mt s cng c iu tra tn cng
MC TIU
Web
Minh ha cch thc iu tra

Chng 1:Tng quan v ng

dng Web
Chng 2: Mt s kiu tn cng
NI DUNG Web
Chng 3: Quy trnh iu tra
tn cng Web
www.PowerPointDep.net
 Ni dung bo co
Tnh cp thit ca ti
Mc tiu ti
Ni dung ti
Phng php nghin cu
1.TNH CP THIT
1.1 Thc trng hin nay
 S dng rt nhiu cng c c hi mi,
nc ngoi: bao gm 3 l hng zero-day v 2 cuc tn
cng m ha d liu i tin chuc cha
tng c l WannaCry v ExPetr.
+ M c tng tin - Ransomware tr thnh
vn nn
-> Bao gm nhiu lp phn mm c vi
chc nng hn ch truy cp n h
thng my tnh m n ly nhim, v i
hi mt khon tin cho ngi to ra
malware nhm mc ch xa b vic
hn ch truy cp m n to ra trc

+ Theo s liu ca Kaspersky Lab (kho st t

thng 4/2014 n thng 3/2016), nm 2016,
c 40 giy li xut hin mt cuc tn cng
vo doanh nghip, s lng cc cuc tn cng
t m c tng tin nhm vo doanh nghip
tng ln gp 3 ln. C th, cc cuc tn
cng s dng m c tng tin tng t
131.111 v trong giai on 2014 -2015, ln
718.536 v trong giai on 2015-2016.
+ 3 l hng zero day ca Windown:
L hng zero day l mt thut ng ch nhng l hng cha c cng b hoc
cha c khc phc.

L hng zero-day ca Windows b nhm hacker ni ting Nga Sofacy v Turla s

dng. Sofacy, cn c gi l APT28 hay FancyBear, trin khai cc cuc tn cng
chng li mt lot cc mc tiu chu u, bao gm cc t chc chnh ph v chnh
tr. Cc mi e da cng b pht hin th nghim mt s cng c, ng ch nht l
v chng li mt ng vin Php trc cuc bu c quc gia.
 Vit Nam
Tnh n thng 9/2017 c gn 9.964 s c tn cng mng vo cc website ti Vit Nam.

* C 3 loi hnh tn cng chnh

Deface(Tn
cng thay i S lng website
Malware(M b tn cng thay
giao din i giao din
c) Web)
Phising(La Deface trong qu
S lng website 1/2017.
o) b ci m c
Malware trong
qu 1/2017.

S lng website b tn
cng la o Phishing
trong qu 1/2017.
 *in hnh:

+ V tn cng nhm vo Ngn hng TMCP Ngoi thng Vit Nam (Vietcombank).
Thng 8/2016, mt khch hng ca Vietcombank b mt s tin 500 triu ng
qua giao dch Internet Banking. Nguyn nhn c xc nh l do khch hng
truy cp vo mt trang web gi mo qua in thoi di ng, khin thng tin v mt
khu ca khch hng b nh cp, sau tin tc li dng ly cp tin trong ti
khon.
+ V tn cng Sn bay Ni Bi, Tn Sn Nht vo 29/7/2016, hng lot mn hnh
hin th thng tin chuyn bay cng h thng pht thanh ca sn bay Ni Bi, Tn
Sn Nht bt ng b tn cng, trn cc mn hnh hin th ni dung kch ng,
xuyn tc v Bin ng. H thng pht thanh ca sn bay cng pht i nhng
thng ip tng t. Cng thi im, trn website ca hng hng khng quc gia
Vit Nam (vietnamairlines.com) cng b thay i ni dung, ng thi ng ti
thng tin ca hn 400.000 thnh vin Golden Lotus.
1.2 Vn t ra:

+ Website l mt trong nhng cng c h tr hiu qu cho hot ng qung b

thng tin, qung b sn phm dch v kinh doanh v l i s thng hiu cho
cc c quan, t chc, doanh nghip. V vy website c vai tr rt quan trng
trong mi lnh vc i sng hin nay.

+ Thc t cho thy k tn cng ngy cng tinh vi hn trong vic xa du vt tn

cng khin cho qu trnh iu tra loi ti phm ny gp nhiu kh khn, kh pht
hin c i tng.

Chnh v vy vic la chn ti khoa hc Nghin cu v quy trnh iu tra

tn cng web l cn thit pht hin, u tranh ngn chn kp thi cc cuc
tn cng ca cc i tng trong vic m bo ATTT.
 2. MC TIU
GM 3 MC TIU CHUNG:
2.1 Mc tiu 1:

Phn tch c quy trnh iu tra tn cng

web.
2.2 Mc tiu 2:

S dng thnh tho mt s cng c h tr iu

tra web
2.3 Mc tiu 3:

Minh ha cch thc iu tra tn cng web.

3. NI DUNG

CHNG 1: CHNG 2: CHNG 3:

Tng quan v ng Mt s kiu tn Quy trnh iu tra

dng Web cng Web ph tn cng Web
bin
3.1 Chng 1: Tng quan v ng dng Web.
3.2 Chng 2. Mt s kiu tn cng Web ph
bin.
3.3 Chng 3. Quy trnh iu tra tn cng
web.
 Phng php nghin cu
Thm phng php nghin cu
Thank for listening