Malware Forensics : Investigation and Mitigation of Windows/Linux/Mac Malwares: August 2015

Attack Definition:

Technique used by hackers to exploit the vulnerability (weakness/flaw in any application/device) is called an attack.

In subsequent posts, we would be exploring attacks to identify their root cause, exploitation and remediation methods.

Attack categories:

Serial No.	Attack Categories
1	Injection
2	Exploitation of authentication
3	Resource manipulation attack
4	Resource depletion attack
5	Abuse of functionality
6	Embedded malicious code execution
7	Protocol manipulation attack
8	Spoofing
9	Data structure attack
10	Path traversal attack

Classification of attacks based upon categories:

1) INJECTION
SQL Injection	Blind SQL Injection	Static Code Injection
Dynamic Code Injection	Command Injection	LDAP Injection
Comment Injection	Special Character/Element Injection	Server-side Includes Injection
PHP Object Injection	Resource Injection	XPATH Injection
Blind XPATH Injection	Full Path Disclosure	Web Parameter Tampering
Parameter Delimiter	String Format Attack	Cross-site scripting (CSS)
Content Spoofing	Content Security Policy	Cross-Origin Resource Sharing (CORS) RequestPreflighScrutiny

2) EXPLOITATION OF AUTHENTICATION
Account Lockout Attack	One-click Attack	Session Prediction
Session Hijacking Attack	Session Fixation Attack	Cross Side Request Forgery (CSRF)
Execution after Redirect

3) RESOURCE MANIPULATION ATTACK
Comment Injection	Special Character/Element Injection	Path Traversal
Relative path Traversal	Repudiation Attack	Application Setting Manipulation
Forced Browsing	Single Encoding Attack	Double Encoding Attack
Malwares

4) RESOURCE DEPLETION ATTACK
Asymmetric Resource Consumption	Cash Overflow	Denial of Service
Distributed Denial of Service

5) ABUSE OF FUNCTIONALITY
Account Lockout Attack	Cache Poisoning	Cross-user Defacement
Path Traversal	Mobile code: Invoking Untrusted Mobile Code	Mobile code: Object Hijack
Mobile code: Non-final Public Variable Manipulation

6) EMBEDDED MALICIOUS CODE EXECUTION
Cross-Site Request Forgery (CSRF)	Logic/Time Bomb	Malwares

7) PROTOCOL MANIPULATION ATTACK
HTTP Request Smuggling	HTTP Response Splitting	Encryption Protocol Interception
Traffic Flood

8) SPOOFING
Cross Site Request Forgery (CSRF)	Cash Overflow	Denial of Service (DOS)
Distributed Denial of Service (DDOS)	Man-in-the-Middle (MIM)	Brute Force Attack

9) DATA STRUCTURE ATTACK
Buffer Overflow Attack	Overflow Binary Resource file	Buffer Overflow via Environment Variables

10) PATH TRAVERSAL ATTACK
Full Path Disclosure	Relative Path Traversal

Source: OWASP (https://www.owasp.org)

Malware Forensics : Investigation and Mitigation of Windows/Linux/Mac Malwares

Thursday, August 27, 2015

Exploration of Cyber-Attacks