DOCSLIB.ORG

Appendix A: Cyber-D&D Taxonomy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Appendix A: Cyber-D&D Taxonomy This taxonomy presents an orderly classifi cation of cyber-D&D TTPs according to their relationship to classical D&D TTPs. This work draws on publications by author- itative sources as well as the body of knowledge in the security community. Grateful recognition is given to the National Institute of Standards and Technology, Sandia’s Information Design Assurance Red Team (IDART) framework, and MITRE’s Common Attack Pattern Enumeration and Classifi cation (CAPEC) project. Malicious actors use offensive TTPs to gain access to a target resource, while security personnel use defensive TTPs to protect their resources from compromise. This appendix is therefore divided into two high-level sections: use of cyber-D&D TTPs by malicious actors, and use of cyber-D&D TTPs by defenders against mali- cious actors. Usage by Malicious Actors Figure A.1 shows the offensive TTPs deployed by malicious actors to gain control of a target machine or network, implemented by abusing technical vulnerabilities in software or cognitive loopholes in people. To help correlate these offensive cyber-D&D TTPs with the concepts of revealing and concealing facts and fi ctions, Fig. A.2 presents a Venn diagram based on the D&D methods matrix in Chap. 2 . The diagram characterizes each of the offensive TTPs according to how it relates to the traditional model of revealing or concealing truths and fi ctions. This Venn diagram leads to several observations. First, it has only one intersection denoting TTPs that both simulate and dissimulate. This suggests some opportunity space in crafting new offensive D&D TTPs at the non-existent intersections. Second, most of the TTPs fall along the simulation-dissimulation axis, which suggests potential opportunity space in crafting new TTPs that reveal facts and conceal fi c- tions. Third, there are no identifi able TTPs in which adversaries conceal fi ctions. © Springer International Publishing Switzerland 2015 175 K.E. Heckman et al., Cyber Denial, Deception and Counter Deception, Advances in Information Security 64, DOI 10.1007/978-3-319-25133-2 176 Appendix A: Cyber-D&D Taxonomy Fig. A.1 Offensive Cyber-D&D TTPs Fourth, the largest category is conceal facts, which lends support to the notion presented in Sect. 6.3 that adversaries need to avoid detection to achieve their objectives. Fifth, there are few TTPs in which adversaries reveal facts voluntarily, given the disincentives in overtly showing their presence. Given the notion pre- sented in Sect. 6.3 that defenders must detect to achieve their objective, the adver- sary has very few TTPs that readily alert defenders of the adversary’s actions/ presence. Below we outline each of these offensive tactics and techniques in more detail, using the categories of the D&D methods matrix as the organizing framework. Reveal Facts Denial of Service Defi nition : Attempts to exhaust the resources of a machine preventing normal oper- ation of a system. Multiple machines could participate in a distributed denial of service (DDoS) attack or users may ‘opt-in’ as part of a coordinated protest. Appendix A: Cyber-D&D Taxonomy 177 Fig. A.2 Offensive Cyber-D&D Tactics Method : Either transmit an overwhelming amount of data to the target or exploit software resource allocation limits. Vulnerabilities in network-facing software can be triggered by incoming packets to cause a denial of service condition, for instance a memory exhaustion bug caused by half-open TCP connections. Application logic that requires nontrivial processing is generally vulnerable to requests that take more time to process than generate. Usage by Financially Motivated Actors : Coordinated networks of infected machines can be used to take competitors offl ine, prevent access to sites to cover fraudulent activity, or extract ransoms from targeted organizations. Usage by Targeted Actors : Motivated actors could suppress political opponents and activists, make systems unavailable in conjunction with a physical attack, and prevent defenders from reacting to ongoing intrusions. References Handley, Rescorla. RFC 4732: Internet Denial of Service . The IETF Trust, 2006. https://tools.ietf.org/html/rfc4732 CWE-770: Allocation of Resources Without Limits or Throttling. The MITRE Corporation. http://cwe.mitre.org/data/defi nitions/770.html 178 Appendix A: Cyber-D&D Taxonomy CAPEC-119: Resource Depletion. The MITRE Corporation. http://capec.mitre.org/ data/defi nitions/119.html CERT/CC. Denial of Service Attacks. 2001. https://www.cert.org/tech_tips/denial_ of_service.html Command Injection Defi nition : Execution of user-entered data as system commands. Method : Exploit insuffi cient sanitization of user data, allowing valid system com- mands as part of normal input, typically to server-side scripts. For instance, a vul- nerable service might allow incoming user input formatted as SQL queries to extract from a backend database. Usage by Financially Motivated Actors : Actors might wish to enumerate public- facing systems in order to compromise email accounts or personal information. Usage by Targeted Actors : Intrusions are aided by compromise of public servers, allowing their use as intermediary proxies and to further compromise website visitors. References OWASP—Command Injection. https://www.owasp.org/index.php/Command_ Injection Conceal Facts Binary Obfuscation Defi nition : The structure of software can be manipulated to conceal its functionality and increase the effort and cost involved in analyzing it. Method : Adding malicious functionality to legitimate applications, adding large sections of useless “junk” code, and encryption techniques to conceal malicious code. Usage by Financially Motivated Actors : A fi nancially motivated actor’s goal is to avoid detection by security companies and antivirus, and increase reverse- engineering efforts by competitors and security analysts. Usage by Targeted Actors : Customized implants might be heavily obfuscated to prevent detection and analysis. If an unpatched vulnerability is being exploited, obfuscation of the exploit code prevents other attackers from mimicking the same methods. Appendix A: Cyber-D&D Taxonomy 179 References David Kennedy. Metasploit: The Penetration Tester’s Guide , 2011. pp 103 NIST Special Publication 800-83: Guide to Malware Incident Prevention and Handling Bot Computer Defi nition : An infected computer capable of following instructions from an unau- thorized actor. A bot network comprises multiple machines under a unifi ed control method—typically responses from remote servers. Method : Machines are often infected through widely targeted malware leveraging client-side exploits, persisting by evading detection from antivirus software. Infected machines are typically home users or small businesses that lack the resources for detection and cleanup. Usage by Financially Motivated Actors : Credentials harvested from bots enable identity theft, money laundering, and further spread of infection. Infected machines can be used to launch denial of service attacks and spam campaigns, or can be re- sold for general purpose on the black market. Usage by Targeted Actors : Infected machines act as proxies for launching intrusions and provide a resilient infrastructure for control of Trojan horses. Stolen informa- tion can be re-used in future phishing campaigns and for better targeting of specifi c victims. References Botnets. Honeynet Project. http://www.honeynet.org/papers/bots Tracking Botnets. Roman Hüssy . https://www.abuse.ch/ Command and Control Defi nition : Communication between malware on a victim machine and a remote server. Traffi c is often obfuscated to prevent detection by security controls. Method : Implants typically report a machine’s network address, user credentials, and screen captures to its control server and wait for further instructions. File listings and credentials can be uploaded, and additional software can be downloaded to the compromised machine. Usage by Financially Motivated Actors : Actors use a set of domain or IP addresses for control, or generate them on the fl y in the client. Peer to Peer mechanisms are sometimes used to ensure resilient communication between server and clients. HTTP and IRC communications are common, including non-traditional communi- 180 Appendix A: Cyber-D&D Taxonomy cation methods like HTML comments and social media. Custom- developed com- mand and control network protocols are also common, including those deliberately designed to mimic another benign protocol. Usage by Targeted Actors : Implants connect to multiple domains, including backup domains that become active after a delay. Dynamic DNS may be used to provide fl exibility and additional concealment of attacker identity. Legitimate sites are often compromised and used as part of a controller infrastructure. Encrypted and covert communication methods are commonly used to conceal traffi c. References Michael Sikorski, Andrew Honig. Practical Malware Analysis. No Starch Press, 2012. Mandiant . M-Trends 2011. 2011. http://www.mandiant.com/resources/m-trends/ Connection Proxying Defi nition : Routing traffi c through intermediate machines that provide a level of concealment for the source machine. An anonymizing proxy allows users to hide web browser activity. An anonymizing proxy can be used to bypass web security fi lters to access blocked sites (e.g., enterprise blacklisted sites) which could contain infected webpages. Method : Software running on hosts provide forwarding of IP packets on the behalf of the source machine. Proxy software can be legitimately
Recommended publications
  • Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference by Fletcher Schoen and Christopher J

    Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference by Fletcher Schoen and Christopher J

    STRATEGIC PERSPECTIVES 11 Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference by Fletcher Schoen and Christopher J. Lamb Center for Strategic Research Institute for National Strategic Studies National Defense University Institute for National Strategic Studies National Defense University The Institute for National Strategic Studies (INSS) is National Defense University’s (NDU’s) dedicated research arm. INSS includes the Center for Strategic Research, Center for Complex Operations, Center for the Study of Chinese Military Affairs, Center for Technology and National Security Policy, Center for Transatlantic Security Studies, and Conflict Records Research Center. The military and civilian analysts and staff who comprise INSS and its subcomponents execute their mission by conducting research and analysis, publishing, and participating in conferences, policy support, and outreach. The mission of INSS is to conduct strategic studies for the Secretary of Defense, Chairman of the Joint Chiefs of Staff, and the Unified Combatant Commands in support of the academic programs at NDU and to perform outreach to other U.S. Government agencies and the broader national security community. Cover: Kathleen Bailey presents evidence of forgeries to the press corps. Credit: The Washington Times Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference By Fletcher Schoen and Christopher J. Lamb Institute for National Strategic Studies Strategic Perspectives, No. 11 Series Editor: Nicholas Rostow National Defense University Press Washington, D.C. June 2012 Opinions, conclusions, and recommendations expressed or implied within are solely those of the contributors and do not necessarily represent the views of the Defense Department or any other agency of the Federal Government.
  • Mimicry and Defense

    Mimicry and Defense

    3/24/2015 Professor Donald McFarlane Mimicry and Defense Protective Strategies Camouflage (“Cryptic coloration”) Diverse Coloration Diversion Structures Startle Structures 2 1 3/24/2015 Camouflage (“Cryptic coloration”) Minimize 3d shape, e.g. flatfish Halibut (Hippoglossus hippoglossus) 3 4 2 3/24/2015 Counter‐Shading 5 Disruptive Coloration 6 3 3/24/2015 Polymorphism – Cepeae snails 7 Polymorphism – Oophaga granuliferus 8 4 3/24/2015 Polymorphism – 9 Polymorphism – Oophaga Geographic locations of study populations and their color patterns. (A) Map of the pacific coast of Colombia showing the three study localities: in blue Oophaga histrionica, in orange O. lehmanni, and in green the pHYB population. (B) Examples of color patterns of individuals from the pHYB population (1–4) and the pattern from a hybrid between Oophaga histrionica and O. lehmanni bred in the laboratory (H) 10 5 3/24/2015 Diversion Structures 11 Startle Structures 12 6 3/24/2015 Warning Coloration (Aposematic coloration) Advertise organism as distasteful, toxic or venomous Problem: Predators must learn by attacking prey; predator learning is costly to prey. Therefore strong selective pressure to STANDARDIZE on a few colors/patterns. This is MULLERIAN MIMICRY. Most common is yellow/black, or red/yellow/black 13 Warning Coloration (Aposematic coloration) Bumblebee (Bombus Black and yellow mangrove snake (Boiga sp.) Sand Wasp (bembix oculata) dendrophila) Yellow‐banded poison dart frog (Dendrobates leucomelas Fire salamander ( Salamandra salamandra) 14 7 3/24/2015 Warning Coloration (Aposematic coloration) coral snakes (Micrurus sp.) ~ 50 species in two families, all venomous 15 Batesian Mimicry 1862 –Henry Walter Bates; “A Naturalist on the River Amazons” 16 8 3/24/2015 Batesian Mimicry Batesian mimics “cheat” –they lack toxins, venom, etc.
  • Strider Web Security

    Strider Web Security

    Adversarial Web Crawling with Strider Monkeys Yi-Min Wang Director, Cyber-Intelligence Lab Internet Services Research Center (ISRC) Microsoft Research Search Engine Basics • Crawler – Crawling policy • Page classification & indexing • Static ranking • Query processing • Document-query matching & dynamic ranking – Diversity • Goals of web crawling – Retrieve web page content seen by browser users – Classify and index the content for search ranking • What is a monkey? – Automation program that mimics human user behavior Stateless Static Crawling • Assumptions – Input to the web server: the URL • Stateless client – Output from the web server: page content in HTML • Static crawler ignores scripts Stateful Static Crawling • We all know that Cookies affect web server response • HTTP User-Agent field affects response too – Some servers may refuse low-value crawlers – Some spammers use crawler-browser cloaking • Give crawlers a page that maximizes ranking (=traffic) • Give users a page that maximizes profit Dynamic Crawling • Simple crawler-browser cloaking can be achieved by returning HTML with scripts – Crawlers only parse static HTML text that maximizes ranking/traffic – Users’ browsers additionally execute the dynamic scripts that maximize profit • Usually redirect to a third-party domain to server ads • Need browser-based dynamic crawlers to index the true content Search Spam Example: Google search “coach handbag” Spam Doorway URL = http://coach-handbag-top.blogspot.com http://coach-handbag-top.blogspot.com/ script execution led to redirection
  • The Ethics of Intelligence Collection Ross W. Bellaby

    The Ethics of Intelligence Collection Ross W. Bellaby

    What’s the Harm? The Ethics of Intelligence Collection Ross W. Bellaby Thesis submitted in fulfilment of the requirements for the degree of PhD Department of International Politics Aberystwyth University June 13th, 2011 DECLARATION This work has not previously been accepted in substance for any degree and is not being concurrently submitted in candidature for any degree. Signed ...................................................................... (Ross W. Bellaby) Date ........................................................................ STATEMENT 1 This thesis is the result of my own investigations, except where otherwise stated. Where *correction services have been used, the extent and nature of the correction is clearly marked in a footnote(s). Other sources are acknowledged by footnotes giving explicit references. A bibliography is appended. Signed ..................................................................... (Ross W. Bellaby) Date ........................................................................ [*this refers to the extent to which the text has been corrected by others] STATEMENT 2 I hereby give consent for my thesis, if accepted, to be available for photocopying and for inter- library loan, and for the title and summary to be made available to outside organisations. Signed ..................................................................... (Ross W. Bellaby) Date ........................................................................ I hereby give consent for my thesis, if accepted, to be available for photocopying
  • Cyber Counterintelligence - Deception, Distortion, Dishonesty

    Cyber Counterintelligence - Deception, Distortion, Dishonesty

    #RSAC SESSION ID: CYBER COUNTERINTELLIGENCE - DECEPTION, DISTORTION, DISHONESTY Jeff Bardin Dr. Khatuna Mshvidobadze Chief Intelligence Officer Principal Treadstone 71 Cyberlight Global Associates @Treadstone71LLC [email protected] 5 2 Agenda Taxonomy Types of Denial Deception Dimensions of D&D Tactics Deception Chain (see your handout) and Deception Planning D&D Russian Historical Information Criminals & Kids Notable Events Georgia US Election Background Warfare Dis-information / France – Information Complexity of Formation of cyber Troll Factories Major Players TV5Monde Warfare on Social Outsourcing troops Media Forming public Interagency Socio-Cultural Conclusions - opinion Rivalries Differences Recommendations 3 Denial and Deception - Lifecycle Types of Denial and Deception Resource Diversion Uncertainty Intelligence Proactivity Depletion • Direct an • Waste an • Cause the • Monitor and • Use adversary’s adversary’s adversary to analyze deception attention time and doubt the adversary techniques to from real energy on veracity of a behavior detect assets toward obtaining and discovered during previously bogus ones. analyzing vulnerability intrusion unknown false or stolen attempts to attacks that information. information. inform future other defense defensive efforts. tools may miss. 4 Deception Planning Consideration of all critical components of the operation. Deny, deceive, create propaganda RSA Conference - Bardin and Mshvidobadze Western Dogs Dogs Lie Like Dotards - We will hack their sites and bring them down 5 Dimensions
  • Escape from Monkey Island: ? Evading High-Interaction Honeyclients

    Escape from Monkey Island: ? Evading High-Interaction Honeyclients

    Escape from Monkey Island: ? Evading High-Interaction Honeyclients Alexandros Kapravelos1, Marco Cova2, Christopher Kruegel1, Giovanni Vigna1 1 UC Santa Barbara {kapravel,chris,vigna}@cs.ucsb.edu 2 University of Birmingham, UK {m.cova}@cs.bham.ac.uk Abstract. High-interaction honeyclients are the tools of choice to detect mali- cious web pages that launch drive-by-download attacks. Unfortunately, the ap- proach used by these tools, which, in most cases, is to identify the side-effects of a successful attack rather than the attack itself, leaves open the possibility for malicious pages to perform evasion techniques that allow one to execute an at- tack without detection or to behave in a benign way when being analyzed. In this paper, we examine the security model that high-interaction honeyclients use and evaluate their weaknesses in practice. We introduce and discuss a number of possible attacks, and we test them against several popular, well-known high- interaction honeyclients. Our attacks evade the detection of these tools, while successfully attacking regular visitors of malicious web pages. 1 Introduction In a drive-by-download attack, a user is lured into visiting a malicious web page, which contains code that exploits vulnerabilities in the user’s browser and/or its environment. If successful, the exploits can execute arbitrary code on the victim’s machine [33]. This ability is typically used to automatically download and run malware programs on the compromised machine, which, as a consequence, often becomes part of a botnet [31]. Drive-by-download attacks are one of the most pervasive threats on the web, and past measurements have found millions of malicious web pages [3, 32].
  • Tracking and Mitigation of Malicious Remote Control Networks

    Tracking and Mitigation of Malicious Remote Control Networks

    Tracking and Mitigation of Malicious Remote Control Networks Inauguraldissertation zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften der Universität Mannheim vorgelegt von Thorsten Holz aus Trier Mannheim, 2009 Dekan: Prof. Dr. Felix Christoph Freiling, Universität Mannheim Referent: Prof. Dr. Felix Christoph Freiling, Universität Mannheim Korreferent: Prof. Dr. Christopher Krügel, University of California, Santa Barbara Tag der mündlichen Prüfung: 30. April 2009 Abstract Attacks against end-users are one of the negative side effects of today’s networks. The goal of the attacker is to compromise the victim’s machine and obtain control over it. This machine is then used to carry out denial-of-service attacks, to send out spam mails, or for other nefarious purposes. From an attacker’s point of view, this kind of attack is even more efficient if she manages to compromise a large number of machines in parallel. In order to control all these machines, she establishes a malicious remote control network, i.e., a mechanism that enables an attacker the control over a large number of compromised machines for illicit activities. The most common type of these networks observed so far are so called botnets. Since these networks are one of the main factors behind current abuses on the Internet, we need to find novel approaches to stop them in an automated and efficient way. In this thesis we focus on this open problem and propose a general root cause methodology to stop malicious remote control networks. The basic idea of our method consists of three steps. In the first step, we use honeypots to collect information.
  • Müllerian and Batesian Mimicry Rings of White- Variegated Aposematic Spiny and Thorny Plants: a Hypothesis

    Müllerian and Batesian Mimicry Rings of White- Variegated Aposematic Spiny and Thorny Plants: a Hypothesis

    Israel Journal of Plant Sciences ISSN: 0792-9978 (Print) 2223-8980 (Online) Journal homepage: http://www.tandfonline.com/loi/tips20 Müllerian and Batesian mimicry rings of white- variegated aposematic spiny and thorny plants: A hypothesis Simcha Lev-Yadun To cite this article: Simcha Lev-Yadun (2009) Müllerian and Batesian mimicry rings of white- variegated aposematic spiny and thorny plants: A hypothesis, Israel Journal of Plant Sciences, 57:1-2, 107-116 To link to this article: http://dx.doi.org/10.1560/IJPS.57.1-2.107 Published online: 14 Mar 2013. Submit your article to this journal Article views: 41 View related articles Citing articles: 1 View citing articles Full Terms & Conditions of access and use can be found at http://www.tandfonline.com/action/journalInformation?journalCode=tips20 Download by: [Universitaire De Lausanne] Date: 03 May 2016, At: 02:12 Israel Journal of Plant Sciences Vol. 57 2009 pp. 107–116 DOI: 10.1560/IJPS.57.1–2.107 This paper has been contributed in honor of Azaria Alon on the occasion of his 90th birthday. Müllerian and Batesian mimicry rings of white-variegated aposematic spiny and thorny plants: A hypothesis SIMCHA LEV-YADUN Department of Science Education–Biology, Faculty of Science and Science Education, University of Haifa—Oranim, Tivon 36006, Israel (Received 4 August 2008; accepted in revised form 9 March 2009) ABSTRACT Twenty-one wild spiny or thorny plant species growing in Israel have been found so far that are conspicuous because of white stripes and spots found on their leaves. Twenty of these species occupy open habitats, and only one is a climber (Smilax aspera) that is found in both shady and open habitats.
  • Surprise, Deception, Denial and Warning: Strategic Imperatives

    Surprise, Deception, Denial and Warning: Strategic Imperatives

    Surprise, Deception, Denial and Warning: Strategic Imperatives by Lani Kass and J. Phillip “Jack” London Lani Kass, Ph.D., is a Corporate Strategic Advisor at CACI International. Kass previously served as a Senior Policy Advisor to the Chairman of the Joint Chiefs of Staff. She was the first woman to serve as Professor of Military Strategy at the National War College. J. Phillip London, Ph.D., is Chairman of the Board of CACI International. A graduate of the U.S. Naval Academy, he spent 24 years on active and reserve duty. London is the recipient of numerous industry awards and serves on several boards, including the U.S. Naval Institute and CAUSE. The views presented here are the authors’ alone. This article is a tribute to the National War College’s distinguished graduates, among them Service Chiefs, Combatant Commanders, and literally hundreds of senior diplomats, warriors and statesmen. Abstract: This article frames the highly complex national security challenges of surprise, denial and deception. These ultimate asymmetric threats exploit vulnerabilities, capitalizing on hubris, complacency and self-delusion. Such actions prevent the full and accurate assessment of opponents’ capabilities and intentions, and hinder appropriate actions. The long and frequent history of surprise, denial and deception suggest that these are essentially psychological phenomena. They are effective because they challenge and exploit perceptions that fill the gap between what is known and unknown. The authors present decision superiority as the fusion of information dominance and decisive action. Technology and intelligence can enhance decision superiority by ameliorating, but not eliminating, the limits of human perception.
  • Who Watches the Watchmen? the Conflict Between National Security and Freedom of the Press

    Who Watches the Watchmen? the Conflict Between National Security and Freedom of the Press

    WHO WATCHES THE WATCHMEN WATCHES WHO WHO WATCHES THE WATCHMEN WATCHES WHO I see powerful echoes of what I personally experienced as Director of NSA and CIA. I only wish I had access to this fully developed intellectual framework and the courses of action it suggests while still in government. —General Michael V. Hayden (retired) Former Director of the CIA Director of the NSA e problem of secrecy is double edged and places key institutions and values of our democracy into collision. On the one hand, our country operates under a broad consensus that secrecy is antithetical to democratic rule and can encourage a variety of political deformations. But the obvious pitfalls are not the end of the story. A long list of abuses notwithstanding, secrecy, like openness, remains an essential prerequisite of self-governance. Ross’s study is a welcome and timely addition to the small body of literature examining this important subject. —Gabriel Schoenfeld Senior Fellow, Hudson Institute Author of Necessary Secrets: National Security, the Media, and the Rule of Law (W.W. Norton, May 2010). ? ? The topic of unauthorized disclosures continues to receive significant attention at the highest levels of government. In his book, Mr. Ross does an excellent job identifying the categories of harm to the intelligence community associated NI PRESS ROSS GARY with these disclosures. A detailed framework for addressing the issue is also proposed. This book is a must read for those concerned about the implications of unauthorized disclosures to U.S. national security. —William A. Parquette Foreign Denial and Deception Committee National Intelligence Council Gary Ross has pulled together in this splendid book all the raw material needed to spark a fresh discussion between the government and the media on how to function under our unique system of government in this ever-evolving information-rich environment.
  • Hakin9 Extra Followers, We Grzegorz.Tabaka@Hakin9.Org Are Giving You the Latest Fruit of Our Labour

    Hakin9 Extra Followers, We [email protected] Are Giving You the Latest Fruit of Our Labour

    Szukaj nas takze na www.ashampoo.com Pwn Plug. The Industry’s First Commercial Air Freshener? Pentesting Drop Box. Printer PSU? ...nope FEATURES: % Covert tunneling % SSH access over 3G/GSM cell networks % NAC/802.1x bypass % and more! Discover the glory of Universal Plug & Pwn @ pwnieexpress.com t) @pwnieexpress e) [email protected] p) 802.227.2PWN pwnplug - Dave-ad3-203x293mm.indd 1 1/5/12 3:32 PM To hack or not to hack Managing: Michał Wiśniewski – that is [email protected] the question Senior Consultant/Publisher: Paweł Marciniak Editor in Chief: Grzegorz Tabaka ear Hakin9 Extra Followers, we [email protected] are giving you the latest fruit of our labour. Honeypots are our le- Art Director: itmotiv this month. Especially for Marcin Ziółkowski Dyou, our dear followers, we have selected the choicest articles within the topic of Ho- DTP: neypots/Honeynets. I sincerely hope that we Marcin Ziółkowski sufficiently expanded on the topic to satisfy www.gdstudio.pl your needs and we quenched your appetite for Hakin9 knowledge. I am also very happy Production Director: that we managed to have an exclusive inte- Andrzej Kuca rview with Dr. Fred Cohen – the „father” of [email protected] computer viruses and that, once again, our respected authors helped us with their con- Marketing Director: tributions. This month: Jeremiah Brott will, Grzegorz Tabaka in great detail, tell you about different ty- [email protected] pes of honeypots and their use. Roberto Saia is going to present you „Proactive Network Proofreadres: Defence Through Simulated Networks”. Hari Bob Folden, I.
  • ATP 2-33.4 Intelligence Analysis

    ATP 2-33.4 Intelligence Analysis

    ATP 2-33.4 Intelligence Analysis JANUARY 2020 DISTRIBUTION RESTRICTION: Approved for public release; distribution is unlimited. This publication supersedes ATP 2-33.4, dated 18 August 2014. Headquarters, Department of the Army This publication is available at Army Knowledge Online (https://armypubs.army.mil), and the Central Army Registry site (https://atiam.train.army.mil/catalog/dashboard). *ATP 2-33.4 Army Techniques Publication Headquarters No. 2-33.4 Department of the Army Washington, DC, 10 January 2020 Intelligence Analysis Contents Page PREFACE............................................................................................................. vii INTRODUCTION ................................................................................................... xi PART ONE FUNDAMENTALS Chapter 1 UNDERSTANDING INTELLIGENCE ANALYSIS ............................................. 1-1 Intelligence Analysis Overview ........................................................................... 1-1 Conducting Intelligence Analysis ........................................................................ 1-5 Intelligence Analysis and Collection Management ............................................. 1-8 The All-Source Intelligence Architecture and Analysis Across the Echelons ..... 1-9 Intelligence Analysis During Large-Scale Ground Combat Operations ........... 1-11 Intelligence Analysis During the Army’s Other Strategic Roles ........................ 1-13 Chapter 2 THE INTELLIGENCE ANALYSIS PROCESS ..................................................