D2.5 Threat Actors' Attack Strategies

D2.5 Threat Actors' Attack Strategies

Advanced Cyber–Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things Grant Agreement: 786698 D2.5 Threat actors’ attack strategies Work Package 2: Cyber–threat landscape and end–user requirements Document Dissemination Level PU Public X CO Confidential, only for members of the Consortium (including the Commission Services) Document Due Date: 31/12/2018 Document Submission Date: 31/12/2018 Co–funded by the Horizon 2020 Framework Programme of the European Union D2.5 Threat actors’ attack strategies Document Information Deliverable number: D2.5 Deliverable title: Threat actors’ attack strategies Deliverable version: 1.00 Work Package number: WP2 Work Package title: Cyber–threat landscape and end–user requirements Due Date of delivery: 31/12/2018 Actual date of delivery: 31/12/2018 Dissemination level: PU Editor(s): Konstantinos Limniotis (UOP) Contributor(s): Nicholas Kolokotronis, Costas Vassilakis, Nicholas Kalouptsidis, Konstantinos Limniotis, Konstantinos Ntemos, Christos–Minas Mathas, Konstantinos–Panagiotis Grammatikakis (UOP) Dimitris Kavallieros, Giovana Bilali (KEMEA) Stavros Shiaeles, Bogdan Ghita, Julian Ludlow, Salam Ketab, Hussam Mohammed, Abdulrahman Alruban (CSCAN) Reviewer(s): Pavué Clément (SCORECHAIN) Michele Simioli (MATHEMA) Project name: Advanced Cyber–Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things Project Acronym Cyber–Trust Project starting date: 01/05/2018 Project duration: 36 months Rights: Cyber–Trust Consortium Copyright Cyber–Trust Consortium. All rights reserved. 2 D2.5 Threat actors’ attack strategies Version History Version Date Beneficiary Description 0.10 22/10/2018 UOP Proposed deliverable’s outline 0.15 06/11/2018 UOP Initial text in Section 5 has been written 0.20 11/11/2018 UOP First draft of Section 4 0.25 30/11/2018 UOP First draft of Section 5 0.30 07/12/2018 UOP First draft of Section 3 0.35 09/12/2018 UOP New material added, presentation enhancements, and structural changes 0.40 14/12/2018 UOP First draft of Section 1 0.45 15/12/2018 CSCAN First draft of Section 8 0.50 17/12/2018 KEMEA First draft of Section 7 0.55 18/12/2018 UOP First draft of Section 6 0.60 18/12/2018 UOP First draft of Section 2 0.65 19/12/2018 UOP Final draft of deliverable sent for review 1.00 30/12/2018 UOP Accommodation of review comments and other minor corrections Copyright Cyber–Trust Consortium. All rights reserved. 3 D2.5 Threat actors’ attack strategies Acronyms ACRONYM EXPLANATION ACT Attack Countermeasure Tree ADT Attack Defense Tree AFT Attack Fault Tree AG Attack graph AIV Annual Infrastructure Value ALE Annual Loss Expectancy API Application Programming Interface ARC Annual Response Cost ART Attack response Tree AT Attack tree BAG Bayesian Attack Graph CAG Core Attack Graph CMS Content Management System CoAG Conservative Attack Graph CPE Common Platform Enumeration CSV Comma–Separated Values CUI Character User Interface CVE Common Vulnerabilities and Exposures CVRF Common Vulnerability Reporting Format CVSS Common Vulnerability Scoring System CWE Common Weakness Enumeration DAG Directed Acyclic Graph DDoS Distributed Denial of Service DNS Domain Name Server DT Defense Tree EDG Exploit Dependency Graph eVDB enriched Vulnerability Data Base GCF Greenbone Community Feed GPL General Public License GPO Group Policy Object GPRS General Packet Radio Service GPS Global Positioning System GrSM Graphical Security Model GSF Greenbone Security Feed HARM Hierarchical Attack Representation Model HTTP Hypertext Transfer Protocol HVAC Heating, Ventilation, and Air Conditioning IDPS Intrusion Detection and Prevention System IDS Intrusion Detection System IEC International Electrotechnical Commission iIRS intelligent Intrusion Response System Copyright Cyber–Trust Consortium. All rights reserved. 4 D2.5 Threat actors’ attack strategies IoT Internet of Things IPS Intrusion Prevention System ISO International Standards Organization LGA Logical Attack Graph NASL Nessus Attack Scripting Language NCCIC National Cybersecurity and Communications Integration Center NFC Near Field Communication NGFW Next Generation FireWall NIST National Institute of Standards and Technology NSE Nmap Scripting Engine NVD National Vulnerability Database OS Operating System OSINT Open–Source INTelligence OVAL Open Vulnerability and Assessment Management OWAT Ordered Weighted Averaging Tree PAG Personalized Attack Graph PCAP Packet Capture PT Protection Tree RDF Resource Description Framework RM Risk Mitigation SCAP Security Content Automation Protocol SCT Security Compliance Toolkit SDN Software Defined Network SNMP Simple Network Management Protocol SQL Structured Query Language TCP Transmission Control Protocol TMS Trust Management Service TVA Topological Vulnerability Analysis UDP User Datagram Protocol UI User Interface URI Uniform Resource Identifier URL Uniform Resource Locator VDB Vulnerability Data Base VM Virtual Machine VPN Virtual Private Network XML eXtensible Markup Language Copyright Cyber–Trust Consortium. All rights reserved. 5 D2.5 Threat actors’ attack strategies Table of Contents 1. Introduction ................................................................................................................................. 13 1.1 Purpose of the document ................................................................................................................ 13 1.2 Relations to other activities in the project ....................................................................................... 14 1.3 Structure of the document .............................................................................................................. 14 2. Methodology ................................................................................................................................ 15 3. Information acquisition ................................................................................................................. 18 3.1 Network topology and host connectivity ......................................................................................... 18 3.1.1 List of tools considered ....................................................................................................... 20 3.1.1.1 Nmap .................................................................................................................... 20 3.1.1.2 Angry IP scanner .................................................................................................. 21 3.1.1.3 Unicornscan ......................................................................................................... 22 3.1.1.4 Dipiscan ................................................................................................................ 22 3.1.1.5 Masscan ............................................................................................................... 23 3.1.1.6 Scanrand .............................................................................................................. 23 3.1.1.7 Zmap .................................................................................................................... 23 3.1.1.8 NetCrunch tools ................................................................................................... 24 3.1.1.9 MyNet toolset ...................................................................................................... 24 3.1.1.10 LanTopoLog .......................................................................................................... 25 3.1.1.11 Spiceworks NM .................................................................................................... 25 3.1.1.12 NetworkMiner...................................................................................................... 25 3.1.1.13 PcapViz ................................................................................................................. 26 3.1.1.14 Skydive ................................................................................................................. 26 3.1.1.15 Maltego ................................................................................................................ 27 3.1.1.16 Netglub ................................................................................................................ 27 3.1.1.17 Dnsdumpster.com................................................................................................ 28 3.1.1.18 Spiderfoot ............................................................................................................ 28 3.1.1.19 ReconDog ............................................................................................................. 29 3.1.2 Comparative analysis .......................................................................................................... 29 3.2 Vulnerability scanning ...................................................................................................................... 32 3.2.1 Tools and scanning taxonomies .......................................................................................... 32 3.2.2 Comparison criteria choice ................................................................................................. 33 3.2.3 List of tools considered ....................................................................................................... 35 3.2.3.1 OpenVAS .............................................................................................................. 35 3.2.3.2 Nessus

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    131 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us