20.09.2016 2
Kompromittierung Erkennung
https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016.pdf
146 Tage
20.09.2016 3
25%
38%
13%
6%
6%
6%6%
Spear Phish
CompromisedWeb Server
SocialEngineering
CompromisedMail Server
SQL Injection
CitrixVulnerability
DefaultCredentials
https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016EMEA_LR.pdf
20.09.2016 4
Kompromittierung Persistenz Eskalation Interne Aktivitäten Exfiltration
• Social Engineering
• Externer Angriff
• Backdoor
• Trojaner
• Passwörter
• "Pass-the-hash"
• Enumeration
• Passwort Re-Use• Diebstahl
20.09.2016 5
20.09.2016 6
https://blogs.sophos.com/2015/09/28/why-word-malware-is-basic/
20.09.2016 7
20.09.2016 8
20.09.2016 9
http://www.powershellempire.com/
20.09.2016 10
20.09.2016 11
https://www.virustotal.com/en/file/410a930b1fb995e72e5d1f126ee7efa597f93863849f838c0a66e9c70a3d5224/analysis/1474443529/
20.09.2016 12
https://getgophish.com/documentation/Gophish%20User%20Guide.pdf
20.09.2016 13
http://www.powershellempire.com/
20.09.2016 14
https://insights.sei.cmu.edu/cert/2016/06/who-needs-to-exploit-vulnerabilities-when-you-have-macros.html
https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/
http://www.asd.gov.au/publications/protect/ms-office-macro-security.htm
20.09.2016 15
https://technet.microsoft.com/de-de/security/jj653751
https://msdn.microsoft.com/de-de/library/hh831440(v=ws.11).aspx
20.09.2016 16
20.09.2016 17
20.09.2016 18