Cyber Security and

Digital Forensics

Dr. Anil V Turukmane

Professor
SCOPE
VIT-AP University
Module No. 1 Cyber – Attacks, Intrusions, 8
Threats
Introduction to cyber-attacks, attack model, Adversary Types, Vulnerability Types, Threat
Types, Attacks vs. Intrusion, DDoS, Types, Malware, malware Types, Introduction to Advanced
Persistent Threats, Intrusion Kill Chain, Introduction to Dark net, Cybercrimes.
Existing Network Design
• Top-down approach
• Bottom up approach
Top-down design approach
Hierarchical network
Routed network
• A routed network is usually only used when a Bridged network is
unavailable
Bridged network
• It creates a single aggregate network from multiple
communication networks or network segments.
Segmented network
• Segmentation improves security and performance by dividing a
computer network into smaller parts to better control how traffic
flows across the network
Flat network
• A flat network is a computer network design approach that aims to
reduce cost, maintenance and administration.
• Flat networks are designed to reduce the number of routers and
switches on a computer network by connecting the devices to a
single switch instead of separate switches.
IP, Ports & Sockets
Sockets
Where sockets live in OSI model?
Where sockets live in OSI model?
 DHCP

• Dynamically assigns an IP
address and other network
configuration parameters to
each device on a network
DNS
Cyber crimes vs Cyber-attacks
• Cybercrime is a criminal activity done using computers and the
Internet.

• Cyber attack (or cyberattack) is a malicious attempt to expose, alter,

disable, destroy, steal or gain unauthorized access to a computer
system, infrastructure, network, or any other smart device
How long it will take you to crack your
password
Most common cyber attacks
• Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks.
• Man-in-the-middle (MitM) attack.
• Phishing and spear phishing attacks.
• Drive-by attack.
• OWASP attack.
• Cross-site scripting (XSS) attack.
• Eavesdropping attack. (passive)
• Malware attack.
• Password attack.
Denial-of-Service (DoS) and Distributed Denial-
of-Service (DDoS) attacks
DDoS DDoS Attack
Types
Volume-based Protocol-based Application layer

Botnets SYN flood(TCP) HTTP flood

(Ex: Xmas attack)
Bouncing
Reflection Ping of Death(ICMP) Attack on DNS
attack
(Ex: PoD, Smurf attack) Service
NTP
Amplification UDP flood Slowloris
DNS (Ex: Fraggle attack)
Multi Vector
Multi Vector IP based (TCP)
(Ex: Tear drop attack) Get/Post flood
UDP, TCP,
Measurements: Fragmentation ICMD
bits/Sec (bps) Measurements:
Request/Sec (rps)
Measurements:
Packets/Sec (pps)
Volumetric DDoS – Botnet based
Volumetric DDoS – Reflection based
Volumetric DDoS – Amplification
based
Volumetric DDoS - NTP amplification
Protocol based – SYN flood
Application layer DDoS - Http flood
Application layer DDoS - Slowloris
Tools for DDoS
• LOIC (Low Orbit Ion Canon)
• HULK (HTTP Unbearable Load King)
• R-U-Dead-Yet
• DDOSIM—Layer 7 DDOS Simulator.
• Tor's Hammer
• PyLoris
Man-in-the-middle (MitM) attack
Tools for MITM
• Bettercap – To Perform various types of MITM attacks against network
,Manipulate HTTP,HTTPS & TCP Traffic.
• Ettercap – It is Used for computer Protocol analysis & Security
Auditing.
• Wifiphisher- Automated phishing attacks against wi fi networks in
order to obtain secret passphrases or other credentials.
Phishing
Spear Phishing
Drive by attack
OWASP attack - XSS
OWASP attack – SQL Injection
Tools for SQL injection attack
• DSSS- Direct-Sequence Spread Spectrum

Help people use (computer) communication, data, documents,

knowledge, and models to solve problems and make decisions.

• Sqlmap- SQLmap is an open-source tool used in penetration testing to

detect and exploit SQL injection flaws.
Eavesdropping attack
Tool for eavesdropping
• Wireshark –Wireshark is the world’s foremost and widely-used
network protocol analyzer. It lets you see what’s happening on your
network at a microscopic level.

• Tcpdump- a command line utility that allows you to capture and

analyze network traffic going through your system.
Password attack
• Brute Force - A brute force attack is a hacking method that uses trial
and error to crack passwords, login credentials, and encryption keys.
• Dictionary - A dictionary attack is a basic form of brute force hacking
in which the attacker selects a target, then tests possible passwords
against that individual’s username.

• Hybrid -(Combination of Brute Force & Dictionary)

Malware attack
Attack model
Mitre vs. Cyber kill chain
Adversary Types
• Hackers - A person who uses a computer to look at and/ or change
information on another computer without permission.
• Vandals - Destructive cyberattacks without any obvious profit or
ideological motive
• Criminals - Cyber criminals seek to exploit human or security
vulnerabilities in order to steal passwords, data or money directly.
• Hacktivists- Hacktivism is the act of hacking, or breaking into a computer
system, for politically or socially motivated purposes.
• Nation state actors - Nation-state threat actors are people or groups who
use their technology skills to facilitate hacking, sabotage, theft,
misinformation and other operations on behalf of a country.
Vulnerability Types
• Software Bugs • URL redirection to untrusted sites
• Weak passwords • Path traversal
• Software that is already infected • Missing authentication for critical function
with virus • Unrestricted upload of dangerous file
• Missing data encryption types
• OS command injection • Dependence on untrusted inputs in a
• SQL injection security decision
• Buffer overflow • Cross-site scripting and forgery
• Missing authorization • Download of codes without integrity
checks
• Use of broken algorithms
Threat Types
Attacks vs. Intrusion
• A cyber attack can maliciously disable computers, steal data, or use a
breached computer as a launch point for other attacks.

• The successful cyber attack is an Intrusion.

Introduction to Advanced Persistent Threats
• An advanced persistent threat is a stealthy computer network threat
actor, typically a nation state or state-sponsored group, which gains
unauthorized access to a computer network and remains undetected
for an extended time period.
APT Life
cycle
 Introduction to Darknet

• What is it?
• World Wide Web content that is not part of the Surface Web and is
indexed by search engines.
• Most content that is not readily accessible using standard means (i.e.
search engines ).
• For example, web pages regarding private user accounts are in the deep web
(Private Info).
• The Deep Web is the majority of online content, estimated to be
x5000 times larger than the surface web.
• 95% of total internet population
Surface Web vs. Deep Web

Surface Web Deep Web

• Entries are statically generated • Entries are dynamically generated
(submitted to a query or accessed via
• Linked Content (web crawled) form).
• Readily accessible through any • Unlinked Content
browser or search engine unlike • Contextual Web
the Deep Web, which requires • Private Web
special search engines, • Scripted Content
browsers, and proxies to access. • Non-HTML content
• Limited Access Content (anti-robot
protocols like CAPTCHA)
Level 1- The Surface Web
• The web that the vast majority of internet users are accustomed to.
• Accessible in any nation that does not block internet access, even
places like China and Egypt.
• Social media sites like Facebook, informational websites like
Wikipedia, general websites, etc.
Level 2-The Bergie Web
• The layer of the Surface Web that is blocked in some nations. Some
other information is only accessible through illegal means.
• Google locked results
• Recently web crawled old content
• Pirated Media
• Pornography
Level 3-The Deep Web
• Requires a proxy or two (namely Tor) to access.
• Contains most of the archived web pages.
• Government/Business/Collegiate Research.
• Hackers/Script Kiddies/Virus Information.
• Illegal and Obscene Content (Torture, Suicides, etc.)
Level 4- The Charter Web
• Like the Regular Deep Web, but harder to get into and more illegal
content.
• Advanced covert government research.
• Most of the internet black market (run on bitcoins)
• Human/Arms/Drug/Rare Animal Trafficking.
• Assassination networks , bounty hunters, illegal game hunting etc.
• More banned obscene content like Child Pornography, Gore (bloody
violence), etc.
Level 5-Marianas Web
• Lowest known level of the Deep Web.
• Named after the Spanish Technician who created it.
• Extremely difficult to access, users say it is the safest part of the
internet due to how private it is.
• Julian Assange and other top-level Wikileaks members are believed to
have access.
Rumored Levels 6-8
• Mostly the stuff of conspiracy theorists.
• Level 6 is a giant firewall meant to prevent people from going any
further.
• Level 7 “The Fog” is said to be very dangerous and full of viruses.
• Level 8 is called PrimArch and is claimed to be controlled by an
extremely powerful AI (possibly running on a quantum computer).
 Ethical Uses
• Some organizations such as BrightPlanet claim that the Deep Web has
higher quality articles than the surface web (3 to 1 quality ration), and
a lot more of them.
• Deep Web capable search engines like ipl2 and Infomine can be used
to find them.
• Dig deep enough and you will find some interesting information about
past and present experiments and research.
• Assuming you use them ethically, there are hacking/virus creation
tutorials and information as well as a large community of hackers and
script kiddies to learn from.
How to Access Safely
• Proxies (namely Tor) and AV programs.
• Turn off ALL plug-in before accessing (especially the shady parts).
• If your computer has a webcam, remove or obstruct it.
• Stay away from anything that looks remotely criminal or suggestive.
• Use a safe and private network connection.
• Thank You