Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

Cybersecurity Canon Candidate Book Review Cybercrime and Espionage An Analysis of Subversive Multi-Vector Threats 2011 , by Will Gragido and John Pirc

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse



Cybersecurity Canon Candidate Book Review Cybercrime and Espionage An Analysis of Subversive Multi-Vector Threats 2011 , by Will Gragido and John Pirc

Par Security Bloggers Network
Le [2015-07-18] à 00:43:16



Présentation : Executive Summary Cybercrime and Espionage, published in 2011, is a book that was ahead of its time. The authors were pushing the envelope in terms of how the security community should think about advanced threats. However, almost five years later, there is not enough in here to make the book Canon material. Gragido and Pirc present some stimulating ideas, but in the end, the security community has not adopted many of them. My recommendation is to read this book if you are interested in how our community has evolved in terms of thinking about adversary campaigns. However, if you are looking for a state-of-the-art book about cybercrime and cyber espionage, this is not it. Introduction Will Gragido and John Pirc published this book in February 2011 the year after the commercial industry experienced its wake-up call in terms of cyber espionage Operation Aurora. 1 Aurora refers to the adversary campaign launched at Google and other commercial organizations that was designed to steal intellectual property, collect information on human rights activists, and gather intelligence regarding on-going FBI wiretap operations. 2 What made Aurora notable was Google s reaction to it. They went public and accused the Chinese government of being responsible for the attacks. Before Aurora, most commercial organizations would not admit that they had been breached, even though nation states had been targeting commercial organizations for at least a decade. Business leaders worried that admitting a breach would significantly affect the bottom line. After Aurora and Google s public mea culpa, it became easier for other commercial entities to admit that they had been breached. Fast-forward to today, and public breach notifications are so common that it is difficult to keep up with them all. But this was the beginning. Before Aurora, the only significant cyberthreat to the commercial world at the time was crime. After, cyber espionage became something that we all had to worry about. This is the context for the book defining cybercrime and cyber espionage as motivations what makes them different and what makes them the same. Impressions The two authors, Will Gragido and John Pirc, are experienced cybersecurity professionals, and it is clear that they know what they are talking about but the book is a bit disorganized in terms of who the target audience is. The content is a mix of introductory and advanced material. However, I did not see that the book had a through line. The authors analysis of the cybercrime world is at the introductory level. If you want a more in-depth book on the same topic that was published around the same time, consider Kingpin, written by Kevin Poulsen. 3 If you are looking for something a little more recent, consider Spam Nation by Brian Krebs. 4 The espionage material is more advanced, but if you want to go deeper, consider Kim Zetter s Countdown to Zero Day 5 or Richard Bejtlich s The Practice of Network Security Monitoring. 6 I do give the Gragido and Pirc credit though for covering some advanced ideas ahead of their time that have not really become popular until just recently. One idea that I really like is that commercial organizations should build their own intelligence teams to track adversary campaigns. They published the book almost five years ago, and this was not universally accepted at the time. It is not universally accepted today either, but more and more organizations are starting to understand the value of such teams. As an aside, this is one of the reasons I got hired at Palo Alto Networks to build an intelligence team that we eventually called Unit 42. Gragido and Pirc push their own intelligence model called MOSAIC Motive, Awareness, Open Source Intelligence Collection, Study, Asymmetrical Intelligence Correlation, Intelligence Review and Interrogation and Confluence. It is a good framework for an intelligence analyst unfortunately, the model has not really caught on. Most intelligence organizations the CIA, the FBI, and the NSA, as well as Unit 42 use a model called The Intelligence Cycle. 7 8 They are basically the same thing, but the MOSAIC model has more detail. The authors introduce a new phrase called Subversive Multivector Threats SMTs , a sort of superset to what the cybersecurity community used to call the Advanced Persistent Threat APT . They even explain the origin of the APT phrase, a phrase the military had been using for almost a decade in an UNCLASSIFIED setting to mean anything that involved Chinese government-sanctioned cyber espionage. Gragido and Pirc were ahead of their time, understanding that the community needed another name to label similar attacks that did not originate from China. Thus, they came up with SMTs, but the community has not embraced that term. We have evolved the APT phrase to include everything instead. Another advanced idea presented that I really liked was the concept that there are humans behind these attacks. Tools do not attack our systems. Humans often organized into groups attack our systems, and they use tools to accomplish some goal. These adversary groups can be rated in skill level from novice to expert and have motivations like cybercrime and cyber espionage and it helps defenders do a better job by understanding that context, according to the authors. I wholeheartedly agree. But today, I think we can expand that motivation list to include hacktivism, cyberterrorism and cyberwarfare, and I thought their definitions of hackers maturity levels were not definitive enough to be useful. Also, Gragido and Pirc introduce a two-tiered categorization scheme for adversary campaigns, where Tier 1 campaigns target air-gapped networks or networks that would be considered highly secured, such as those of power companies supervisory control and data acquisition or SCADA networks , governments, and defense organizations. 9 Tier 2 adversary campaign plans are all other APT campaigns. This two-tiered system seems ill-conceived today. The security community considers SCADA networks in general, and power companies in particular, as being at least 10 years behind the rest of the community 10 . And government networks have proven to be even less secure than most commercial organizations, except for maybe the intelligence community s networks and some select defense networks. 11 I do not see a need for this two-tiered system in today s threat environment. One last advanced idea that I really liked was that threat prevention is possible. There has been a trend in the industry these past five years where security leaders have thrown their hands in the air saying they cannot possibly stop the APT, and that it is better to concentrate their precious resources solely on detection and mitigation. This is just plain wrong, and Gragido and Pirc do well to point that out. If I can prevent 90 percent of all attack campaigns because most adversaries use known techniques, why not do it That lets me concentrate my resources on finding the unknown techniques. Detection and mitigation is important, but these activities should be balanced with a robust threat prevention program. Even in 2011, Gragido and Pirc asserted this philosophy. Conclusion Cybercrime and Espionage is a book that was ahead of its time. I give the authors credit for pushing the envelope as to how the security community s thinking around advanced threats should evolve. If you read it when it was published, it would have stimulated your thought process around your own security program. But almost five years later, there is not enough in here to make the book Canon material. Gragido and Pirc present some stimulating ideas, but in the end, the security community has not adopted many of them. My recommendation is to read this book if you are interested in how our community has evolved in terms of thinking about adversary campaigns. However, if you are looking for a state-of-the-art book about cybercrime and cyber espionage that will stand the test of time, this is not it. Sources 1 Google Hack Attack Was Ultra Sophisticated, New Details Show, by KIM ZETTER, Wired Magazine, 14 January 2010, Last Visited 5 July 2015,http www.wired.com 2010 01 operation-aurora 2 Google Aurora Hack Was Chinese Counterespionage Operation, by Mathew J. Schwartz, Information Week Dark reading, 21 May 2013, Last Visited 5 July 2015http www.darkreading.com attacks-and-breaches google-aurora-hack-was-chinese-counterespionage-operation d d-id 1110060 3 The Cybersecurity Canon Kingpin, by Rick Howard, Palo Alto Networks, 11 February 2014, Last Visited 9 July 2015,http researchcenter.paloaltonetworks.com 2014 02 cybersecurity-canon-kingpin 4 The Cybersecurity Canon Read Rick Howard s First-Look Review of SPAM Nation by Brian Krebs, by Rick Howard, Palo Alto Networks, 17 November 2014, Last Visited 9 July 2015,http researchcenter.paloaltonetworks.com 2014 11 cybersecurity-canon-rick-howard-reviews-brian-krebs-spam-nation 5 The Cybersecurity Canon Countdown to Zero Day Stuxnet and the Launch of the World s First Digital Weapon, by Rick Howard, Palo Alto Networks, 28 January 2015, Last Visited 9 July 2015http researchcenter.paloaltonetworks.com 2015 01 cybersecurity-canon-countdown-zero-day-stuxnet-launch-worlds-first-digital-weapon 6 The Cybersecurity Canon The Practice of Network Security Monitoring, by Rick Howard, Palo Alto Networks, 10 November 2014, Last Visited 9 July 2015,http researchcenter.paloaltonetworks.com 2014 11 cybersecurity-canon-practice-network-security-monitoring 7 The Intelligence Cycle, Central Intelligence Agency Kids Zone, Last Visited 9 July 2015,https www.cia.gov kids-page 6-12th-grade who-we-are-what-we-do the-intelligence-cycle.html 8 The Intelligence Cycle, Federation of American Scientists, Last Visited 9 July 2015http fas.org irp cia product facttell intcycle.htm 9 Cyber Crime and Espionage An Analysis of Subversive Multi-Vector Threats, by Will Gragido John Pirc, Syngres Publishing, 7 January 2011, Last Visited 10 July 2015https www.goodreads.com book show 10651366-cyber-crime-and-espionage ac 1 10 SCADA systems Riddled with vulnerabilities by Doug Drinkwater, SC Magazine, 26 August 2014, Last Visited 10 July 2015,http www.scmagazineuk.com scada-systems-riddled-with-vulnerabilities article 368094 11 4 Worst Government Data Breaches Of 2014, by Jai Vijayan, InformationWeek Government, 12 November 2014, Last Visited 10 July 2015http www.informationweek.com government cybersecurity 4-worst-government-data-breaches-of-2014 d d-id 1318061 References APT1 Three Months Later Significantly Impacted, Though Active Rebuilding, by Dan Mcwhorter 21 May 21 2013, Last Visited 9 July 2015https www.mandiant.com blog apt1-months-significantly-impacted-active-rebuilding EU Data Protection Directive Directive 95 46 EC , by TechTarget, Last Visited 10 July 2015,http searchsecurity.techtarget.co.uk definition EU-Data-Protection-Directive Internet Crime Complaint Center IC3 , The Federal Bureau of Investigation FBI and the National White Collar Crime Center NW3C , Last Visited 5 July 2015http www.ic3.gov media annualreports.aspx SAFE HARBOR PRIVACY PRINCIPLES, by export.gov, Last Visited 10 July 2015,http www.export.gov safeharbor eu eg_main_018475.asp

Les mots clés de la revue de presse pour cet article : cybercrime
Les videos sur SecuObs pour les mots clés : cybercrime



AddThis Social Bookmark Widget



Les derniers articles du site "Security Bloggers Network" :

- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry
- Spotify denies hack users subjected to weird music beg to differ
- The Dangerous Game of DNS
- Threat Recap Week of April 22nd
- Is your security appliance actually FIPS validated
- Deploying SAST Static Application Security Testing




S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]



Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :