Welcome to SecurityDocs

A collection of 8,050 IT security white papers, carefully curated by professionals like yourself

Sebek 3: tracking the attackers, part two

by Raul Siles, GSE

In part one of this series, we discussed the current Sebek development and its integration with GenIII Honeynets. In this article, we take it a step further and focus on best practices to deploy Sebek inside a GenIII Honeynet, as well as the new Sebek "write" patch. This patch is a cutting edge improvement that makes it possible for a security professional to watch all the attacker's activities in real time, in a similar way that one records his family's evolutions with the video camera.

Sept. 25, 2017 1 comment Symantec

Sebek 3: tracking the attackers, part one

by Raul Siles, GSE

It has become increasingly important for security professionals to deploy new detection mechanisms to track and capture an attacker's activities. Third Generation (GenIII) Honeynets provide all the components and tools required to gather this information at the deepest level. Sebek is the primary data capture tool for GenIII Honeynets. The first of this two-part series will discuss what Sebek is and what makes it so interesting. We'll start by looking at the latest Sebek release, version 3...

Sept. 25, 2017 1 comment Symantec

Lifecycle of a Phone Fraudster: Exposing Fraud Activity From Reconnaissance to Takeover Using Graph Analysis and Acoustical Anomalies

by Vijay Balasubramaniyan, Raj Bandyopadhyay, Telvis Calhoun

Enterprises are vulnerable to "human hacking," the effective social engineering of employees, contractors, and other trusted persons. In particular, financial institutions have seen a significant increase in account takeover attacks over the phone by sophisticated fraudsters socially engineering call center agents. The customer information required is often obtained by gathering intelligence through reconnaissance, probing systems or humans. In this talk, we will show how to detect both the a...

Sept. 21, 2017 0 comments www.blackhat.com Pen Testing & Audits

An Ace up the Sleeve: Designing Active Directory DACL Backdoors

by Andy Robbins, Will Schroeder

Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders alike. The control relationships between AD objects align perfectly with the "attackers think in graphs" philosophy and expose an entire class of previously unseen control edges, dramatically expanding the number of paths to complete domain compromise.

Sept. 12, 2017 1 comment www.blackhat.com

The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare

by Terrence OConnor

We live in an era where a single soldier can digitally leak thousands of classified documents (possibly changing the course of war), attackers can compromise unmanned drone control software and intercept unencrypted video feeds, and recreational hackers can steal and release personal information from members of cyber think-tanks. (McCullagh, 2009) (Finkle, 2011) Our inability to defend ourselves against the onslaught of such attacks constantly reminds us of the bureaucracy that comes with lar...

Sept. 1, 2017 0 comments SANS Institute

Implementing Active Defense Systems on Private Networks

by Josh Johnson

Adversaries are using clientBside attacks and malware to bypass traditional perimeter defenses and establish footholds on internal networks. Preventive controls are failing to keep attackers out of private networks, and media outlets publicize another breach at a major organization on an almost regular basis. More needs to be done in order to identify and slow down attackers who have established pivot points into private networks before data exfiltration occurs. Active defense systems im...

Sept. 1, 2017 0 comments SANS Institute Detection & Response

Home Field Advantage: Employing Active Detection Techniques

by Benjamin Jackson

The defensive measures used today by most enterprises have been repeatedly proven ineffective by adversaries who are actively attempting to bypass them. A shift from simply responding to alerts to employing more active techniques for intrusion detection is needed. This paper will discuss methods to detect intruders via tools such as internally facing honeypots, darknets, and other electronic booby traps

Sept. 1, 2017 0 comments SANS Institute Detection & Response

Catching Flies: A Guide to the Various Flavors of Honeypots

by Scott Smith

While the concept of baiting adversaries in order to monitor their activities is nothing new, honeypotting has evolved into a critical tool in information security analysis. Recent years have given rise to advances in the detection of network intrusions such as honeynets, honeytokens and adaptive honeypots. This paper will explore modern applications, as well as the legal and technical considerations behind emerging honeypot solutions in the dynamic blockage of emerging attack vectors and the...

Sept. 1, 2017 0 comments SANS Institute Detection & Response

LaBrea - A New Approach to Securing Our Networks

by Leigh Haig

This paper has been written to illustrate two of the things that are overlooked with most levels of security implemented to provide a depth of defense: what is happening to the IP addresses on the network that are not being used, and how can these be used to tighten security? If available IP addresses could be used to hold spreading worms or probing systems, then there would be a tangible benefit.

Sept. 1, 2017 0 comments SANS Institute

Honey Pots and Honey Nets - Security through Deception

by William Martin

This article describes a security tool and concept known as a Honey Pot and Honeynet. What makes this security tool different is that Honey Pots and Honeynets are digital network bait, and through deception, they are designed to actually attract intruders.

Sept. 1, 2017 0 comments SANS Institute

Anti-Hacking: The Protection of Computers

by Chadd Schlotter

In the Computer Security industry, there are many solutions available to help combat cyber crime. Firewalls and Intrusion Detection systems are in place across the Internet to help protect more networks than ever before. Teams at software corporations work diligently on creating patches for known vulnerabilities, yet everyday the number of computers that are compromised increases. It seems like almost every week a big Internet or software company has a security incident, so what does this ...

Sept. 1, 2017 0 comments SANS Institute Detection & Response


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.