Welcome to SpywareHammer! FREE expert Staff online help for malware and other computer problems.
0 Members and 1 Guest are viewing this topic.
SANS: Top Cyber Security Risks, September 2009Two risks dwarf all others, but organizations fail to mitigate themFeaturing attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.ContentsExecutive summaryOverviewVulnerability exploitation trends Application vulnerabilities exceed OS vulnerabilities Web application attacks Windows: Conficker/Downadup Apple: QuickTime and six moreOrigin and destination analysis for four key attacksApplication patching is much slower than operating system patchingTutorial: Real-life HTTP client-side exploitation example Step 0: Attacker places content on trusted site Step 1: Client-side exploitation Step 2: Establish reverse shell backdoor using HTTPS Steps 3 and 4: Dump hashes and use pass-the-hash attack to pivot Step 5: Pass the hash to compromise domain controller Steps 6 and 7: ExfiltrationZero-day vulnerability trendsBest practices in mitigation and control of the top risks Critical Controls - As Applied to HTTP Server Threats More....
