Archive for the ‘Cyberwar & Cyberdefense’ Category

Cyber Protector 2014 tests the Hellenic Incident Response Teams’ efforts during simultaneous real time and live cyber attacks

Friday, March 21st, 2014

Cyber Protector is a hands-on, technical cyber defence exercise, based on real-time attack and defend scenarios, in which the Hellenic National Defence General Staff –HNDGS- and 6 other Cyber Incident Response Teams were involved during 2 days starting on 18 March 2014.

Cyber Protector 2014 service consists of a live technical Blue/Red Team Cyber Defence Exercise (CDX) where participants have to defend pre-built networks consisting of a number of virtual machines against the sophisticated, high-level, real-time, Red Team’s attacks. The attacks come in many forms, replicating those seen in the “cyber-wild” today and include targeted attacks, social engineering, insider threats, denial of service, zero-day exploits and custom built malware.

The aim was to provide new and unique opportunities to Cyber Security Teams to be “trained as they fight’’ and to get acquainted with the latest cyber attacks and best cyber defence practices, techniques and tactics. This allows security teams to develop processes, procedures and a dynamic strategy to defend their infrastructure and assets against ‘real’ cyber attacks. It also allows them, through ‘lessons-learnt’, to increase their security posture and implement better security solutions on their operational environments, based on tested methods and configurations.

The result of this unique opportunity for the players was a success and demonstrated the need for technical and hands-on exercises such as Cyber Protector 2014,  to allow the  participants to increase their incindent response capabilities and their technical skills. It provides the participants with the ability to assess their current security controls, and to sharpen their cyber defenders in identifying, defending and responding to cyber attacks.

It was the first time that Democritus University of Thrace participated in such a high level Cyber Defence Exercise. We were exposed to a series of highly sophisticated, real-time cyber attacks and this gave us a unique opportunity to test our capabilities and skills and also to get trained on cyber defence best practices.

Cyber Protector 2014-A was a tremendous success for all participants, delivering outstanding results and lessons learnt from the effective collaboration between private, academia and public sector which is of a paramount importance for a successful Cyber Defence Policy.

For more information visit https://cyberprotector2014.com

 

Our team during the 3rd National Cyberdefense Exercise

Thursday, January 24th, 2013

Many thanks to all members for making this exercise interesting, challenging and fun!

Looking forward to future tasks!

The top three important actions to securing your systems

Sunday, January 6th, 2013

The top three most important actions to secure your systems seem to be the following:

1. Update

2. Update

3. Update

And by update I mean *everything*, not just AVs (which seem to have a limited effect nowadays according to this study), but also software patches, latest versions and of course IT skills of every computer user within the organisation. Here is another post on the recent zero day on IE.

yahoo pwned

Thursday, July 12th, 2012

Title says all. 400K accounts compromised. The attack vector involved the good old sql injection. If you have a yahoo account and waiting for that excuse to migrate to gmail, hold your horses; “all eggs in one basket” is not the best solution. Again, it is a matter of processes in place, trust no one, change passwords frequently (if you can), but also consult services like pwnedlist.con to see if your account was disclosed or leaked. No hope. More info here.

DDoS evolved

Monday, April 23rd, 2012

One thing Anonymous did was to bring DDoS to the masses. And by “masses” we mean real people, not ZeuS drones. This is what makes it probably more dangerous and unpredictive than bot DDoS type of attacks. It is really difficult to construct a black list and track down human activity, as opposed to maintaining IP track records of the dangerous and sophisticated bots (see for example www.abuse.ch), which may have its challenges, but nevertheless it is an FSM at the very end.

Not surprisingly, the tools used for the attacks have a web specialization. Our businesses and life run on HTTP(s) and as such attacking web services is ever so appealing. LOIC, HOIC and Slowloris are the typical weapons, as they are extremely effective and require basic computer literacy skills (in fact all you need is to be able to switch on your computer!).

 

cold war – the cyberspace edition

Thursday, March 8th, 2012

Yesterday a number of sites posted rather interesting news: Hector Xavier Monsegur (a.k.a. Sabu) was co-operating with the FBI. Sabu was arrested by the Police after a tiny slip of the mouse; he went on an IRC channel without using anonymization technologies such as Tor.

Now we can argue that Sabu is an individual with advanced hacking skills, but a human error led to his discovery. His security failed solely due to his negligence. If a computer expert like Sabu makes a mistake and pays for it, what can we deduce for all those admins out there who are not security sensitive?

An interesting article is published here.

SOPA & PIPA: In case of DNS takedown…

Sunday, January 22nd, 2012

click here

Tool of the month – Armitage

Thursday, September 22nd, 2011

Armitage is certainly an important add-on to the latest version (4.0) of the popular Metasploit Framework (MSF). MSF is too good for its own good, but it is so difficult to find the right components in the jungle of exploits and payloads. Armitage is a nice frontend trying to restore the order from the organised chaos in MSF. Perhaps the MSF developers should collaborate with Apple’s user experience team :-)

Stuxnet for dummies

Monday, June 20th, 2011

A neat little video outlining Stuxnet’s modus operandi:

Stuxnet: Anatomy of a Computer Virus from Patrick Clair on Vimeo.

Pulling the plug on Egypt

Sunday, January 30th, 2011

It seems that by cutting a country off from Internet access is not that bad after all!?!

May I remind you that USA is the top spam relaying country ;-)


Copyright © 2017 Information Security and Incident Response Research Unit. All Rights Reserved.
No computers were harmed in the 0.304 seconds it took to produce this page.

Designed/Developed by Lloyd Armbrust & hot, fresh, coffee.