PWNJUTSU: A Dataset and a Semantics-Driven Approach to Retrace Attack Campaigns

Berady, Aimad; Jaume, Mathieu; Tông, Valérie Viêt Triêm; Guette, Gilles

doi:10.1109/tnsm.2022.3183476

Cited by 7 publications

(1 citation statement)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An attack position is a pair (machine, user). This term of attack position was originally proposed in [12] and simply refers to an attacker who has compromised a user account on a machine. The propagation space of an attacker is the set of machines and accounts that he is able to discover and control during the propagation phase.…”

Section: Modeling Paths In a Compromised Networkmentioning

confidence: 99%

Unveiling Stealth Attack Paths in Windows Environments Using AWARE

Poisson,

Tong,

Guette

et al. 2023

2023 7th Cyber Security in Networking Conference (CSNet)

Self Cite

View full text Add to dashboard Cite

When an attacker targets a system, he aims to remain undetected as long as possible. He must therefore avoid performing actions that are characteristic of an identified malicious behavior. One way to avoid detection is to only perform actions on the system that appear legitimate. That is, actions that are allowed because of the system configuration or actions that are possible by diverting the use of legitimate services. This article presents and experiments AWARE (Attacks in Windows Architectures REvealed), a defensive tool able to query a Windows system and build a directed graph highlighting possible stealthily attack paths that an attacker could use during the propagation phase of an attack campaign. These attack paths only rely on legitimate system actions and the use of Living-Off-The-Land binaries. AWARE also proposes a range of corrective measures to prevent these attack paths.

show abstract

Section: Modeling Paths In a Compromised Networkmentioning

confidence: 99%