Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online
Authors: Sean Bodmer
Tags: #General, #security, #Computers
profiling
research-based honeynets
researchers
research/technology protection
resilience provider
resources
attack attribution
described
legal
measuring for attackers
profiling
used for deception
Ressler, Robert
resurrectors
Retina tool
retrospective profiling
return on investment (ROI)
risk assessment
risk tolerance
Robtex website
Rogers, Marcus
rogue AV-based products
ROI (return on investment)
Rootkit.com
website
Rossmo, Kim
routers
RSA breach
RSA Corp.
RSYNC (remote synchronization)
ruses
Russia
Russian Business Network (RBN)
Russian counterintelligence
Russian hacking gangs
Russian Maskirovka deception
S
salience
SALUTE (Size, Activity, Location, Unit, Time Equipment)
SandBox Analyzer Pro
sandboxes
Savid Corporation
SCADA (supervisory control and data acquisition) systems
Schwarzkoph, Norman (General)
Second Life
Secure Shell (SSH)
Secure Sockets Layer (SSL)
Securelist website
SecurID technology
security.
See also
computer security
acquisition
host/server
importance of
improving for networks
OPSEC
passwords.
See
passwords
physical
public data sources/forums
security management tools
security researchers
semiotics
sensory components
“Sequencing Rule”
server/host vulnerability tools
servers
CnC back-end
Shadowserver
vulnerability tools
Service Set Identification (SSID)
Service-Level Agreement (SLA)
session laws
Shadowserver data repository
Shannon, Claude
Shaw, Eric
shortened URLs
Sinowal Trojan
SIPRNET
Size, Activity, Location, Unit, Time Equipment (SALUTE)
skill level
skills/methods
SLA (Service-Level Agreement)
The Sleuth Kit
Smith, Joe
social communications/connections
social engineering
considerations
described
example of
success of
social networks
attacking via
described
example of
as profiling tool
terms-of-service agreements
utilizing
social psychology
software suites
spear phishing
Spectrum tool
SpyEye botnet
SpyEye Tracker
spying.
See
espionage SQL injection
SSCT (state-sponsored cyber threat)
SSH (Secure Shell)
SSID (Service Set Identification)
SSL (Secure Sockets Layer)
SSR (System Security Readiness)
Stakkato APT
state-sponsored cyber threat (SSCT)
statistical models
status
statutes.
See also
legal issues
statutory schemes
Stormworm APT
Stormworm botnet
Strings tool
Stuxnet APT
subleasing
supervisory control and data acquisition
(SCADA) systems
surveillance
Symantec
Symantec Endpoint Protection tool
symbols
System Security Readiness (SSR)
T
tactics.
See also
tools considerations
tactics vector
tailored valid services
Tall Tale (malware)
Tall Tale 1
Tall Tale 2
Tall Tale 3
Tall Tale 4
targeted attacks
cost of
opportunistic turned targeted
overview
scenario
types of organizations
targeted subleasing
taxonomies
TDL Gang
Team Cymru website
teams, criminal
TeamViewer
techcrafters
technology dimension
temporal vector
terminology
terrorists
9/11
attack
domestic
group culture
Total Information Awareness
Teten, Howard
THC-Hydra tool
Threat Management System
ThreatExpert website
threats.
See also
attacks; tradecraft
academic research abuse
actionable intelligence
advanced persistent threats.
See
APTs
analyzing
application vulnerability scenario
botnets.
See
botnets
categories
circles of trust
conclusion
countering
criminal teams
criminal tools/techniques
cyber threat acquisition
determining severity of
distinguishing between
distinguishing objectives
“end game”
engagement tactics
evaluating success in mitigating
evolution of vectors
hacking back
infiltration response planning
knowledge source
persistent
postmortems
questions to ask
skills/methods
tailored valid services
targeted attack scenario
“whack and tag a mole”
thumb drives
TIA (Total Information Awareness)
time vector
time zones
timeliness
Tital Rain APT