Hybrid Kill Chain & Attack Methodology

December 3, 2017May 12, 2024 / Miguel Bigueur / Leave a comment

Report by Miguel Bigueur & Les Davis

Figure 1. Anatomy of a URL and Web Server Architecture.

The intent to manipulate URL inputs is a method of infiltration utilized by criminals as a means of legitimacy. The goal here is to masquerade as legitimate traffic in an effort to penetrate firewalls uninhibited, while bypassing all pre-established defense mechanisms. Once this is achieved, an attacker is afforded the opportunity to escalate privileges with an opportunity to engage in lateral movements.

A few tools that can be used to help discover vulnerabilities in web and mail servers include: Continue reading →

Vulnerability & Patch Management Process

December 24, 2016December 16, 2017 / Miguel Bigueur / Leave a comment

1. Introduction

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)[1]

It is essential, in today’s society, for businesses to have an online presence in order to be fully capable of engaging in e-commerce and stay competitive. As a result, it’s imperative that businesses protect their data and put IT security at the forefront of everything they do online and off. With the advancement of new technologies comes opportunities for businesses to fall victim to scams through various attack vectors some of the most popular being social engineering and online computer network infiltrations. Continue reading →