Shellcode Analysis Lab (1)

pdf

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

320

Subject

Computer Science

Date

Dec 6, 2023

Type

pdf

Pages

8

Uploaded by BailiffKnowledge19216

Report
1 Shellcode Analysis Lab Adrian Andrade Grand Canyon University CYB-320 Mike Manrod Due April 30, 2023
2 Certutil https://lolbas-project.github.io/lolbas/Binaries/Certutil/ Screenshots:
3 What is the intended purpose of the windows binary? The intended purpose of the windows binary is to handle certificates How can it be useful to an attacker - what capability does it provide? This technique is useful for an attacker if they desire to gain certificates, or the ability to manipulate them. Especially if the attacker is fond of using “Man -in-the-Middle" attacks, where digital certificates are required over secure connections. Thus, in retrospect, it gives attackers the capability of tricking users into thinking they are someone else (through trusted certificates). What MITRE ATT&CK technique does the LOLBAS technique you used enable? This technique uses Ingress Tool Transfer. Does the LOLBAS project define any detection rules for this technique? (screen shot)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 Yes, there are detection rules. One is that Certutil.exe creating new files on disk. This can be seen as a sign of suspicious. Another is the existence of “Useragent Microsoft - CyrptoAPI/10.0”. This can also be a sign of suspicion, or detection. What tools and/or techniques would help to prevent or detect this tactic? One way is through using strong detection and prevention services or systems. This can prevent certutil from gaining hold of the system, and wrecking havoc. CMD https://lolbas-project.github.io/lolbas/Binaries/Cmd/ Screenshots:
5
6 What is the intended purpose of the windows binary? The intended purpose is to act as a command-line interpreter for windows. How can it be useful to an attacker - what capability does it provide? As the name suggests, it allows a user to understand what certain command might accomplish. It’s for attackers that aren’t completely aware what a certain command might do. And wielding that information, can allow that attacker to do harm to the system. It also provides the capability of setting parameters for the environment. What MITRE ATT&CK technique does the LOLBAS technique you used enable? I believe this uses NTFS File Attributes. Does the LOLBAS project define any detection rules for this technique? (screen shot) Yes, there are sign of detection. One is cdm.exe executing files from alternate data streams. Another is cdm.exe creating/modifying file contents in an alternate data stream. What tools and/or techniques would help to prevent or detect this tactic? One way is to restrict the command line interface to unauthorized users. Explorer https://lolbas-project.github.io/lolbas/Binaries/Explorer/ Screenshots:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7 What is the intended purpose of the windows binary? The intended purpose is to manage files and system components within Windows. How can it be useful to an attacker - what capability does it provide? It’s useful for an attacker who want's to significantly slow a system down. Explorer.exe is known for slowing processes down to a grinding halt. It also provides an attacker to break the process tree, which is often used for defense evasion. What MITRE ATT&CK technique does the LOLBAS technique you used enable? It used indirect command execution. Does the LOLBAS project define any detection rules for this technique? (screen shot)
8 Yes, there is one sign of detection. The sign of detection is when multiple instances of explorer.exe or explorer.exe using the /root command line is suspicious. What tools and/or techniques would help to prevent or detect this tactic? One way of preventing this is to restrict access of root (because this tactic relies heavily on using root privileges), and of course, restricting access to the command line, or prompt.

Related Documents

ilovepdf_merged (3).pdf
CSCE_3730_F23_HW5.pdf
cookiequiz.pdf
Lab 4 - Logic Gates.pdf
Quiz 1 Solution-F22.pdf
Anti-Reverse Engineering Lab Assignment.docx
uopeople-cs-3303-data-structures-graded-quiz-unit-5.pdf
Document (21).docx-7.pdf
uopeople-cs-3303-data-structures-review-quiz-unit-9.pdf
Module 3 Challenge.docx
HW4.pdf
uopeople-cs2114-data-structure-final-exam.pdf
Recommended textbooks for you
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
CompTIA Linux+ Guide to Linux Certification (Mind...
Computer Science
ISBN:9781305107168
Author:Jason Eckert
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
CompTIA Linux+ Guide to Linux Certification (Mind...
Computer Science
ISBN:9781305107168
Author:Jason Eckert
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS