The document discusses strategies for cybersecurity defenses against attacks. It notes that while attackers may seem powerful, they are actually constrained by resources and need vulnerabilities to exploit. It recommends techniques like hardening systems, applying patches, minimizing exposed software, using endpoint detection systems, and pretending to be in a malware analysis environment to discourage attacks. The overall message is that simple changes can make a system much harder to attack than the typical unmodified configuration that attackers rely on.
5. InstallMalware
In order to persist, the attacker needs
To drop a malware and run it
Thus he needs a write access
And ability to execute dropped files
The location needs to be writable by
normal user, but still one that user
does not pay attention to
%TEMP%
C:usersUSER (%userprofile%)
C:usersUSERAppDataRoaming
(%appdata%)
C:usersUSERAppDataLocalLow
C:ProgramData
C:Program Files
C:, D:, E:, F:, etc root of any drive
this will stop autorun worms
c:UsersUSERAppDataRoaming
MicrosoftWindowsStart MenuStartup
c:$Recycle.Bin
C:recovery
17. THANK YOU FOR YOUR
PARTICIPATION!
17
STAY TUNED FOR THE FUTURE CYBER SECURITY WEBINAR SERIES:
21 September 2015 at 11.00 EET: “Defending servers”
15 October 2015 at 11.00 EET: “Defending network”
9 November 2015 at 11.00 EET: “Responding to an incident”
3 December 2015 at 11.00 EET: “Building secure systems”
The Recording will be available at the BUSINESS SECURITY INSIDER
https://business.f-secure.com