Advanced Persistent Threat Hacking
Chapter 3 Lecture By
Professor Henry A. McKelvey
What This is and Is Not
This is a lecture session
This is not a review of the PDF Slides
You are to read these (PDF Slides) in conjunction with your book
This is a chance to ask questions about the assignments and to understand what is required
This is not a chance to call your friends and family via the Internet
I require your full time and attention.
Objectives
How we handle data and information and why it is problematic
Be able to provide examples of threats
Determine the difference between nation and non-nation state threats
Know the difference between AHM and Penetration Testers
Describe the AHM components
Explain the hacker's thought process
List and describe the APT hacking core steps
Describe and explain the APT hacker attack phases
Limited data resources that leads to compromises
Not all compromises are discovered
Not all discoveries are reported
Not all the facts of any specific compromise are always uncovered
Some facts that are released might be misleading or even incorrect
Data and information are not disclosed in an open manner
See pages 30-31
How we handle data and information and why it is problematic
Examples of Threats
Techno-Criminals:
Skimmer Evolution
Skimmers are used by individuals who may not have technical ability but can gain access to machines.
See page 32-33
Hacking Power Systems
Smart-meter tampering
Power Jacking USB supplied Power Systems
Defeating physical controls
Unsophisticated Threat:
Hollywood Hacker
Unskilled but use complete immersion of technology against targets
Social Engineering tactics
Examples of Threats (Cont.)
Unsophisticated Threat: (Cont.)
Neighbor from Hell
WiFi Attacks, e-mail spoofing to others
Using attack methods to cast blame on others
See page 35-37 the Barry Ardolf Story
Smart Persistent Threats
Kevin Mitnick
Gaining Access to Computer Systems
Social Engineering
Using knowledge of the interaction of people and system
Nation-States vs. Non-nation States
Define Nation State:
A nation state is a geographical area that can be identified as deriving its political legitimacy from serving as a sovereign nation. A state is a political and geopolitical entity, while a nation is a cultural and ethnic one. (Political Definition)
Define Non-Nation State:
Is a nation in which there is a cultural diversity, and from this cultural diversity no one ethic group holds complete national autonomy. (Political Definition)
See pages 37 – 49
Stuxnet, Duqu, Flame (What are these?)
RSA Attack , MITM Attack, Carrier IQ Attack(What are These?)
What are AHM and PTM and how do they Differ
AHM = APT Hacker Methodology
A skill set that allows for big picture understanding of attacks and attack methods
A methodology that avoids segmentation of attack methods
PTM = Penetration Tester Methodology
A skill set that allows for convergent and directed understanding of attacks and attack methods
A methodology that’s seek to segment attack methods
What are AHM and PTM and how do they Differ (Cont)
Differences Between AHM and PTM | ||
PTM | Attributes | AHM |
Yes | Scope Limitations | No |
Yes | Time Limitations | No |
Yes | Customer Conscious | No |
Yes | Predetermined Immunity | No |
No | Concerned with anonymity | Yes |
No | Requires long term stealth | Yes |
No | Continous probing of target | Yes |
Pen Testing is not AHM |
The Components of AHM
The Elegance of Taking in the Big Picture
Seeing the forest instead of the trees
High Skill Level
Knowledge of what to do and why to do it
Preparation
Knowing what is needed to carry out a successful attack
Patience
Know how to take your time and collect proper data on an attack (Reconnaissance is the key)
The Components of AHM (Cont.)
Social Omniscience
Having knowledge of people and interpersonal reactions.
See page 58 for listing
Target Selectivity
Go for the weakest link
Careful attention to efficacy
Using the most efficient tool for the most efficient job
Exploitless Exploits
Using that which is, to your benefit (using the system’s tools against the system)
Knowing the value of information
Gathering data is the most important task
The AHM Thought Process
Think outside the box
Use unconventional thinking to obtain goals
See pages 61-65 (Examples)
Use Misdirection as a Tool
Companies use security as a misdirection, understand and adapt
Technology may hide weakness
Thinking Through Pain
The APT hacker will attempt to understand the incomprehensible
Avoids Tunnel Vision
Examines all avenues of possibilities
There are no rules in war
The APT Hacker will use any means necessary
Keep It Simple, Stupid (KISS)
Your attack should be simple avoid complications
Core Steps
I have to admit that for the most part I agree with what the author has said, and I have to congratulate him on separating Reconnaissance and Enumeration. The problem I have is the order of events.
Here is what he has:
Reconnaissance
Enumeration
Exploitation
Maintaining Access
Clean up
Progression
Exfiltration
I would swap Reconnaissance and Enumeration. I would like to know if something is worth the effort of recon.
APT Hacking Core Steps Listed
Enumeration (Using PING and Traceroute)
Reconnaissance (Using Nmap to test ports)
Exploitation (Launch attack based on systems with Vulnerabilities)
Maintaining Access (setting up and using back doors)
Clean up (Removing evidence of attack, log files and or tracking IDS,IPS software)
Progression (Attacking other systems from this system to set up ubiquitous gathering of data)
Exfiltration (retrieving gathered data)
APT hacker Attack Phases
Reconnaissance
Gather all information and data on a system
Spear Social Engineering
Manipulate persons who can be used for access
Remote and Wireless
Target remote users and wireless users to exploit wireless weaknesses
Hardware Spear-phishing
Use custom built devices to infiltrate buildings and locations
Physical infiltration
Target any place that the main target will or might locate to (hotel rooms, third party locations, etc…)
Basic Network
The fact is APTs are more advanced than the networks they are designed to attack. How would you attack this network, using the Thought processes, the core steps and the attack phases discussed?
Questions and Answers To be posted on the Discussion Portal
Feel free to ask questions, if not I have some questions for you.
What is the goal of Pen Testing vs APT Hacking ?
What problems would Pen Testers have when dealing with APT Hackers?
Pretend that your manager approaches you with the question “What is APT?” Could you explain it, and if so, how?
In your own words give me your opinion of this presentation?
This is “The End”
Microsoft Excel 2016 Chapter 8 – Lab Test A
Creating a PivotTable Report and PivotChart Report for an Annual Sales Workbook
Purpose: To demonstrate ability to create PivotTable and PivotChart reports in Excel 2016
Problem: You are working for an organic farming collective. You have been asked to create two PivotTables and corresponding PivotCharts from the annual sales worksheet for the collective. One PivotTable and PivotChart summarize the sales by farm. The other PivotTable and PivotChart summarize the dairy sales by month for the top dairy producer.
Instructions: Perform the following tasks:
1. Start Excel. Open the Excel Chapter 8 – Lab Test A – Data file from the Data Files provided in the location specified by your instructor. Save the wokbook using the file name, Lab Test A – Excel Chapter 8.
2. Create the PivotTable and associated PivotChart shown in Figure E8A – 1 in a separate sheet in the workbook. Name the worksheet Sales by Farm.
a. Change cell A4 to Farms and cell B3 to Stores. Apply the Pivot Style Light 18 style to the PivotTable. Format the values as Currency values with a dollar sign and no decimal places. Apply the Style 6 to the PivotChart.
3. Create a second PivotTable and associated PivotChart as shown in Figure E8A–2 in a separate sheet in the workbook. Name the worksheet Dairy Sales by Month.
4. Change cell A4 to Month and cell B3 to Farm. Apply the Pivot Style Light 18 style to the PivotTable. Format the values as Currency values with a dollar sign and no decimal places. Turn off the legend for the chart. Apply the Style 5 to the PivotChart.
a. Filter the product type by Dairy. Filter the farm to Red Earth.
b. Change the chart type to Line and then add a linear trendline that forecasts the trend for two more months.
c. Change the document properties as specified by your instructor. Change the Dairy Sales by Month worksheet header to include your name, course number, and other information as specified by your instructor. Print the worksheet.
5. Change the Sales by Farm worksheet header to include your name, course number, and other information as specified by your instructor. Print the worksheet, and then save the workbook.
6. Submit the assignment as requested by your instructor.
Figure E8A – 1
Figure E8A – 2
Page 2
Annual Sales
Cosgrove Organic Farming Collective Annual Sales | |||||
Month | Farm | Product Type | Store | Sales | |
1 | Paulson Family | Poultry | K&B Market | $15,645.00 | |
1 | Red Earth | Dairy | Midland Grocery | $33,888.00 | |
1 | Topville | Honey | Community Foods | $12,939.00 | |
2 | Paulson Family | Poultry | K&B Market | $20,392.00 | |
2 | Red Earth | Dairy | Midland Grocery | $33,331.00 | |
3 | Acherson Acres | Dairy | Good Earth | $16,340.00 | |
3 | Paulson Family | Poultry | K&B Market | $15,392.00 | |
3 | Red Earth | Dairy | Midland Grocery | $35,930.00 | |
4 | Acherson Acres | Dairy | Good Earth | $20,550.00 | |
4 | Hancock Creek Farm | Vegetables | K&B Market | $11,394.00 | |
4 | Paulson Family | Poultry | K&B Market | $27,593.00 | |
4 | Red Earth | Dairy | Midland Grocery | $36,939.00 | |
5 | Acherson Acres | Dairy | Good Earth | $17,439.00 | |
5 | Hancock Creek Farm | Vegetables | K&B Market | $10,110.00 | |
5 | Red Earth | Dairy | Midland Grocery | $29,878.00 | |
6 | Acherson Acres | Dairy | Good Earth | $29,083.00 | |
6 | Hancock Creek Farm | Vegetables | K&B Market | $20,893.00 | |
6 | Juniper Berry Farm | Fruit | Midland Grocery | $23,934.00 | |
6 | Red Earth | Dairy | Midland Grocery | $37,383.00 | |
6 | Topville | Honey | Community Foods | $15,383.00 | |
7 | Acherson Acres | Dairy | Good Earth | $17,432.00 | |
7 | Andover Farms | Vegetables | K&B Market | $20,668.00 | |
7 | Juniper Berry Farm | Fruit | Midland Grocery | $24,562.00 | |
7 | Paulson Family | Poultry | K&B Market | $15,677.00 | |
7 | Red Earth | Dairy | Midland Grocery | $27,844.00 | |
8 | Acherson Acres | Dairy | Good Earth | $17,562.00 | |
8 | Andover Farms | Vegetables | K&B Market | $20,673.00 | |
8 | Boehm & Family | Vegetables | Good Earth | $13,452.00 | |
8 | Dussel Brothers | Vegetables | Community Foods | $15,438.00 | |
8 | Hancock Creek Farm | Vegetables | K&B Market | $20,588.00 | |
8 | Mittel Swiss | Poultry | Good Earth | $24,582.00 | |
8 | Red Earth | Dairy | Midland Grocery | $36,544.00 | |
8 | Topville | Honey | Community Foods | $15,689.00 | |
9 | Acherson Acres | Dairy | Good Earth | $17,455.00 | |
9 | Andover Farms | Vegetables | K&B Market | $20,471.00 | |
9 | Boehm & Family | Vegetables | Good Earth | $14,012.00 | |
9 | Dussel Brothers | Vegetables | Community Foods | $15,563.00 | |
9 | Hancock Creek Farm | Vegetables | K&B Market | $20,491.00 | |
9 | Mittel Swiss | Poultry | Good Earth | $17,658.00 | |
9 | Red Earth | Dairy | Midland Grocery | $32,644.00 | |
9 | Topville | Honey | Community Foods | $15,732.00 | |
10 | Acherson Acres | Dairy | Good Earth | $17,435.00 | |
10 | Andover Farms | Vegetables | K&B Market | $20,771.00 | |
10 | Boehm & Family | Vegetables | Good Earth | $14,832.00 | |
10 | Dussel Brothers | Vegetables | Community Foods | $15,683.00 | |
10 | Hancock Creek Farm | Vegetables | K&B Market | $20,296.00 | |
10 | Mittel Swiss | Poultry | Good Earth | $17,622.00 | |
10 | Red Earth | Dairy | Midland Grocery | $32,128.00 | |
10 | Topville | Honey | Community Foods | $15,347.00 | |
11 | Acherson Acres | Dairy | Good Earth | $17,435.00 | |
11 | Andover Farms | Poultry | K&B Market | $22,771.00 | |
11 | Paulson Family | Poultry | Good Earth | $14,977.00 | |
11 | Paulson Family | Poultry | Community Foods | $25,683.00 | |
11 | Hancock Creek Farm | Fruit | K&B Market | $18,296.00 | |
11 | Mittel Swiss | Poultry | Good Earth | $17,622.00 | |
11 | Red Earth | Dairy | Midland Grocery | $32,128.00 | |
11 | Wild Tree Farm | Fruit | Community Foods | $15,347.00 | |
12 | Paulson Family | Dairy | Community Foods | $25,401.00 | |
12 | Red Earth | Dairy | Midland Grocery | $22,028.00 | |
12 | Wild Tree Farm | Fruit | Community Foods | $10,347.00 | |
Sheet2
Sheet3
"$133,364.00 ","$122,323.00 ","$149,312.00 ","$129,001.00 " "$122,408.00 ","$143,423.00 ","$231,688.00 ","$139,300.00 "
Sheet1
WeCare Home Solutions Branch Gross Sales | |||||
26-Jul-2013 | |||||
Furniture | Electronics | Kitchen | Bath | Total | |
In-Store | $2 | $4 | $6 | $8 | $20 |
Online | 1 | 2 | 3 | 4 | 10 |
Gross Sales | $3 | $6 | $9 | $12 | $30 |
Sheet2
Sheet3
Department |
In-Store |
Online |
Furniture |
$133,364 |
122,323 |
Electronics |
$122,408 |
143,423 |
Kitchen |
$181,780 |
184,011 |
Bath |
$110,328 |
102,289 |

Get help from top-rated tutors in any subject.
Efficiently complete your homework and academic assignments by getting help from the experts at homeworkarchive.com