Daniel Fraunholz, Daniel Schneider, J. Zemitis, H. Schotten
{"title":"黑客我的公司:云环境中开发后行为和横向移动的实证评估","authors":"Daniel Fraunholz, Daniel Schneider, J. Zemitis, H. Schotten","doi":"10.1145/3277570.3277573","DOIUrl":null,"url":null,"abstract":"Cloud infrastructures and services are of essential importance for enterprise operations. They form a central point for data storage, processing and exchange. Their information security properties are strongly associated with the protection of the most confidential and important data of enterprises. In this work a credential leak on different platforms is simulated, revealing authentication information for several accounts on a cloud application service. Each account associated with the leaks provides more authentication information for further infrastructures such as an e-mail server, an industrial control system and an enterprise-related streaming server. Additionally, a homepage was launched with information on the fictitious persons associated with the leaked accounts. Interaction with those servers is closely monitored. It was found that around one third of all trespassers conducted lateral movement and successful authentications frequently result in system enumeration and file operations.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"19 18","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Hack My Company: An Empirical Assessment of Post-exploitation Behavior and Lateral Movement in Cloud Environments\",\"authors\":\"Daniel Fraunholz, Daniel Schneider, J. Zemitis, H. Schotten\",\"doi\":\"10.1145/3277570.3277573\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud infrastructures and services are of essential importance for enterprise operations. They form a central point for data storage, processing and exchange. Their information security properties are strongly associated with the protection of the most confidential and important data of enterprises. In this work a credential leak on different platforms is simulated, revealing authentication information for several accounts on a cloud application service. Each account associated with the leaks provides more authentication information for further infrastructures such as an e-mail server, an industrial control system and an enterprise-related streaming server. Additionally, a homepage was launched with information on the fictitious persons associated with the leaked accounts. Interaction with those servers is closely monitored. It was found that around one third of all trespassers conducted lateral movement and successful authentications frequently result in system enumeration and file operations.\",\"PeriodicalId\":164597,\"journal\":{\"name\":\"Proceedings of the Central European Cybersecurity Conference 2018\",\"volume\":\"19 18\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Central European Cybersecurity Conference 2018\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3277570.3277573\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Central European Cybersecurity Conference 2018","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3277570.3277573","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Hack My Company: An Empirical Assessment of Post-exploitation Behavior and Lateral Movement in Cloud Environments
Cloud infrastructures and services are of essential importance for enterprise operations. They form a central point for data storage, processing and exchange. Their information security properties are strongly associated with the protection of the most confidential and important data of enterprises. In this work a credential leak on different platforms is simulated, revealing authentication information for several accounts on a cloud application service. Each account associated with the leaks provides more authentication information for further infrastructures such as an e-mail server, an industrial control system and an enterprise-related streaming server. Additionally, a homepage was launched with information on the fictitious persons associated with the leaked accounts. Interaction with those servers is closely monitored. It was found that around one third of all trespassers conducted lateral movement and successful authentications frequently result in system enumeration and file operations.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
