Week 4: [Exploit] Web Server / Owasp Top 10
Building on our knowledge of the Stuxnet attack we’ll look at how the cross-pollination of technology between critical infrastructure domains also allows for the reuse of cyber security threat vectors.
In 2011 a water treatment in Illinois was attacked 1. The attack was traced back to Russia.
Analyzing the 5 Ws
- Why: Foreign entities sending a message.
- Who: Russia.
- What: Pump failure.
- When: One year after the Stuxnet attack.
- Where: Illinois. The message being sent is this -> Stuxnet taught the world that cyber weapons can cause kinetic effect and America is vulnerable to it’s own tradecraft being used against it.
- How: In this attack the how is different. Though we can see that in a broad sense it’s the only part of the kill chain that is.
- Review all concepts and tools covered.
- Cover OWASP Top 10.
- Practice with a new scenario.
Intentionally Vulnerable Web Apps Owasp Top 10
- Cyber Killchain
- Open Source Intelligence Tools
- Social Engineering
- Scanning and Enummeration
- Payload Delivery
We are a state sponsored actor. We plan on testing water treatment facility security in the US after noticing the effectiveness of a cyber security attack against Dominion Power in Richmond, Virginia. Our goal is to conduct our research on a real target and make it look as if it was conducted by the same hacktivst group which attacked Dominion Power.