Navegando por Assunto "Teste de invasão (Medidas de segurança para computadores)"

Agora exibindo 1 - 4 de 4

Detecção e modelagem de ameaças persistentes avançadas na fase de movimentação lateral: uma abordagem com process mining
(2025-03-20) Silva, Jonathas Felipe da; Lins, Fernando Antonio Aires; Lima, Milton Vinicius Morais de; http://lattes.cnpq.br/3409150377712315; http://lattes.cnpq.br/2475965771605110; http://lattes.cnpq.br/1017193816402551
A crescente ameaça de ataques cibernéticos complexos tem exigido estratégias avançadas de defesa, especialmente na detecção precoce de atividades suspeitas em redes comprometidas. Com isso, Ameaças Persistentes Avançadas (APTs) representam um desafio significativo para a segurança cibernética, caracterizando-se por ataques sofisticados e direcionados. Este trabalho tem como objetivo investigar a movimentação lateral dentro de redes comprometidas, utilizando mineração de processos para detectar padrões suspeitos de comportamento. Para isso, foi configurado um ambiente experimental com máquinas virtuais simulando um ataque APT. Logs do sistema e do Wazuh registraram as atividades, possibilitando a extração de eventos relevantes para o presente estudo. A metodologia consiste na coleta de dados em dois cenários: uso normal e ataque, seguida pela aplicação de algoritmos de Process Mining, como AlphaMiner, através da biblioteca pm4py. Com isso, foi possível identificar diferenças estruturais entre os processos normais e aqueles manipulados pelo invasor, possibilitando a criação de indicadores de comprometimento (IoCs). Os resultados contribuem para a melhoria de mecanismos de detecção e resposta a APTs, auxiliando na proteção de redes corporativas contra ataques avançados.
Sistema para detecção de intrusão de botnets utilizando aplicações de machine learning
(2021-12-13) Silva Neto, Francisco Queiroga da; Assad, Rodrigo Elia; http://lattes.cnpq.br/3791808485485116; http://lattes.cnpq.br/7900008638092251
Communication tools and the continuous advancement of the Internet have also resulted in the sophistication of tools and methods to carry out attacks against users and their computers, with features that facilitate criminal activities in the cyber environment. Among cyber threats, botnets have characteristics and advantages that have expanded their use in recent years, becoming a tool employed extensively by attackers to conduct attacks and gain control of various devices connected to computer networks. The way these threats behave and are updated brings several challenges to the intrusion detection area. In this paper, a study is presented on the application of machine learning techniques in detecting botnets by analyzing network traffic flows. The study aims to show how pattern classification techniques can be applied in intrusion detection systems to identify similarities between the infrastructure of botnets, where works in the literature were studied to address an application that aims to improve the problems related to the attribute selection steps and the data processing, crucial steps in machine learning models.
Teste de Invasão: um relato de experiência em uma instituição pública de ensino no Brasil
(2019) Silva, Thiago Francisco de Andrade; D’Emery, Richarlyson Alves; Vieira, Yago Dyogennes Bezerra; http://lattes.cnpq.br/3553920177544450; http://lattes.cnpq.br/7444148155690420
Currently, the use of technologies grows in institutions making them susceptible to attacks that put their assets at risk, consequently, information security in the environment is demanded. Confidential information leaked and unavailability of acess can cause financial damage and the reputation of an organization. In this sense, intrusion tests are tools that allow validating information security in these environments, through the collection information on the network, mapping and exploiting vulnerabilities by analyzing assets of the organization, ranking the threats and their possible impact on the institution, classify and suggest solutions within the environment. Given this scenario, this monograph discusses and presents the use of pentest intrusion test in the prevention of cyber attacks to organizations, especially to a public educational institution. A survey was carried out on network information, that is, a mapping of vulnerabilities in the environment. The tools in Kali Linux were used: Nmap, Nbtscan, Nessus, Metasploit e Aircrack-ng. Although the mapping points to several vulnerabilities, stand out the NFS Exported Share Information Disclosure and Microsoft Windows SMB Sahres Unprivileged Acess, wich are considered as critical and high risk severity, respectively. Finally, suggestions are presented for the necessary solutions.
Utilização de pentest na prevenção de ataques cibernéticos às organizações
(2018) Vieira, Yago Dyogennes Bezerra; D'Emery, Richarlyson Alves; http://lattes.cnpq.br/3553920177544450
With the evolution of technology, new devices are created, more users connect to the Internet and become addicted. Black hats have found that information and data are valuable to users and businesses and use knowledge for illicit purposes, stealing data, leaving companies totally inoperable after attacks, achieving profit or even competitive advantage. Knowing that no system is totally safe, criminals are looking for failures to innovate more and more in their attacks and only the big and medium companies are concerned about security, some medium and small only care when they suffer some type of damage resulting from a security breach of information. Even if companies invest in security it is necessary to apply it correctly, and an exploited vulnerability can compromise the entire corporate environment. Information security is an area of computing that aims to protect systems and devices against potential threats using the international standards and prevention recommended by experts in the field. Unknown to many companies, Pentest allows them to test their level of protection by testing the entire environment, simulating a real attack by a criminal, and measuring the risk and consequences of such attacks. Pentest is carefully carried out between contractor and contractor to ensure that none of your services stop while the tests are performed, you can still use a sequence based on certain methodologies, depending on the customer's needs. Given this scenario, in this monograph, it is discussed and proposed the use of intrusion testing in the prevention of cyber-attacks to organizations. The work showed that it was possible to carry out security tests in a company's computing environments, which would lead to the leakage, alteration and destruction of information from both the company and all its customers if they were discovered by a black hat. Real flaws were exploited in the computing environment of a company, which did not have the culture to protect its information. The main objective of the work was to demonstrate a method of security failure analysis (Pentest) and the use of some invasion techniques used by black hats, which if implemented by security teams will help to prevent attacks based on this type, organizations that must cultivate a culture of protection of their data, because even with all necessary security, no system is totally safe. As results there were flaws that could be exploited and consequently could cause damages such as: access leaving company systems unusable, destruction of data alteration and theft, disclosure of personal data without authorization, and if these risks occurred, would result in incalculable losses. Tests the company has been willing to invest in security and fix the flaws.