《隐匿的艺术:网络犯罪分子如何变得匿名并保持匿名.pdf》由会员分享,可在线阅读,更多相关《隐匿的艺术:网络犯罪分子如何变得匿名并保持匿名.pdf(31页珍藏版)》请在三个皮匠报告上搜索。
1、The art of concealment:How cybercriminals are becoming and remaining anonymousImage byHansuan Fabregas on PixabayConcealmentis theact of hidingsomething3The roleof concealmentwithrespect tocybercrimeCybercrimeCybercriminalsConcealmentConcealingwhat?4Apply stealthThe actAmnesic OSForensictracesDestro
2、y hardwarePhysicalevidenceRemain silentMotiveor connectionUse aliasOffendersidentityCryptomixersFinancial trailsOperationalSecurity(OpSec)6Anonymity vs privacyQilinransomware groupleaksite7Darkforums posts89SomeexampleOpSec guides10Exampleanalysis withATLAS.ti1.387 TTPs13 tactics109 techniques679 su
3、b-techniques586 procedures11Concealment Layers for Online Anonymity and Knowledge12How concealmentmeasuresare relatedProceduresSub-techniquesTechniquesTacticsuBlock OriginAd blockingAnti-fingerprintingAnonymous browsingQubesOSApplication isolationIsolationReduce attack surfaceWhonix OSColor VMsAvoid
4、 cross-contaminationSecure behaviorVeraCryptDecoy partitionDeceptionSecure behaviorLinux Unified Key Setup(LUKS)Detached LUKS headerAnti-forensicsPlausible deniabilityO1314ContinuousimprovementPlan(Self)educationRisk managementPlanPurgeExperimentDoEngagein cybercrimeCheckOSINTDoxingActDisinformation
5、Adapt TTPsConcealedtechnicalsetups16TypicalOpSec workstationHost OSPublic Wi-FiInternetVirtualBoxIsolatedWhonixOSTor networkWhonixGateway VMCash paid VPN over Tor17Hosting a resilientdarkwebsiteWeb Application Firewall(WAF)Reversedproxy 1Reversedproxy 2VPNBackendFiltering/monitoringHideIP-addressHid
6、eIP-addressEncrypted channelHost illicitactivitiesOnlyallowconnectionsfrom previousnodeMost important TTPs19From a technical perspectiveFroma behavioralperspective2021Froma physicalperspective22Froma operationalperspectiveCLOAK in perspectiveMITRE ATT&CK24Scre