Featuring 18 Papers as of September 30, 2016
PORTKnockOut: Data Exfiltration via Port Knocking over UDP by Matthew Lichtenberger - September 29, 2016
Data Exfiltration is arguably the most important target for a security researcher to identify. The seemingly endless breaches of major corporations are done via channels of various stealth, and an endless array of methods exist to communicate the data to remote endpoints while bypassing Intrusion Detection Systems, Intrusion Prevention Systems, firewalls, and proxies. This research examines a novel way to perform this data exfiltration, utilizing port knocking over User Datagram Protocol. It focuses specifically on the ease at which this can be done, the relatively low signal to noise ratio of the resultant traffic, and the plausible deniability of receiving the exfiltration data. Particular attention is spent on an implemented Proof of Concept, while the complete source code may be found in the Appendix.
Under The Ocean of the Internet - The Deep Web by Brett Hawkins - May 27, 2016
The Internet was a revolutionary invention, and its use continues to evolve. People around the world use the Internet every day for things such as social media, shopping, email, reading news, and much more. However, this only makes up a very small piece of the Internet, and the rest is filled by an area called The Deep Web.
Securing the “Internet of Things” Survey Analyst Paper
by John Pescatore - January 15, 2014
- Associated Webcasts: SANS Analyst Webcast: SANS Survey on Securing The Internet of Things
- Sponsored By: Codenomicon Norse
Survey reveals the risks introduced by an increasing array of "smart" things with wireless or Internet connections.
Finding Hidden Threats by Decrypting SSL Analyst Paper
by Michael Butler - November 8, 2013
- Associated Webcasts: Finding Hidden Threats by Decrypting SSL/TLS
- Sponsored By: Blue Coat Systems, Inc.
Paper describes the role of SSL, the role SSL decryption/inspection tools play in security, options for deploying inspection tools, and how the information generated by such inspection can be shared with other security monitoring systems.
Needle in a Haystack? Getting to Attribution in Control Systems Analyst Paper
by Matthew E. Luallen - January 17, 2012
In control system protection, mechanisms for achieving attack attribution must be implemented across physical, cyber and operational controls using additional tools.
Critical Control System Vulnerabilities Demonstrated - And What to Do About Them Analyst Paper
by Matthew E. Luallen - November 29, 2011
- Sponsored By: NitroSecurity
A study of four common infrastructures (agriculture and food, transportation, water and wastewater, and physical facilities) demonstrates what vulnerabilities could be found in specific control systems and how they might be exploited and protected.
BYOB: Build Your Own Botnet by Francois Begin - August 17, 2011
A recent report on botnet threats (Dhamballa, 2010) provides a sobering read for any security professional. According to its authors, the number of computers that fell victim to botnets grew at the rate of 8%/week in 2010, which translates to more than a six-fold increase over the course of the year.
Building a Better Bunker: Securing Energy Control Systems Against Terrorists and Cyberwarriors Analyst Paper
by Jonathan Pollet - December 9, 2010
This paper, the second in the series, explains the advanced persistent threats being aimed at SCADA and utility control systems, followed by advanced measures to take against these threats.
Securing a Smarter Grid: Risk Management in Power Utility Networks Analyst Paper
by Matthew E. Luallen - October 17, 2009
- Sponsored By: NitroSecurity
This paper will address the security issues facing smarter grid operators and will provide policy advice points.
Covert Data Storage Channel Using IP Packet Headers by Jonathan Thyer - February 7, 2008
A covert data channel is a communications channel that is hidden within the medium of a legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way in order to transmit information in an almost undetectable fashion. Otherwise said, a covert data channel transfers arbitrary bytes between two points in a fashion that would appear legitimate to someone scrutinizing the exchange. (Bingham, 2006)
Covert communications: subverting Windows applications by D. Climenti, A. Fontes, A. Menghrajani - September 13, 2007
This article describes an approach to covert channel communications in the Microsoft Windows environment, which is appllcable to all versions of Windows. The goal of this approach is to bypass network firewalls, as well as personal firewalls. We achieve this by using Windows messaging to hijack and control applications that have network access; accordingly such applications are not blocked at the application level.
Network Covert Channels: Subversive Secrecy by Ray Sbrusch - October 25, 2006
Steganography is the practice of concealing information in channels that superficially appear benign. The National Institute of Standards and Technology defines a covert channel as any communication channel that can be exploited
HTTP Tunnels Though Proxies by Daniel Alman - September 9, 2003
This paper covers the topic of HTTP tunnels, the risks they pose, and discusses how those risks can be limited with proper administration.
A Discussion of Covert Channels and Steganography by Mark Owens - March 19, 2002
Although the current threat of steganographic technology appears to lag its usefulness, the diligent information systems person needs to be mindful of the security ramifications that a covert channel in their enterprise carries.
A Detailed look at Steganographic Techniques and their use in an Open-Systems Environment by Bret Dunbar - January 18, 2002
This paper's focus is on a relatively new field of study in Information Technology known as Steganography.
Steganography: Why it Matters in a "Post 911" World by Bob Gilbert - January 14, 2002
This paper discusses cryptography attempts that to conceal messages by various translation methods that create new, unrecognizable messages.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.