Abstract
During targeted attack campaigns a malicious actor may use proxy servers to hide the attack path and origin. This approach may be used during the reconnaissance and exploitation phases. It can make the investigation process for Blue Team harder as security events can be assigned to different incidents by security software or some important data may be missing. In this paper the statistics of public exploits for 2018-2020 is considered. For the most frequent types of vulnerabilities based on CWE classification during this period, an analysis of the features of network interaction is performed. Additional factors that may have an impact on the total number of requests during exploitation, like authorization, CSRF protection and extra information gathering are investigated. Based on the number of requests and the possibility of detection by security mechanisms, the possibility of restoring the connectivity of the requests of the attacker using proxy servers for requests is determined. This classification may be used to develop Alert Correlation System methods and mechanisms, identify attacker groups and perform attack attribution.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
