So long, and thanks for only using readily available scripts. (13th March 2017)
- Record Type:
- Journal Article
- Title:
- So long, and thanks for only using readily available scripts. (13th March 2017)
- Main Title:
- So long, and thanks for only using readily available scripts
- Authors:
- Holm, Hannes
Sommestad, Teodor - Abstract:
- Abstract : Purpose: It is often argued that the increased automation and availability of offensive cyber tools has decreased the skill and knowledge required by attackers. Some say that all it takes to succeed with an attack is to follow some instructions and push some buttons. This paper aims to tests this idea empirically through live exploits and vulnerable machines in a cyber range. Design/methodology/approach: The experiment involved 204 vulnerable machines in a cyber range. Exploits were chosen based on the results of automated vulnerability scanning. Each exploit was executed following a set of carefully planned actions that enabled reliable tests. A total of 1, 223 exploitation attempts were performed. Findings: A mere eight exploitation attempts succeeded. All these involved the same exploit module (ms08_067_netapi). It is concluded that server-side attacks still are too complicated for novices who lack the skill or knowledge to tune their attacks. Originality/value: This paper presents the largest conducted test of exploit effectiveness to date. It also presents a sound method for reliable tests of exploit effectiveness (or system vulnerability).
- Is Part Of:
- Information and computer security. Volume 25:Number 1(2017)
- Journal:
- Information and computer security
- Issue:
- Volume 25:Number 1(2017)
- Issue Display:
- Volume 25, Issue 1 (2017)
- Year:
- 2017
- Volume:
- 25
- Issue:
- 1
- Issue Sort Value:
- 2017-0025-0001-0000
- Page Start:
- 47
- Page End:
- 61
- Publication Date:
- 2017-03-13
- Subjects:
- Computer security -- Hacking
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-08-2016-0069 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2069.xml