APT Attack Simulation Methodology
-Phishing e-mails or malicious software is used to access the system through security vulnerabilities.
Building a Basis
– After the first access to the target is achieved, backdoor and tunnel networks are created using malware techniques such as rewriting to increase access and not be noticed.
-In order to increase system control, access to administrative accounts is increased by applying various methods including password cracking methods.
-After gaining access, the lateral movement area in the corporate network is increased to gain access to other secure areas of the corporate network and servers.
Performing the Attack
-The data is centralized and transferred to the desired systems.
Staying in the System Until Detected
-The back door is created to access the system again if necessary and data is collected from the system.