The paper considers an approach to choosing a tool for investigating vulnerabilities in the Active Directory directory service, which contains information of primary value to intruders, making it possible to determine the best point of entry into the system and develop the optimal strategy and tactics to implement the most effective and fastest attack. As part of this work, an analysis of possible directory service threats has been carried out and a classification of attacks on Active Directory has been provided. The classification of tools used to obtain useful information from Active Directory is given. The possibilities of Cobalt Strike as a tool for threat emulation and post-operational tasks based on a hidden agent and an updated database of attacking scripts are considered. The analysis of the practical implementation of cyber attacks using the tool Cobalt Strike over the past few years has been carried out. The methodology of such cyber attacks has been studied and detailed step by step.

Keywords: information security, cyberattack, attack scenarios, threat analysis, directory service, Active Directory, Cobalt Strike

This paper examines an approach to comprehensively ensuring the security of mobile devices, which are the primary tools for communication, banking, and the use of medical services containing passwords, documents, and correspondence. Mobile device security is examined at several levels. Protection levels for mobile platforms, applications, telecom operators, and the user level are highlighted. An analysis of attacks on mobile devices is conducted, and the vectors of the most common attack types are identified. A comparative analysis of iOS and Android mobile platforms was conducted, highlighting their strengths and weaknesses. The main areas of mobile device security implemented by telecom operators were analyzed. Several successful attacks on mobile banking systems were analyzed, and a classification of the main threats to mobile banking was provided.

Keywords: mobile device protection, cyberattack, attack vector, Android, iOS, application protection methods, mobile banking systems

The increasing complexity of cyberattacks, often involving multiple vectors and aimed at achieving various goals, necessitates advanced modeling techniques to understand and predict attacker behavior. This paper proposes a formal approach to describe such attacks using a weakly connected oriented tree model that satisfies specific conditions. The model is designed to represent the attack surface and a collection of attack vectors, allowing for the analysis of possible attack scenarios. We introduce a sequential composition operation that combines sets of attack vectors, enabling the modeling of combined attacks. The study includes an example of an attack on an information system through a vulnerability that allows brute-force password guessing and phishing emails, with the goals of either obtaining a database or causing a denial of service. We investigate the set of attack scenarios generated by the model and formulate a rule for estimating the number of possible scenarios for an arbitrary number of attack vector sets. The proposed method facilitates preliminary analysis of attack scenarios, aiding cybersecurity professionals in making informed decisions about implementing additional defense mechanisms at various stages of an attack. The results demonstrate the applicability of the model for evaluating attack scenarios and provide a foundation for further research into more complex attack structures.

Keywords: attack modeling, information security, attack trajectory, attack scenario, attack vector, cybersecurity