참고자료

논문

[1] HAN, Xiao; KHEIR, Nizar; BALZAROTTI, Davide. Deception techniques in computer security: A research perspective. ACM Computing Surveys (CSUR), 2018, 51.4: 1-36.

[2] ZHANG, Li; THING, Vrizlynn LL. Three decades of deception techniques in active cyber defense-retrospect and outlook. Computers & Security, 2021, 106: 102288.

[3] TOUNSI, Wiem. Cyber deception, the ultimate piece of a defensive strategy-proof of concept. In: 2022 6th Cyber Security in Networking Conference (CSNet). IEEE, 2022, p. 1-5.

[4] BELTRÁN LÓPEZ, Pedro; GIL PÉREZ, Manuel; NESPOLI, Pantaleone. Cyber Deception: State of the art, Trends and Open challenges. arXiv e-prints, 2024, arXiv: 2409.07194.

공격 관련

[5] PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (DC Sync)

[6] https://www.mandiant.com/sites/default/files/2022-08/remediation-hardening-strategies-for-m365-defend-against-apt29-white-paper.pdf

[7] https://cloud.google.com/blog/topics/threat-intelligence/tracking-apt29-phishing-campaigns/?hl=en

[8] https://www.darkreading.com/cyberattacks-data-breaches/solarwinds-campaign-focuses-attention-on-golden-saml-attack-vector

[9] https://www.sygnia.co/threat-reports-and-advisories/golden-saml-attack/

[10] (2020.12.23) 보안뉴스, 솔라윈즈 사태로 다시 한 번 부각된 ‘골든 SAML’ 공격 기법 https://www.boannews.com/media/view.asp?idx=93687

[11] (2017.11.21) CyberArk, Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

[12] (2020.12.29) CyberArk, Golden SAML Revisited: The Solorigate Connection https://www.cyberark.com/resources/threat-research-blog/golden-saml-revisited-the-solorigate-connection

[13] (2020.12) CISA, Detecting Abuse of Authentication Mechanisms https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDF

[14] (2021.07.21) Sygnia, Detection and Hunting of Golden SAML Attack https://www.sygnia.co/threat-reports-and-advisories/golden-saml-attack/

[15] (2022.07.01) netwrix, Golden SAML Attack https://www.netwrix.com/golden_saml_attack.html https://www.youtube.com/watch?v=1W3tWLf34wU&ab_channel=Netwrix

[16] (2021.01.08) Splunk, A Golden SAML Journey: SolarWinds Continued

https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html

[17] LogRhythm, Analysis and Detection of Golden SAML Attacks

https://gallery.logrhythm.com/threat-intelligence-reports/analysis-and-detection-of-golden-SAML-attacks-labs-research.pdf

[18] (2021.01.19) Mandiant, Remediation and Hardening strategies for Microsoft 365 to defend against unc2452 https://www.mandiant.com/sites/default/files/2021-11/wp-m-unc2452-000343.pdf

[19] Splunk, How the SolarWinds cyberattacks work https://www.splunk.com/en_us/surge/solarwinds-cyberattack-response.html?301=/en_us/cyber-security/solarwinds-cyberattack-response.html

Deception 관련

[20] https://sanjeev41924.medium.com/modern-cyber-defense-part-4-active-defense-and-cyber-deception-fe0de20fa9ba

[21] https://www.linkedin.com/pulse/modern-cyber-defense-part-3-threat-intelligence-singh-retd-/