SlideShare uma empresa Scribd logo

Sexy defense

Iftach Ian Amit
Iftach Ian Amit
Tecnologia
1 de 116
Baixar para ler offline
Sexy Defense Maximizing the Home-Field Advantage Iftach Ian Amit Director of Services, IOActive Image credit: IDF Spokesperson
Agenda • Whoami • Background - the Red Team was here... • What do they actually say? Reading reports 101 • Methodology - flipping the Red-Team • Map • Correlate • Act • Examples • Conclusions
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Iftach Ian Amit
Background You had a vulnerability assessment done.
Background And you passed a pentest.
Background What did you ACTUALLY get? Pros Cons Compliance? +++ Security Posture? ---
Background And then you had a Red-Team test come in and wreck havoc...
Background How does that make you feel?
Shock
Denial
Anger
Resistance
Acceptance?
Reading bad reports • Here comes the boring part... Terminology... • Vulnerability • Exposure • Threat • Risk • (yup - you gotta be able to do suite talk to get the $$$).
Vulnerability You’ll find a lot of these in reports... “An issue with a software component that, when abused (exploited) can lead to anything from the software crashing, to compromising the system on which the software is installed so that the attacker can have full control over it. Additionally, vulnerabilities also refer to logic and operational issues – whether in computing systems, in processes and procedures related to the business operations, patch management, or even password policies.”
Exposure • Say what? • Usually will connect vulnerabilities to a threat model relevant for the tested organization
Threat “Anything capable of acting against an asset in a manner that could result in harm” Defined by: Threat Community, Threat Agents. • Capabilities • Accessibility to assets
Risk Ever seen one of these in a report? A real one? • The probability of something bad™ happening to an organization’s asset. • Yes, probability == math. Coherently formulate the elements (vuln, exposure, threat) into a risk score. • Repeatable, and defensible from a logical perspective
Methodology Take a look at how we have been practicing attack and defense. For a VERY long time...
Defender view
Attacker view
What does it mean? Attack Post Intelligence Vuln. Exploit Control Exploitation Gathering Research
What does it mean? Attack Post Intelligence Vuln. Exploit Control Exploitation Gathering Research Defend
What does it mean? Attack Post Intelligence Vuln. Exploit Control Exploitation Gathering Research Mitigate Detection & Contain Defend
What does it mean? Attack Post Intelligence Vuln. Exploit Control Exploitation Gathering Research Threat Intelligence Data Mitigate Modeling Gathering Correlation Detection & Contain Defend
Remember! It’s NOT about: It IS about: • Egos Having a mindset of constant improvement • People There will always be gaps in the • Skills defense • Identify IT’S NOT FAIR! • Remediate • In the CONTEXT of RISK
Map (information & Security assets) • 1st - What is the business doing anyway? • How does it make $? • Processes, assets, people, technology, 3rd parties... • Security and Intelligence assets...
Map (exposures & Issues) • Start from a report (vuln, pt, red-team). • Work up from there while weeding out all the irrelevancies
Inputs Process Inputs Process Inputs 3rd Party Assets Vulnerability Controls Key personnel Simplified mapping of assets, processes, people, vulnerabilities, and controls
Map (Threats) • Do you know WHO is out to get you? • Their capabilities? • What do they know? • Their modus-operandi? • ...
Logs • Everywhere, from everything. • Storage != $ • Measure twice, cut once == get all logs, filter later
Marke0ng$ Forums$ Sales$ Business$ Market$News$ Development$ Raw$ Intelligence$ CERTs$ Compe0tors$ Analysis$ Partners$ Customers$
Early warning signs • Weird PC behavior • File permissions • Volume of calls to • Access to specific files support on network storage • Physical elements • Employee awareness around the office • ... • Sales inquiries • Probes on a website
Early warning signs • Weird PC behavior • File permissions • Volume of calls to • Access to specific files support on network storage • Physical elements • Employee awareness around the office • ... • Sales inquiries • Probes on a website
People • Stalkers • Tailgaters • Smokers • Construction • Sales leads • IT guys
People • Stalkers • Tailgaters • Smokers • Construction AWARENESS • Sales leads • IT guys
Correlate external events and timelines Local news, Sports, entertainment, financial Regional news National events International stuff
Act • Building up your defense mojo • Training people to identify, report, react • Combining technology into the mix • Working with others (peers, vendors, intel sources, government?)
Assess where YOU are! • Get a clear view of your current security posture • Lying to yourself isn’t going to make you feel better • At least in long run... :-|
Constant development • Expect changes • Processes, partners, customers, 3rd parties, internal services/products, people, culture, • Embrace changes - never “sign off” into a finite strategy document. Make it a “living” document. • Educate people about it. • Show how it adapts according to the business. TO SUPPORT IT!
Align outwards
Align outwards • Compare notes with peers
Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side
Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you
Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense
Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense
Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense • Will usually prove the opposite
Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense • Will usually prove the opposite
Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense • Will usually prove the opposite • Great - you are now one with the lowest common denominator of the lowest bidders...
It’s not about: Tech People Skill
It’s about: Tech Cat Skill People Herding
Counter-intel • Own up to YOUR information • Set traps • Intelligence • Technology • Booby-trap tools, work with LE, and most importantly: LEGAL • IANAL!
Counter-intel • Own up to YOUR information • Set traps • Intelligence • Technology • Booby-trap tools, work with LE, and most importantly: LEGAL • IANAL!
Examples
1. Identify your threat communities / agents 2. Locate their “hangouts” (where they get toolz) 3. Infiltrate to get info 4. Manipulate “stuff” 1. Backdoor it. 2. Make sure it leaves a distinct signature. 5. Update custom signature in detection systems 6. Kick back, and watch the fun
Use THEIR tools...
Use THEIR tools... Hmmmmmmm... I betch’a people are going to miss it :-)
Demo time 1. Download RAT 2. Find appropriate location 3. Insert RAT 4. Release 5. Profit?
Demo 1. Obtain crypter 2. Enhance [not in this demo] 3. Leave a “unique” present in crypted files 4. Release 5. Profit?
Law is hackable • Don’t think that it’s impossible to get by with these things... • Example: Microsoft’s takedown of Bredolab - legal bypass by using trademark infringement claims • Directly affect infected computers!
Kippo http://code.google.com/p/kippo/
Artillery • Open up listeners on multiple ports • Anything that touches them gets blacklisted • You can play with this to report instead of blacklist... • Monitor filesystem changes and email diff to you. • Block SSH brute-force attacks svn co http://svn.secmaniac.com/artillery artillery/
Then: Technology • Find stuff that works FOR you. Or make it. • SIEM/SOC would be a major focus • Other correlation engines • Feed technology all the data it can handle • Financial info? Semantic data? Google Alerts? --> Anything goes...
Counter Intelligence use-case Problem dormant accounts used for fraud (and/or money laundering)
Counter Intelligence use-case Problem dormant accounts used for fraud (and/or money laundering) Account
Counter Intelligence use-case Problem dormant accounts used for fraud (and/or money laundering) Account
Counter Intelligence use-case Problem dormant accounts used for fraud (and/or >1yr dormant money laundering) Account
Counter Intelligence use-case Problem dormant accounts used for fraud (and/or >1yr dormant money laundering) Account laundering
Counter Intelligence use-case Problem dormant accounts used for fraud (and/or >1yr dormant money laundering) Account laundering Intl. transfers
Counter Intelligence use-case Problem dormant accounts used for fraud (and/or >1yr dormant money laundering) Account laundering Internal/ Intl. transfers External???
Account
Account Account Account Account Account
List Account Account Account Account Account
Accounting Marketing List Branch mgmt. Account Account Account Account Account
Accounting List Account Account Account Account Account Marketing Branch mgmt.
Accounting List List Account Account Account Account Account Account Account Account Account Account Marketing Branch mgmt.
Accounting List List Account Account Account Account Account Account Account Account Account Account List Marketing Account Account Account Account Account Branch mgmt.
Accounting List List Account Account Account Account Account Account Account Account Account Account List Marketing Account Account Account Account Account Branch mgmt. Internal user
Accounting List List Account Account Account Account Account Account Account Account Account Account List Marketing Account Account Account Account Account Branch mgmt. Internal user
Accounting List List Account Account Account Account Account Account Account Account Account Account List Marketing Account Account Account Account Account Branch mgmt. Internal user
Internal user
Internal user PC
Internal user PC
Internal user PC Trojan
Internal user PC Trojan
Internal user PC Trojan
Internal user PC Trojan C&C
Internal user PC Trojan C&C Bad Guys(tm)
Play nice with others
Play nice with others CERTS
Play nice with others CERTS Government
Play nice with others CERTS Government Peers
Play nice with others CERTS Government Peers Competitors
Conclusions The whole is greater than the sum of its elements [insert tacky “zen” slide with some stones]
Call for Action • Vendors: • Defenders: • Start working on • Own up to your data, products that can network, and business “communicate” with information • Gather intelligence on your potential • Loosely typed data adversaries • Language processing • Focus your defenses on of arbitrary data assets, not compliance formats or “best practices” • Correlation across • Take the initiative! sources AND over time
ktnxbye! Questions? Paper available at: http://iamit.org/docs/sexydefense.pdf twitter: @iiamit *Image credits: Google Images and the Internetz

Recomendados

Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat MitigationRoger Johnston
 
How to Think Like a Vulnerability Assessor
How to Think Like a Vulnerability AssessorHow to Think Like a Vulnerability Assessor
How to Think Like a Vulnerability AssessorRoger Johnston
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
2018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 12018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 1FRSecure
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 

Recomendados

Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat MitigationRoger Johnston
 
How to Think Like a Vulnerability Assessor
How to Think Like a Vulnerability AssessorHow to Think Like a Vulnerability Assessor
How to Think Like a Vulnerability AssessorRoger Johnston
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
2018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 12018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 1FRSecure
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 
2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session TwoFRSecure
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)Jeff Green
 
2018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 22018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 2FRSecure
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleanerJohn Stauffacher
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class OneFRSecure
 
Focusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesFocusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesRoger Johnston
 
Grc t17
Grc t17Grc t17
Grc t17SelectedPresentations
 
Protecting high net worth individuals 2012
Protecting high net worth individuals 2012Protecting high net worth individuals 2012
Protecting high net worth individuals 2012Jeff Starck
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final LipubCip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipubshamburg
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingEric Jernigan MSIA, CISSP, CISM, CRISC
 
Rolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramRolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramDenim Group
 
2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three 2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three FRSecure
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
2020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 22020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 2FRSecure
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Cyber Terror ICT Conference
Cyber Terror ICT ConferenceCyber Terror ICT Conference
Cyber Terror ICT ConferenceIftach Ian Amit
 
Hacking cyber-iamit
Hacking cyber-iamitHacking cyber-iamit
Hacking cyber-iamitIftach Ian Amit
 

Mais conteúdo relacionado

Mais procurados

2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session TwoFRSecure
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)Jeff Green
 
2018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 22018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 2FRSecure
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class OneFRSecure
 
Focusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesFocusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesRoger Johnston
 
Protecting high net worth individuals 2012
Protecting high net worth individuals 2012Protecting high net worth individuals 2012
Protecting high net worth individuals 2012Jeff Starck
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final LipubCip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipubshamburg
 
Rolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramRolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramDenim Group
 
2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three 2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three FRSecure
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
2020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 22020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 2FRSecure
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 

Mais procurados (20)

2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)
 
2018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 22018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 2
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
 
Focusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesFocusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the Vulnerabilities
 
Grc t17
Grc t17Grc t17
Grc t17
 
Protecting high net worth individuals 2012
Protecting high net worth individuals 2012Protecting high net worth individuals 2012
Protecting high net worth individuals 2012
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten
 
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final LipubCip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub
Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modeling
 
Rolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review ProgramRolling Out An Enterprise Source Code Review Program
Rolling Out An Enterprise Source Code Review Program
 
2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three 2019 FRSecure CISSP Mentor Program: Class Three
2019 FRSecure CISSP Mentor Program: Class Three
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
 
2020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 22020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 2
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 

Destaque

Cyber Terror ICT Conference
Cyber Terror ICT ConferenceCyber Terror ICT Conference
Cyber Terror ICT ConferenceIftach Ian Amit
 
Encryption - Alice, Bob and co.
Encryption - Alice, Bob and co.Encryption - Alice, Bob and co.
Encryption - Alice, Bob and co.Iftach Ian Amit
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723Iftach Ian Amit
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk MetricsIftach Ian Amit
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data ExfiltrationIftach Ian Amit
 

Destaque (9)

Cyber Terror ICT Conference
Cyber Terror ICT ConferenceCyber Terror ICT Conference
Cyber Terror ICT Conference
 
Hacking cyber-iamit
Hacking cyber-iamitHacking cyber-iamit
Hacking cyber-iamit
 
Dtmf phreaking
Dtmf phreakingDtmf phreaking
Dtmf phreaking
 
Armorizing applications
Armorizing applicationsArmorizing applications
Armorizing applications
 
Turtles dc9723
Turtles dc9723Turtles dc9723
Turtles dc9723
 
Encryption - Alice, Bob and co.
Encryption - Alice, Bob and co.Encryption - Alice, Bob and co.
Encryption - Alice, Bob and co.
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk Metrics
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data Exfiltration
 

Semelhante a Sexy defense

What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?Anthony Melfi
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Morakinyo Animasaun
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)eNetSPI
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 

Semelhante a Sexy defense (20)

What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
 
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)e
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 

Mais de Iftach Ian Amit

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVIftach Ian Amit
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing KeynoteIftach Ian Amit
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and BackIftach Ian Amit
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and BlueIftach Ian Amit
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?Iftach Ian Amit
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?Iftach Ian Amit
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itIftach Ian Amit
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python BytecodeIftach Ian Amit
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer GamesIftach Ian Amit
 
Stuxnet - the worm and you
Stuxnet - the worm and youStuxnet - the worm and you
Stuxnet - the worm and youIftach Ian Amit
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingPushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingIftach Ian Amit
 
Mesh network presentation
Mesh network presentationMesh network presentation
Mesh network presentationIftach Ian Amit
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723Iftach Ian Amit
 

Mais de Iftach Ian Amit (20)

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLV
 
Devsecops at Cimpress
Devsecops at CimpressDevsecops at Cimpress
Devsecops at Cimpress
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing Keynote
 
ISTS12 Keynote
ISTS12 KeynoteISTS12 Keynote
ISTS12 Keynote
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and Back
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and Blue
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Cyber state
Cyber stateCyber state
Cyber state
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python Bytecode
 
Exploiting Second life
Exploiting Second lifeExploiting Second life
Exploiting Second life
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer Games
 
Stuxnet - the worm and you
Stuxnet - the worm and youStuxnet - the worm and you
Stuxnet - the worm and you
 
Pushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticingPushing in, leaving a present, and pulling out slowly without anyone noticing
Pushing in, leaving a present, and pulling out slowly without anyone noticing
 
Mesh network presentation
Mesh network presentationMesh network presentation
Mesh network presentation
 
Html5 hacking
Html5 hackingHtml5 hacking
Html5 hacking
 
LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723LD_PRELOAD Exploitation - DC9723
LD_PRELOAD Exploitation - DC9723
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

Sexy defense

  • 1. Sexy Defense Maximizing the Home-Field Advantage Iftach Ian Amit Director of Services, IOActive Image credit: IDF Spokesperson
  • 2. Agenda • Whoami • Background - the Red Team was here... • What do they actually say? Reading reports 101 • Methodology - flipping the Red-Team • Map • Correlate • Act • Examples • Conclusions
  • 16. Background You had a vulnerability assessment done.
  • 18. Background What did you ACTUALLY get? Pros Cons Compliance? +++ Security Posture? ---
  • 19. Background And then you had a Red-Team test come in and wreck havoc...
  • 20. Background How does that make you feel?
  • 21. Shock
  • 23. Anger
  • 26. Reading bad reports • Here comes the boring part... Terminology... • Vulnerability • Exposure • Threat • Risk • (yup - you gotta be able to do suite talk to get the $$$).
  • 27. Vulnerability You’ll find a lot of these in reports... “An issue with a software component that, when abused (exploited) can lead to anything from the software crashing, to compromising the system on which the software is installed so that the attacker can have full control over it. Additionally, vulnerabilities also refer to logic and operational issues – whether in computing systems, in processes and procedures related to the business operations, patch management, or even password policies.”
  • 28. Exposure • Say what? • Usually will connect vulnerabilities to a threat model relevant for the tested organization
  • 29. Threat “Anything capable of acting against an asset in a manner that could result in harm” Defined by: Threat Community, Threat Agents. • Capabilities • Accessibility to assets
  • 30. Risk Ever seen one of these in a report? A real one? • The probability of something bad™ happening to an organization’s asset. • Yes, probability == math. Coherently formulate the elements (vuln, exposure, threat) into a risk score. • Repeatable, and defensible from a logical perspective
  • 31. Methodology Take a look at how we have been practicing attack and defense. For a VERY long time...
  • 34. What does it mean? Attack Post Intelligence Vuln. Exploit Control Exploitation Gathering Research
  • 35. What does it mean? Attack Post Intelligence Vuln. Exploit Control Exploitation Gathering Research Defend
  • 36. What does it mean? Attack Post Intelligence Vuln. Exploit Control Exploitation Gathering Research Mitigate Detection & Contain Defend
  • 37. What does it mean? Attack Post Intelligence Vuln. Exploit Control Exploitation Gathering Research Threat Intelligence Data Mitigate Modeling Gathering Correlation Detection & Contain Defend
  • 38. Remember! It’s NOT about: It IS about: • Egos Having a mindset of constant improvement • People There will always be gaps in the • Skills defense • Identify IT’S NOT FAIR! • Remediate • In the CONTEXT of RISK
  • 39. Map (information & Security assets) • 1st - What is the business doing anyway? • How does it make $? • Processes, assets, people, technology, 3rd parties... • Security and Intelligence assets...
  • 40. Map (exposures & Issues) • Start from a report (vuln, pt, red-team). • Work up from there while weeding out all the irrelevancies
  • 41. Inputs Process Inputs Process Inputs 3rd Party Assets Vulnerability Controls Key personnel Simplified mapping of assets, processes, people, vulnerabilities, and controls
  • 42. Map (Threats) • Do you know WHO is out to get you? • Their capabilities? • What do they know? • Their modus-operandi? • ...
  • 43. Logs • Everywhere, from everything. • Storage != $ • Measure twice, cut once == get all logs, filter later
  • 44. Marke0ng$ Forums$ Sales$ Business$ Market$News$ Development$ Raw$ Intelligence$ CERTs$ Compe0tors$ Analysis$ Partners$ Customers$
  • 45. Early warning signs • Weird PC behavior • File permissions • Volume of calls to • Access to specific files support on network storage • Physical elements • Employee awareness around the office • ... • Sales inquiries • Probes on a website
  • 46. Early warning signs • Weird PC behavior • File permissions • Volume of calls to • Access to specific files support on network storage • Physical elements • Employee awareness around the office • ... • Sales inquiries • Probes on a website
  • 47. People • Stalkers • Tailgaters • Smokers • Construction • Sales leads • IT guys
  • 48. People • Stalkers • Tailgaters • Smokers • Construction AWARENESS • Sales leads • IT guys
  • 49. Correlate external events and timelines Local news, Sports, entertainment, financial Regional news National events International stuff
  • 50. Act • Building up your defense mojo • Training people to identify, report, react • Combining technology into the mix • Working with others (peers, vendors, intel sources, government?)
  • 51. Assess where YOU are! • Get a clear view of your current security posture • Lying to yourself isn’t going to make you feel better • At least in long run... :-|
  • 52. Constant development • Expect changes • Processes, partners, customers, 3rd parties, internal services/products, people, culture, • Embrace changes - never “sign off” into a finite strategy document. Make it a “living” document. • Educate people about it. • Show how it adapts according to the business. TO SUPPORT IT!
  • 54. Align outwards • Compare notes with peers
  • 55. Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side
  • 56. Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you
  • 57. Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense
  • 58. Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense
  • 59. Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense • Will usually prove the opposite
  • 60. Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense • Will usually prove the opposite
  • 61. Align outwards • Compare notes with peers • Keep track of what’s new on the offensive side • And how it relates to you • Never accept a successful audit or compliance to regulation as a sign of effective defense • Will usually prove the opposite • Great - you are now one with the lowest common denominator of the lowest bidders...
  • 62. It’s not about: Tech People Skill
  • 63. It’s about: Tech Cat Skill People Herding
  • 64. Counter-intel • Own up to YOUR information • Set traps • Intelligence • Technology • Booby-trap tools, work with LE, and most importantly: LEGAL • IANAL!
  • 65. Counter-intel • Own up to YOUR information • Set traps • Intelligence • Technology • Booby-trap tools, work with LE, and most importantly: LEGAL • IANAL!
  • 67. 1. Identify your threat communities / agents 2. Locate their “hangouts” (where they get toolz) 3. Infiltrate to get info 4. Manipulate “stuff” 1. Backdoor it. 2. Make sure it leaves a distinct signature. 5. Update custom signature in detection systems 6. Kick back, and watch the fun
  • 68.
  • 69.
  • 70.
  • 71.
  • 73. Use THEIR tools... Hmmmmmmm... I betch’a people are going to miss it :-)
  • 74. Demo time 1. Download RAT 2. Find appropriate location 3. Insert RAT 4. Release 5. Profit?
  • 75.
  • 76.
  • 77.
  • 78. Demo 1. Obtain crypter 2. Enhance [not in this demo] 3. Leave a “unique” present in crypted files 4. Release 5. Profit?
  • 79.
  • 80. Law is hackable • Don’t think that it’s impossible to get by with these things... • Example: Microsoft’s takedown of Bredolab - legal bypass by using trademark infringement claims • Directly affect infected computers!
  • 82. Artillery • Open up listeners on multiple ports • Anything that touches them gets blacklisted • You can play with this to report instead of blacklist... • Monitor filesystem changes and email diff to you. • Block SSH brute-force attacks svn co http://svn.secmaniac.com/artillery artillery/
  • 83. Then: Technology • Find stuff that works FOR you. Or make it. • SIEM/SOC would be a major focus • Other correlation engines • Feed technology all the data it can handle • Financial info? Semantic data? Google Alerts? --> Anything goes...
  • 84. Counter Intelligence use-case Problem dormant accounts used for fraud (and/or money laundering)
  • 85. Counter Intelligence use-case Problem dormant accounts used for fraud (and/or money laundering) Account
  • 86. Counter Intelligence use-case Problem dormant accounts used for fraud (and/or money laundering) Account
  • 87. Counter Intelligence use-case Problem dormant accounts used for fraud (and/or >1yr dormant money laundering) Account
  • 88. Counter Intelligence use-case Problem dormant accounts used for fraud (and/or >1yr dormant money laundering) Account laundering
  • 89. Counter Intelligence use-case Problem dormant accounts used for fraud (and/or >1yr dormant money laundering) Account laundering Intl. transfers
  • 90. Counter Intelligence use-case Problem dormant accounts used for fraud (and/or >1yr dormant money laundering) Account laundering Internal/ Intl. transfers External???
  • 94. Accounting Marketing List Branch mgmt. Account Account Account Account Account
  • 95. Accounting List Account Account Account Account Account Marketing Branch mgmt.
  • 96. Accounting List List Account Account Account Account Account Account Account Account Account Account Marketing Branch mgmt.
  • 97. Accounting List List Account Account Account Account Account Account Account Account Account Account List Marketing Account Account Account Account Account Branch mgmt.
  • 98. Accounting List List Account Account Account Account Account Account Account Account Account Account List Marketing Account Account Account Account Account Branch mgmt. Internal user
  • 99. Accounting List List Account Account Account Account Account Account Account Account Account Account List Marketing Account Account Account Account Account Branch mgmt. Internal user
  • 100. Accounting List List Account Account Account Account Account Account Account Account Account Account List Marketing Account Account Account Account Account Branch mgmt. Internal user
  • 104. Internal user PC Trojan
  • 105. Internal user PC Trojan
  • 106. Internal user PC Trojan
  • 107. Internal user PC Trojan C&C
  • 108. Internal user PC Trojan C&C Bad Guys(tm)
  • 109. Play nice with others
  • 110. Play nice with others CERTS
  • 111. Play nice with others CERTS Government
  • 112. Play nice with others CERTS Government Peers
  • 113. Play nice with others CERTS Government Peers Competitors
  • 114. Conclusions The whole is greater than the sum of its elements [insert tacky “zen” slide with some stones]
  • 115. Call for Action • Vendors: • Defenders: • Start working on • Own up to your data, products that can network, and business “communicate” with information • Gather intelligence on your potential • Loosely typed data adversaries • Language processing • Focus your defenses on of arbitrary data assets, not compliance formats or “best practices” • Correlation across • Take the initiative! sources AND over time
  • 116. ktnxbye! Questions? Paper available at: http://iamit.org/docs/sexydefense.pdf twitter: @iiamit *Image credits: Google Images and the Internetz