SlideShare uma empresa Scribd logo

Modern World Defensive Cyber Offense Red Teaming

Transferir como PPTX, PDF
Indranil Banerjee
Indranil Banerjee

The document discusses red team penetration testing and modern cybersecurity risks. It provides an overview of red teaming, including thinking like a sophisticated attacker to uncover security weaknesses through external and internal network exploitation, web application attacks, and social engineering. The document notes that Indian organizations are at high risk of cyber attacks due to poor cyber defenses, lack of awareness, and internal threats. Mitigations include increasing cybersecurity education and budgeting.

1 de 21
RED TEAM ENGAGEMENT Modern World Defensive Cyber Offense
WHO THE HELL AM I ?? • A Hacker (Don’t know Bad or Good).. • Started as Scriptkiddies .. Now Professional…future Don’t know… • Freelance Penetration Tester (“Hacker For Hire“).. • Love Red Teaming, Network Pentesting and Exploit Development and Reverse Engineering.. • Others : Painter, Biker, Sharp Shooter (Trained) and A Farmer ;) Tweeter : @nu11_v0id Facebook: fb.com/lovelyindranil E-mail : indranilbanerjee21@gmail.com
“Internet was never designed to be the backbone of a global economy” • Shift from a Deterministic to a Probabilistic Approach • Scale the Cost of Operating a Resilient Cyber Infrastructure • Take the Next Step: Artificial Intelligence • Skill Development and Research MODERN WORLD CYBER SECURITY
• Identity Risks • Risks in Related to Web Applications • Risks in IoT • Infrastructure Security Risks • Cyber Wars (Internet Gang Wars) • Sponsored Cyber Espionage • StartUps are at Risks • Insider Threats • And so on……. MODERN WORLD CYBER SECURITY RISKS http://map.norsecorp.com/
WHAT IS RED TEAM PENTESTING ? RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialized IT security experts. Hereby, security weaknesses in IT systems (e.g. networks, applications or devices) are uncovered and can be remedied.
Why You Should Conduct ? Real world Testing to test you much secure your infrastructure is against Highly Skilled, Funded and Motivated Cyber Attacks A Pentesting that covers all type of testing “How Do You can put up a fight if you have never taken a punch”
DEMO
How To Red Team Engagement?
Think like a “Sophisticated Attacker” and try to dig out the jewels (Sensitive Information) out from the organization to show the risks involved with their defense. Follow through different types of attack simulations to find the real value data and information possible. Outside of The Box Thinking
TECHNOQUES & TOOLS
Physical Security Testing • Lock picking • RFID Card cloning • Lan to VPN • Many others…
External & Internal Network Exploitation
Techniques & Tools • Remote Exploitation • 0-day attacks (Very Rear) • Attacking through Rouge AP • Attack on wireless Infrastructures to gain access • Attacking through Bluetooth • Browser based Attacks • Metasploit Browser based Exploitations • Java Applet Attacks • HTA Attacks • DNS Hijacking and Network Tunneling
Web Application Attacks • Attacks against organizations CMS • Attacking Webmail to get internal user information • Attacking Internal Mail Servers • Hijacking Session Cookies • Embedding Reg Key • And Many more…..
Social Engineering Attacks • Most Successful one • Social Engineering Toolkit (SET) • Metasploit • Maltego (Information Gathering) • Google Hacker Database • Etc……
Case Study
Indian Organizations at Risk • Increase rate of Cyber Attacks against Indian Organizations • Poor Cyber Defense • Lack of Cyber Awareness • Huge gathering of PentestPuppies • Poor balancing between Security and Business • Unsatisfied workforce  Internal Threat • And many more… (What you Say..!!)
StartUps are at Risk • High Quality Intellectual Property • Big Potential (Not Aware of Security)  Theft  Failure • High Competition  ingress monitoring  Theft
Mitigations • Cyber Awareness from the Elementary Level of Education • More Budget allocation on Security. • Getting rid of PenTestPuppies ;) • Threat Mitigation Workforce • Proper Security Education for Staffs and Executives [Left for you and thing You wanna add]
Share Your Experience Best Story will get a RedTeam Tool as a Gift !!!
I AM DONE !! Q & A

Recomendados

Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeamDan Vasile
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Trupti Shiralkar, CISSP
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamerJorge Orchilles
 

Recomendados

Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeamDan Vasile
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Trupti Shiralkar, CISSP
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamerJorge Orchilles
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team FrameworkAdrian Sanabria
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHaydn Johnson
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesomeSumedt Jitpukdebodin
 
Blue Team
Blue TeamBlue Team
Blue TeamNull Bhubaneswar
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyJorge Orchilles
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
Operationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitOperationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitSonatype
 

Mais conteúdo relacionado

Mais procurados

Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamMITRE ATT&CK
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHaydn Johnson
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyJorge Orchilles
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 

Mais procurados (20)

Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 
Blue Team
Blue TeamBlue Team
Blue Team
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue Divide
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpCon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 

Destaque

Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
Operationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitOperationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitSonatype
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
SAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - OverviewSAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - OverviewMatthias Steiner
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 

Destaque (13)

Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy
 
Operationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitOperationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and Profit
 
Sitnl 2012 erp security
Sitnl 2012 erp securitySitnl 2012 erp security
Sitnl 2012 erp security
 
Cyber_Defense_Presentation
Cyber_Defense_PresentationCyber_Defense_Presentation
Cyber_Defense_Presentation
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
SAP HANA Cloud Security
SAP HANA Cloud SecuritySAP HANA Cloud Security
SAP HANA Cloud Security
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security Testing
 
7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk 7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
SAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - OverviewSAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - Overview
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
 

Semelhante a Modern World Defensive Cyber Offense Red Teaming

Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySubramanian VE
 
Workshop on Cyber security
Workshop on Cyber security Workshop on Cyber security
Workshop on Cyber security Mehedi Hasan
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigationMehedi Hasan
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Bar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBarcamp Kerala
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaTheko Moima
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityTasnim Alasali
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
Cyber security and user privacy
Cyber security and user privacyCyber security and user privacy
Cyber security and user privacyJay Tripathy
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)HITCON GIRLS
 

Semelhante a Modern World Defensive Cyber Offense Red Teaming (20)

Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Workshop on Cyber security
Workshop on Cyber security Workshop on Cyber security
Workshop on Cyber security
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Bar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 Hacking
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
 
Cyber security
Cyber securityCyber security
Cyber security
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires Superhumans
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
Cyber security and user privacy
Cyber security and user privacyCyber security and user privacy
Cyber security and user privacy
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Cyber Security Fundamentals
Cyber Security FundamentalsCyber Security Fundamentals
Cyber Security Fundamentals
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 

Modern World Defensive Cyber Offense Red Teaming

  • 1. RED TEAM ENGAGEMENT Modern World Defensive Cyber Offense
  • 2. WHO THE HELL AM I ?? • A Hacker (Don’t know Bad or Good).. • Started as Scriptkiddies .. Now Professional…future Don’t know… • Freelance Penetration Tester (“Hacker For Hire“).. • Love Red Teaming, Network Pentesting and Exploit Development and Reverse Engineering.. • Others : Painter, Biker, Sharp Shooter (Trained) and A Farmer ;) Tweeter : @nu11_v0id Facebook: fb.com/lovelyindranil E-mail : indranilbanerjee21@gmail.com
  • 3. “Internet was never designed to be the backbone of a global economy” • Shift from a Deterministic to a Probabilistic Approach • Scale the Cost of Operating a Resilient Cyber Infrastructure • Take the Next Step: Artificial Intelligence • Skill Development and Research MODERN WORLD CYBER SECURITY
  • 4. • Identity Risks • Risks in Related to Web Applications • Risks in IoT • Infrastructure Security Risks • Cyber Wars (Internet Gang Wars) • Sponsored Cyber Espionage • StartUps are at Risks • Insider Threats • And so on……. MODERN WORLD CYBER SECURITY RISKS http://map.norsecorp.com/
  • 5. WHAT IS RED TEAM PENTESTING ? RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialized IT security experts. Hereby, security weaknesses in IT systems (e.g. networks, applications or devices) are uncovered and can be remedied.
  • 6. Why You Should Conduct ? Real world Testing to test you much secure your infrastructure is against Highly Skilled, Funded and Motivated Cyber Attacks A Pentesting that covers all type of testing “How Do You can put up a fight if you have never taken a punch”
  • 8. How To Red Team Engagement?
  • 9. Think like a “Sophisticated Attacker” and try to dig out the jewels (Sensitive Information) out from the organization to show the risks involved with their defense. Follow through different types of attack simulations to find the real value data and information possible. Outside of The Box Thinking
  • 11. Physical Security Testing • Lock picking • RFID Card cloning • Lan to VPN • Many others…
  • 12. External & Internal Network Exploitation
  • 13. Techniques & Tools • Remote Exploitation • 0-day attacks (Very Rear) • Attacking through Rouge AP • Attack on wireless Infrastructures to gain access • Attacking through Bluetooth • Browser based Attacks • Metasploit Browser based Exploitations • Java Applet Attacks • HTA Attacks • DNS Hijacking and Network Tunneling
  • 14. Web Application Attacks • Attacks against organizations CMS • Attacking Webmail to get internal user information • Attacking Internal Mail Servers • Hijacking Session Cookies • Embedding Reg Key • And Many more…..
  • 15. Social Engineering Attacks • Most Successful one • Social Engineering Toolkit (SET) • Metasploit • Maltego (Information Gathering) • Google Hacker Database • Etc……
  • 17. Indian Organizations at Risk • Increase rate of Cyber Attacks against Indian Organizations • Poor Cyber Defense • Lack of Cyber Awareness • Huge gathering of PentestPuppies • Poor balancing between Security and Business • Unsatisfied workforce  Internal Threat • And many more… (What you Say..!!)
  • 18. StartUps are at Risk • High Quality Intellectual Property • Big Potential (Not Aware of Security)  Theft  Failure • High Competition  ingress monitoring  Theft
  • 19. Mitigations • Cyber Awareness from the Elementary Level of Education • More Budget allocation on Security. • Getting rid of PenTestPuppies ;) • Threat Mitigation Workforce • Proper Security Education for Staffs and Executives [Left for you and thing You wanna add]
  • 20. Share Your Experience Best Story will get a RedTeam Tool as a Gift !!!
  • 21. I AM DONE !! Q & A