Practical Cyber Defense

Practical CyberDefense

By Paul Dutot

About me

● Co Founder of the CIISF

● Employed as an Ethical Security Consultant @ Logicalis Jersey

● Practice Offensive & Defensive Security for businesses at all verticals

Agenda

● Concepts I and II

● Stages 1-5 of a practical Cyber Defense with more demo's

● Resources

Questions at the end please

● Reverse & Bind Shells Demo

Concepts I“Attackers have months to prepare, defenders have minutes to react”

“This is not a security control !!!!”

Concepts II“Security is a journey”

“What are the bad guys trying to achieve?

Reverse & Bind Shells

Stage 1 – Buy In

● Appoint a 'Cyber' champion

● 'C' level Buy In

● Maintain a 'Cyber' risk register

● Do Security Awareness

Stage 2 - Reconnaisance

Some Forgotten Ones

Reconnaisance Aims

● To profile your organsiation

● In preparation for social enginering attacks and or email phishing

Reconnaisance - Mitigation

● Undertake reconnaisance to find public information

● Mitigate risk by takedown and creating contray information

● Test your defenses and train your users

Phishing is a big deal !!!

Stage 3 – Understanding AV

Is AV really protecting us - the case for and against

Stage 3 – AV Bypass

Demo - The case against

Stage 3 – The case for

We still need AV to protect us !

Stage 4 – Think outside the box

● Databases – They are the end game

● Web applications – Owasp Top 10

● UC Communications – TDos / Toll Fraud

● Data Encryption – Laptops / Desktops / Databases

Stage 5 – It's not if but whenSIEM – Security, Information& Event Monitoring

Stage 5 – SIEM

OSSIM SIEM – Free open Source SIEM Demo

Resources

Florida State● http://www.cs.fsu.edu/~redwood/OffensiveSecurity/

SANS Institute● http://www.sans.org/critical-security-controls/controls/

OWASP Top 10 - 2013● https://www.owasp.org/index.php/Top_10_2013-Top_10

Thank you – Any Questions?

Blog – http://cyberkryption.com

@cyberkryption

paul.dutot@je.logicalis.com

Practical Cyber Defense

Internet

Transcript of Practical Cyber Defense

IBM Cyber Defense threat.pdf

Cyber Endeavor Shaun M. Cavanaugh, CISSP ECJ62 - Cyber Defense Division

Critical Controls Of Cyber Defense

Integrated Active Cyber Defense file3 Integrated Active Cyber Defense This white paper has been prepared by Hexis Cyber Solutions and KEYW Corporation to outline the critical cyber

Ministry of Defense (MinDef) Cyber Defense Operation ...

Home cyber defense cyber alerts

Southeast Collegiate Cyber Defense Competition

Integrated Active Cyber Defense - Free Cyber Security Training … … · integrated Active Cyber Defense (ACD) solution, protecting federal agencies’ networks against nation-state

Cyber security and its defense

Vids Cyber Defense Visualization Project

Writing Sample on Cyber Defense Organization

CSS CYBER DEFENSE PROJECT Trend Analysis: Cyber …

Practical Security Guide to Prevent Cyber Extortion - Whitepaper... · Adaptive Defense 360 точно знает, является ли процесс вредоносным или

Cyber Attacks & Defense

Cyber Defense: three fundamental steps

Practical Cyber Threat-Based Defense Strategies for ......© 2016 The MITRE Corporation ALL RIGHTS RESERVED. Approved for Public Release; Distribution Unlimited (15-4033) Practical

511 Cyber Defense Analyst - Cyber Career Pathway · 2021. 2. 1. · 1 511-CYBER DEFENSE ANALYST ... - 521-Cyber Defense Infrastructure Spt. Spec – 13% - 332-Cyber Ops Planner –

Practical Defense

AI in Cyber Defense

Cyber threats landscape and defense