Hacking Self- defense - essential tools for · 2018-05-31 · Hacking Self-defense - essential...
Transcript of Hacking Self- defense - essential tools for · 2018-05-31 · Hacking Self-defense - essential...
-
Hacking Self-defense - essential tools for everyone
BC Security Day May 2018
-
2
What is Personal data?
Welcome – Over 20 years Cybersecurity experience
– Penetration Testing, Vulnerability Assessments, security
architecture reviews, Security Awareness Training
– Vice-President, ISACA Victoria Chapter
– Why I love my job Guy Rosario Manager, KPMG
Office: 778 587 7888 [email protected]
-
3
What is Personal data?
Agenda – What’s old is new
– Find it
– Fix it
– Run it
-
4 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
4 4
Fines up to €20.000.00 0 or 4% of
yearly revenues
Legal Obligation Reporting
Data Breaches
Data Protection
Officer
Right to be forgotten and data portability
Accountability of data
controller and data processor
Privacy Impact Assessment
and Privacy by Design
Data exchange with countries outside the EU
What’s old, is new… Physical Attacks
– Oldest tricks in the book
– Can be done anytime
– Can be automated
– Often overlooked
– Low-tech still works (Cables
N’Cards)
– Alarms on doors, anyone?
-
5 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
5 5
What’s old, is new… Physical Defenses
– Know what makes your
physical security look easy
– Doors need love
– Plates, bars and posts
– Know what makes people
look vulnerable
– Kill ‘em with kindness
– Do ask and do tell
-
6 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
6 6
What’s old, is new… Social Attacks
– Phishing emails
(most well-known)
– Vishing (One of the
most effective)
– OSINT (Least
Invasive)
-
7 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
7 7
What’s old, is new… Social Defense
– "What's your extension and email?"
– Know what's out there.
-
8 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
8 8
What’s old, is new… Network Attacks
– Old 10 year old network attacks (Layer 2/3)
– WPAD
– AD hidden objects
– SNMP
– NetBIOS
– Password cracking is WAYYY faster today
-
9 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
9 9
What’s old, is new… Network Defense
– L2/L3: Security is often "baked in" - Turn it on
– (Example Cisco guidance)
– https://www.cisco.com/c/dam/global/en_ae/assets/exposau
di2009/assets/docs/layer2-attacks-and-mitigation-t.pdf
– Know what's on your network (Asset Management)
– Find vulnerabilities BEFORE the bad guys do
– Gain visibility of a real-world attack (Ransomware example
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cisco.com_c_dam_global_en-5Fae_assets_exposaudi2009_assets_docs_layer2-2Dattacks-2Dand-2Dmitigation-2Dt.pdf&d=DwMFAg&c=0TzQCy9lgR5hSW-bDg5HA76y7nf4lvOzvVop5GM3Y80&r=UV2wdbsebbIA7HphDbBUBQ&m=6We5VC7ahDiFGe6QM01P7E14F3Y-RU7jrQYCgJs4nZ0&s=QHX8WbRY_FSrACtWy-tSrRCLROQ-kY8n3KhAnuurbEs&e=https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cisco.com_c_dam_global_en-5Fae_assets_exposaudi2009_assets_docs_layer2-2Dattacks-2Dand-2Dmitigation-2Dt.pdf&d=DwMFAg&c=0TzQCy9lgR5hSW-bDg5HA76y7nf4lvOzvVop5GM3Y80&r=UV2wdbsebbIA7HphDbBUBQ&m=6We5VC7ahDiFGe6QM01P7E14F3Y-RU7jrQYCgJs4nZ0&s=QHX8WbRY_FSrACtWy-tSrRCLROQ-kY8n3KhAnuurbEs&e=
-
10 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
10 10
Find it…
– Get visibility (Mac/Windows/*NIX)
– Open Source
– Low Cost
– Simple to use
-
11 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
11 11
Find it…
• Know the lay of the land • How many systems do you have? • What are their names and IP addresses? • What version of OS and software do they have? • What is happening on your network?
-
12 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
12 12
Find it… Example: Blacklisting
-
13 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
13 13
Find it… Example: DNS
-
14 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
14 14
Find it… Example: Network Flow
-
15 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
15 15
Find it… Example: Beacons
-
16 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
16 16
Find it… Example: TLS Sigs & Beacons
-
17 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
17 17
Find it… Example: Visibility
-
18 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
18 18
Find it… Example: Visibility
-
19 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
19 19
Find it… Example: Visibility
-
20 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
20 20
Find it… Example: Visibility
-
21 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
21 21
Find it… Example: Hidden AD Objects
– AD Object Detector tool
– Microsoft’s Guidance on
Hidden Folders etc…
– https://technet.microsoft.com/e
n-us/library/gg456494.aspx
– CrowdStrike - Bloodhound
https://technet.microsoft.com/en-us/library/gg456494.aspxhttps://technet.microsoft.com/en-us/library/gg456494.aspx
-
22 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
22 22
Fix it…
– These will give free advice on fixing things:
– OpenVAS
– Nessus (Community Version)
– Microsoft
– NIST
– OWASP Zap
-
23 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
23 23
Run it…
– I can only show you the path… you have to run it…
– Start with Security Awareness training (People)
– “Start slow and go…”
– VMs are easy and safe way to begin…
– Armitage
– Bro
– LogRhythm
– pfSense
– RITA
– Security Onion
– SELKS
– Etc.
– Eventually, dedicated resources (People, Technology)
-
Demo and/or Questions
14
Questions?
Hacking Self-defense - essential tools for everyoneSlide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19Slide Number 20Slide Number 21Slide Number 22Slide Number 23Slide Number 24