Hacking Self- defense - essential tools for · 2018-05-31 · Hacking Self-defense - essential...

Hacking Self-defense - essential tools for everyone

BC Security Day May 2018

2

What is Personal data?

Welcome – Over 20 years Cybersecurity experience

– Penetration Testing, Vulnerability Assessments, security

architecture reviews, Security Awareness Training

– Vice-President, ISACA Victoria Chapter

– Why I love my job Guy Rosario Manager, KPMG

Office: 778 587 7888 [email protected]

3

What is Personal data?

Agenda – What’s old is new

– Find it

– Fix it

– Run it

4 © 2018 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

4 4

Fines up to €20.000.00 0 or 4% of

yearly revenues

Legal Obligation Reporting

Data Breaches

Data Protection

Officer

Right to be forgotten and data portability

Accountability of data

controller and data processor

Privacy Impact Assessment

and Privacy by Design

Data exchange with countries outside the EU

What’s old, is new… Physical Attacks

– Oldest tricks in the book

– Can be done anytime

– Can be automated

– Often overlooked

– Low-tech still works (Cables

N’Cards)

– Alarms on doors, anyone?


5 5

What’s old, is new… Physical Defenses

– Know what makes your

physical security look easy

– Doors need love

– Plates, bars and posts

– Know what makes people

look vulnerable

– Kill ‘em with kindness

– Do ask and do tell


6 6

What’s old, is new… Social Attacks

– Phishing emails

(most well-known)

– Vishing (One of the

most effective)

– OSINT (Least

Invasive)


7 7

What’s old, is new… Social Defense

– "What's your extension and email?"

– Know what's out there.


8 8

What’s old, is new… Network Attacks

– Old 10 year old network attacks (Layer 2/3)

– WPAD

– AD hidden objects

– SNMP

– NetBIOS

– Password cracking is WAYYY faster today


9 9

What’s old, is new… Network Defense

– L2/L3: Security is often "baked in" - Turn it on

– (Example Cisco guidance)

– https://www.cisco.com/c/dam/global/en_ae/assets/exposau

di2009/assets/docs/layer2-attacks-and-mitigation-t.pdf

– Know what's on your network (Asset Management)

– Find vulnerabilities BEFORE the bad guys do

– Gain visibility of a real-world attack (Ransomware example

https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cisco.com_c_dam_global_en-5Fae_assets_exposaudi2009_assets_docs_layer2-2Dattacks-2Dand-2Dmitigation-2Dt.pdf&d=DwMFAg&c=0TzQCy9lgR5hSW-bDg5HA76y7nf4lvOzvVop5GM3Y80&r=UV2wdbsebbIA7HphDbBUBQ&m=6We5VC7ahDiFGe6QM01P7E14F3Y-RU7jrQYCgJs4nZ0&s=QHX8WbRY_FSrACtWy-tSrRCLROQ-kY8n3KhAnuurbEs&e=https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cisco.com_c_dam_global_en-5Fae_assets_exposaudi2009_assets_docs_layer2-2Dattacks-2Dand-2Dmitigation-2Dt.pdf&d=DwMFAg&c=0TzQCy9lgR5hSW-bDg5HA76y7nf4lvOzvVop5GM3Y80&r=UV2wdbsebbIA7HphDbBUBQ&m=6We5VC7ahDiFGe6QM01P7E14F3Y-RU7jrQYCgJs4nZ0&s=QHX8WbRY_FSrACtWy-tSrRCLROQ-kY8n3KhAnuurbEs&e=


10 10

Find it…

– Get visibility (Mac/Windows/*NIX)

– Open Source

– Low Cost

– Simple to use


11 11

Find it…

• Know the lay of the land • How many systems do you have? • What are their names and IP addresses? • What version of OS and software do they have? • What is happening on your network?


12 12

Find it… Example: Blacklisting


13 13

Find it… Example: DNS


14 14

Find it… Example: Network Flow


15 15

Find it… Example: Beacons


16 16

Find it… Example: TLS Sigs & Beacons


17 17

Find it… Example: Visibility


18 18



19 19



20 20



21 21

Find it… Example: Hidden AD Objects

– AD Object Detector tool

– Microsoft’s Guidance on

Hidden Folders etc…

– https://technet.microsoft.com/e

n-us/library/gg456494.aspx

– CrowdStrike - Bloodhound

https://technet.microsoft.com/en-us/library/gg456494.aspxhttps://technet.microsoft.com/en-us/library/gg456494.aspx


22 22

Fix it…

– These will give free advice on fixing things:

– OpenVAS

– Nessus (Community Version)

– Microsoft

– NIST

– OWASP Zap


23 23

Run it…

– I can only show you the path… you have to run it…

– Start with Security Awareness training (People)

– “Start slow and go…”

– VMs are easy and safe way to begin…

– Armitage

– Bro

– LogRhythm

– pfSense

– RITA

– Security Onion

– SELKS

– Etc.

– Eventually, dedicated resources (People, Technology)

Demo and/or Questions

14

Questions?

Hacking Self-defense - essential tools for everyoneSlide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19Slide Number 20Slide Number 21Slide Number 22Slide Number 23Slide Number 24

Hacking Self- defense - essential tools for · 2018-05-31 · Hacking Self-defense - essential...

Documents

Transcript of Hacking Self- defense - essential tools for · 2018-05-31 · Hacking Self-defense - essential...