TEACHING HACKERS TO HACK - Peoplepeople.cs.ksu.edu/~colecoop/cybersep/macc/presentations... ·...
Transcript of TEACHING HACKERS TO HACK - Peoplepeople.cs.ksu.edu/~colecoop/cybersep/macc/presentations... ·...
TEACHING HACKERS TO HACKto IMPROVE the security of our networks
Bill Swearingen CISSP / EMAW
http://www.lockpicking101.com
Thursday, October 27, 11
Send a text to 40404
“rt hevnsnt”Thanks to NTS, CABEM, @NQAUS, @KState, NISTAC, @CoRiskSolutions and all the sponsors for #CyberSeP!
Without quotes of course
THANK YOUR HOSTS
Thursday, October 27, 11
ABOUT MEDuring the day I manage an elite team of CyberSecurity experts protecting a local telco.
Our job is to catch hackers, unauthorized access, cyber-spies and to understand the latest threats.
One of the founders of the CCCKC HackerSpace.
I also serve as the VP of CyberSecurity for the FBI Infragard (KC Chapter), and host the Annual CyberRAID Exercise.
I like to train hackers on unauthorized access, cyber-spying and the latest threats. It’s like the circle of life really :)
Thursday, October 27, 11
-Confucius
“It does not matter how slowly you go so long as
you do not stop.”
Thursday, October 27, 11
TRADITIONAL TRAINING
Configuration and best practice oriented
Vendor training is very product focused
Specialized information security training (SANS, InfoSec Institute, Offensive Security, etc)
Information Security best practice
Security tools / Techniques
Thursday, October 27, 11
Ed Skoudis :: http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
Thursday, October 27, 11
To know your adversary’s weapons, is to know how to effectively
defend against them.
Thursday, October 27, 11
“The more you sweat in training, the less you will bleed in battle”
- Navy Seal Motto
Thursday, October 27, 11
CyberRAID
Regional
Attack and
Intrusion
Detection
An exercise putting the “best practices” to the test on a replicated
commercial network.
Thursday, October 27, 11
Since the exercise network is hosted on a private managed network that is not on the Internet, production data and systems are not at risk.
Thursday, October 27, 11
While securing an operational environment under attack, participants will also get the opportunity to
see how other teams handled similar circumstances.
Thursday, October 27, 11
Participants will better know the strengths and weaknesses of their people, processes,
policies and technology.
Thursday, October 27, 11
And understand how to better apply traditional training to
protect our real life networks.
Thursday, October 27, 11
AboutInformal meetup on the second Wednesday of the month for information security professionals to discuss topics of interest over some food and drinks.
Current location: Coach’s Bar & Grill414 W 103rd St, Kansas City, MO 64114 (I-435 and Wornall)
http://seckc.org
Thaisdays!
Every TUESDAY at
Thaiplace on 87th
CyberRAID
2012
Thursday, October 27, 11
QUESTIONS?
Bill Swearingen, CISSPTwitter: @hevnsntemail: [email protected]
Slides are available now:http://bit.ly/swe-cybersep2011
Thursday, October 27, 11