Offensive Security. Learn to think as an attacker. The aim of this talk is to discover why and how you can use OS X and vsphere together
|
|
- Doris Glenn
- 6 years ago
- Views:
Transcription
1 Offensive Security Learn to think as an attacker The aim of this talk is to discover why and how you can use OS X and vsphere together
2 Yoann Gini System & Network Administrator Security OS X Server Network Architecture SmartCard Services Reverse Engineering Hacking As a system and network administrator, I work a lot on topics related to OS X, OS X Server, security and scaling. You can usually find my in the usual suspects for topics related to OS X Server like Security, Network Architecture, SmartCard Services, Reverse Engineering and Hacking.
3 Yoann Gini Software Developer Mobile Certificates Radius Admin Tools Hello IT ARD Inspector VPN Admin Tools DockServiceManager I m also a hobbyist software developer. I ve created tools like Hello IT, ARD Inspector, Mobile Certificates and Radius/VPN Admin Tools.
4 Overview What we won t cover Workshop goals and restrictions Overview of an Information System Big steps and tasks during an offensive Funny hands-on This workshop will be focused on offensive security. During the whole day you will discover how to think as an attacker. The first part is dedicated to talks between all of us, to draw a common picture of what s an offensive can be. So, during this part, feel free to grab a mic and interrupt me. I expect this workshop to be a exchange between all of us. The second part will be a more tech and funny part, we will try to hack an OS X VM specially crafted for this workshop. This whole workshop is an introduction. We wont cover everything.
5 What we won t cover I said Offensive Security, nothing else This workshop wont be a list of attack and counter. The goal is to understand how to think as an attacker.
6 We won t talk about Brands Antivirus IDS/IPS/NG Firewall So don t except or ask anything related to which brand is better, if AV is working or not, or even what if we have an IDS/IPS/NGFW. All security tools are here to increase the cost of an intrusion, not make it impossible. So what ever the cost of your fancy security product, you must be able to understand how to break, what it cost in time, info and money, and what happen to you when it will be broken.
7 We won t talk about Countermeasures Defensive patterns Also, we won t cover subjects related to counter mesure and defensive patterns. Everything we can tell on this subject is highly related to the security level you re looking for. Depending of your value your defense and counter will change. Some company don t really care if something is stollen as long as they are still able to use their IS, they only real risk is related to cryptovirus. Some other are too valuable and will face trained attacker hired by private company or governments. Defense depend of who you are, way to break into your IS depend of the attacker and common pattern can be found. Discovering those attack pattern will help you to make your choice in the defensive arsenal.
8 Workshop goals I see weakness, weakness everywhere
9 Workshop goals Train your mind to see weakness in structure Think about hacking opportunities first Understand patterns and steps involved in an attack My goal is simple, at the end of the day you should be able to start thinking about hacking opportunities in everything you see. In every other session you will see this week, you should think first about how what you will learn can be used against you. You will also learn big steps linked to an attack. This will help you to protect your informations by giving you the capability to judge the value of an information for an attacker.
10 In resumé, I won t show anything to be a nice guy. Don t expect anything nice to show to your boss from this workshop.
11 Don t expect anything nice to show to your boss from this workshop.
12 Restrictions If you stay, you agree As you ve understand now, we won t speak about harmless things. So some restrictions apply if you want to follow this workshop.
13 Restrictions Practice only against provided VM Don t play with and on the PSU WiFi Don t break into attendees systems Hands-on must be practiced only against provided VM and nothing else. You must not do anything against the PSU network or other devices connected to the PSU network. You must not do anything against other attendees devices.
14 Restrictions Report all security issues discovered on a live system And be prepared to explain why you discovered that If you find a security issue during this workshop, report immediately. And you will have to explain why, by the hell, you ve found it.
15 If you don t agree with that, please leave the room now. Most of time, offensive course lead to unacceptable behavior after the session. PSU team has been nice enough to accept to host this kind of workshop, so I expect good behavior from all of you.
16 Information System Overview Sources of weaknesses since 1970 During this part we will talk about common IS setup and what does it means for an attacker
17 Information System Overview Common Network Area Internet Remote users over VPN Internal users Servers Internet: some services might be publicly exposed, this can be a potential weakness leading to remote shell. A lot of example exist with Joomla and Wordpress for example. Business related service might have even more weaknesses. Remote users via VPN: common security practices imply VPN access for remote users, but common mistake exist, like allowing access to the whole private network for remote users. Getting access to users credentials for VPN services mean most of time full access to everything, even router and switch admin interface with default password. Internal users: common security mistake is to consider internal resources as secure, because they are on LAN. Social engineering against internal users might lead attacker to easily gain access to internal services. Also, people using laptop might be infected while they are outside the company and then, give access to the full network when they are back. Servers: they might be on a separate network zone with dedicated security access list, or maybe not. It s not uncommon to see admin services available from the whole private network. Or even worst, exposed directly to the internet. A mix of all those scenario can be used to pivot from one computer to an other an finally reach the goal.
18 Information System Overview Less Common Network Area Internal users by access level Servers by security level Internal users over VPN In a more secure setup, servers and internal users can be grouped by access level. Users can be authenticated via 802.1x then to be sorted in VLAN per departments. Then, internal routers can apply security restriction, allowing departments to reach on the IP level only authorized services on authorized servers. In advanced security scenario, some internal services might be accessible only after an internal VPN authentication. This would allow a bridge between two isolated networks and still protect the secure area from network scan started from the common area.
19 Information System Overview Common Services File Sharing , contacts and calendars IP Phone Share points are the common target during an attack. It contain most of the valuable informations in the company. Common mistake is related to access right. Too many company consider that CEO and director boards must access to all data. And most of time, the same list of people are the most unskilled people, with weakest password, unable to detect fraud and social engineering. In resumé, they have access to every informations in company and are the less capable to defend themselves. File Sharing can also be used as source for propagation for malware. Cryptovirus can be run on the internet, targeting anything they can and asking for money in exchange of the decryption key. and other collaboration services are valuable targets too. contains secrets, contracts and orders. Collecting them allow an attacker to understand the chain of subordination in the company. If the company is used to transmit important order (like secret disclosure, wire transfer, account creation ) by with S/MIME or GPG signature, it can be easily spoofed. IP Phone on shared network are really interesting, we can wiretap the whole company communication with them.
20 Information System Overview Close to be Common Services Cloud services On premises services Business services hosted «on the cloud» are really interesting, especially those specialized on a specific business market. It s a trend nowadays to develop fancy new tools and provide it only as a service and hosted by the editor. Customer need to pay every month to keep access to they data and it s supposed to be more reliable. In 2015 we ve seen many big player like LinkedIn or Adobe being hacked, with all they account stollen. So, can we expect that a new player, smaller, seeking for incomes will have better security team? And can we expect that this new player, making buzz, rising money and hosting valuable data from many customers won t be a valuable target? If we assume that everything always have weaknesses, what s the most secure? Centralize everything in the same safe room and expect that the guard will do their job? Or spread the values in multiple location with ad-hoc security services? On permise servies seems to be interesting because, even if the service is weak, internal hosting allow additional security services around it. But that mean money and team to manage it everyday. The risk is big to setup things correctly at the beginning and never touch it again.
21 Information System Overview Computer based/related informations not linked to IS Social network profiles from employees Public code repo from employees Tech related afterwork (i.e.: CocoaHeads) Good people speak too much! If you ve value in your company, odds are good that your employee are good, and if they are good that mean they exchange a lot with other people doing the same work, they may share personal projects on github or present topics at tech conferences.
22 Steps & Tasks for an Offensive Proceed with caution Now we will speak about steps and tasks involved in an offensive. I ve written some example and I expect you give others. So, what s the first thing you ve to do when you attack someone?
23 Passive Information Gathering First step: passive information gathering. Your goal is to collect as much informations as possible on your target without touching the target. Give me some source you can use to collect informations and why it can be useful.
24 Passive Information Gathering Employee profiles: Tech used by the company Job offers: Point of entry, missing resources Device on public Wi-Fi: Naming convention Pub close to office: Listen to employees talks
25 Passive Information Gathering Employees habits: Get closer to vulnerable people Internet Registers: IP range used Building entrance: Identify recurring contractors Road warriors: Shoulder surfing
26 Active Information Gathering Second step: active information gathering. Your goal is to complete the knowledge you ve on your target by connecting to target services. Give me some things you can do on a target to improve your knowledge.
27 Active Information Gathering Device on public Wi-Fi: Sniff for services used remotely Device on public Wi-Fi: Scan for management services IP Range: Scan for live servers and services Dumpster diving: Old docs, contracts, s
28 Active Information Gathering Pub / Employees habits: Make them talk about IT Job offer: Talk with CTO and team, look for weakness Contractors: Weakest IS? Important turnover? Road warriors: Access to devices (train, coffee )
29 Gaining Access So, now you ve as much informations as possible. What kind of operation you can do?
30 Gaining Access Social engineering (CEO fraud, fake IT call) Device access on a train Default or weak password on public services Don t jump directly on the tech things, humans are weakest than everything else. So start by that.
31 Gaining Access Install hidden Wireless Access Point MicroPC with VPN over 4G Software weakness to break into If humans don t expose the weakness you needs, maybe you can try to gain access to target office during public visits or job interview and plant a remote access tool. And of course, you can run into hacking scenario and target software weakness.
32 Gaining Access Install remote access tools to maintain access And don t forget, when you ve break into your target, you need to plant a permanent remote access tool. The weakness you ve use might be corrected in the futur, so find a creative way to get access to your target even.
33 Cover your tracks If you don t get caught during the offensive, try to avoid being caught after, when the forensic team will try to found what you did and how you did it.
34 Cover your tracks Remove all installed tools and accounts Clear logs So, this might mean, break into the syslog server
35 Hands-on Let s write payloads and break into a Mac!
36 Hands-on Write a reverse shell Your first goal today will be to write a reverse shell. It must run at load and call your hacking server (your Mac) to give you a shell.
37 Reverse Shell Target must call your server to avoid firewall
38 Reverse Shell IN OUT
39 Reverse Shell 2001:db8::ff00:42:8329 from: 2001:db8::ff00:42:8329 to: 2001:db8:0:85a3::ac1f:8001 «Give me a shell» 2001:db8:0:85a3::ac1f:8001
40 Reverse Shell 2001:db8::ff00:42:8329 from: 2001:db8:0:85a3::ac1f:8001 to: 2001:db8::ff00:42:8329 «I want to give you a shell» 2001:db8:0:85a3::ac1f:8001
41 Reverse Shell Listen on your server Start a program on the target to send a shell
42 Hands-on Write a privilege escalation script for Now you need a way to move from a standard user to a root one. Hopefully the target use a old and weak system :)
43 Privilege Escalation From standard user to root Now you need a way to move from a standard user to a root one. Hopefully the target use a old and weak system :)
44 Privilege Escalation Service Running as Root Root Standard User Command with sticky bit Request form standard user Now you need a way to move from a standard user to a root one. Hopefully the target use a old and weak system :)
45 Privilege Escalation Find a breach in a process run as root Execute code from this process Now you need a way to move from a standard user to a root one. Hopefully the target use a old and weak system :)
46 Hands-on You re on a train Target starts computer and goes to bathroom You want the user s password
47 Get User s Password Auto Login Open the session and unlock the keychain Password must be accessible in clear text
48 Get User s Password Understand auto login Find password storage Reverse the encoding
49 Hands-on Target comes to a conference, collect USB key with commercial docs inside Fool the target to run a script and create an admin user
50 Fake PDF When malicious things are done, clear your tracks Use developer skills to forge a fake PDF to run script User must read a PDF in the end
51 Hands-on You re on a public Wi-Fi with the target Identify target IP Spoof the munki server to install your payload
52 Spoof Munki Server DNS «Who is munki.acme.com?»
53 Spoof Munki Server Start MiTM attack Analyse trafic to find munki s URL Can use DNS, mdns or direct IP addressing Interact with target to redirect munki s URL
54 ?
55 Subject Presenter Room Date Blue Team 101: Building Defensible Systems Related talks Daniel Griggs 206 Security Apple 207 Building Defensible OS X Systems (Advanced) Daniel Griggs Deans Hall I Tuesday 10:45 Wednesday 09:00 Wednesday 10:45
56 Additional resources Story of the Hacking Team takedown Kevin Mitnick books: The Art of Intrusion The Art of Deception
57 Thank you!
How to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation
ALTITUDE DOESN T MAKE YOU SAFE Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation CYBER SECURITY IS THE GREATEST THREAT TO EVERY COMPANY IN THE WORLD. IBM CEO GINNI ROMETTY SD
More informationSystem Structure. Steven M. Bellovin December 14,
System Structure Steven M. Bellovin December 14, 2015 1 Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin December 14, 2015
More informationCLIENT ONBOARDING PLAN & SCRIPT
CLIENT ONBOARDING PLAN & SCRIPT FIRST STEPS Receive Order form from Sales Representative. This may come in the form of a BPQ from client Ensure the client has an account in Reputation Management and in
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationCLIENT ONBOARDING PLAN & SCRIPT
CLIENT ONBOARDING PLAN & SCRIPT FIRST STEPS Receive Order form from Sales Representative. This may come in the form of a BPQ from client Ensure the client has an account in Reputation Management and in
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More informationState of the. Union. (or: How not to use Krebs as an IDS ) (Information Security) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges
State of the (Information Security) Union (or: How not to use Krebs as an IDS ) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges My background IT Systems / Network Administrator for City
More informationDesigning a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,
Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10, 2007 1 Some of Our Tools Encryption Authentication mechanisms Access
More informationAbout The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants
November 3, 2017 Hacker HiJinx-Human Ways to Steal Data Who We Are? Ethical Hackers & Security Consultants Respond To Incidents & Breaches Perform Digital Forensic Investigations Data Mine Internet Intelligence
More informationEasyLogin. Intro to the Alpha version
EasyLogin Intro to the Alpha version Yoann Gini System & Network Administrator As a system and network administrator, I work on a lot on topics related to OS X, OS X Server, security and scaling. You can
More informationHow to Stay Safe on Public Wi-Fi Networks
How to Stay Safe on Public Wi-Fi Networks Starbucks is now offering free Wi-Fi to all customers at every location. Whether you re clicking connect on Starbucks Wi-Fi or some other unsecured, public Wi-Fi
More informationGAQM Exam CEH-001 Certified Ethical Hacker (CEH) Version: 6.0 [ Total Questions: 878 ]
s@lm@n GAQM Exam CEH-001 Certified Ethical Hacker (CEH) Version: 6.0 [ Total Questions: 878 ] Topic 1, Volume A GAQM CEH-001 : Practice Test Question No : 1 - (Topic 1) Which of the following countermeasure
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationHome Computer and Internet User Security
Home Computer and Internet User Security Lawrence R. Rogers Version 1.0.4 CERT Training and Education Networked Systems Survivability Software Engineering Institute Carnegie Mellon University Pittsburgh,
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationSIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels
Network Security - ISA 656 Voice Over IP (VoIP) Security Simple SIP ing Alice s Bob Session Initiation Protocol Control channel for Voice over IP (Other control channel protocols exist, notably H.323 and
More informationOPSEC and defense agains social engineering for devels, execs, and sart-ups
OPSEC and defense agains social engineering for devels, execs, and sart-ups @KirilsSolovjovs on twitter http://kirils.org for more Mg.sc.comp. Kirils Solovjovs Possible Security Problem: Social Engineering
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationSO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY
SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY www.securelink.net BACKGROUND Macro trends like cloud and mobility change the requirements for endpoint security. Data can
More informationThe tale of one thousand and one ADSL modems
The tale of one thousand and one ADSL modems Fabio Assolini, Malware Researcher, twitter.com/assolini Virus Bulletin 2012 Dallas, USA PAGE 2 If we can t attack a computer or a server, we ll attack a router
More informationSCALE 15x (c) 2017 Ty Shipman
Please view my linked-in page (under See more) to get a copy of this presenta
More informationImproving Your Network Defense. Joel M Snyder Senior Partner Opus One
Improving Your Network Defense Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Improving Your Network Defense What s the Thesis? Intrusion Detection Collecting Information Enabling Features
More informationshortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge
shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically
More information200 IT Security Job Interview Questions The Questions IT Leaders Ask
200 IT Security Job Interview Questions The Questions IT Leaders Ask IT security professionals with the right skills are in high demand. In 2015, the unemployment rate for information security managers
More informationWireless Network Security
Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationctio Computer Hygiene /R S E R ich
Computer Hygiene Protect Yourself You don't want to be part of the problem If there is a serious attack, you want your systems to be clean You rely on your systems on the air these days Packet NBEMS Logging
More informationEthical Hacking and Countermeasures V7
EC-Council EC1-350 Ethical Hacking and Countermeasures V7 Version: 4.4 Topic 1, Volume A QUESTION NO: 1 Which of the following countermeasure can specifically protect against both the MAC Flood and MAC
More informationInstructions for Casual and Relief Staff
Instructions for Casual and Relief Staff Schools W: www.staffsync.nz E: support@staffsync.nz Ph: 0800 878623 Logging In Enter the email address and password you normally use with StaffSync. If using your
More informationIT & DATA SECURITY BREACH PREVENTION
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part 1: Reducing Employee and Application Risks CONTENTS EMPLOYEES: IT security hygiene best practice APPLICATIONS: Make patching a priority AS CORPORATE
More informationcs642 /introduction computer security adam everspaugh
cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationWhat action do you want to perform by issuing the above command?
1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?
More informationBecoming the Adversary
SESSION ID: CIN-R06 Becoming the Adversary Tyrone Erasmus Managing Security Consultant MWR InfoSecurity @metall0id /usr/bin/whoami Most public research == Android Something different today 2 Overview Introduction
More informationInstalling and Configuring the Voice UPB Bridge updated 22-Jan-2018
Installing and Configuring the Voice UPB Bridge updated 22-Jan-2018 Before starting these instructions, you should already have your Voice assistant installed and working. These instructions can be used
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationCybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple )
Cybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple ) Topics: Antivirus / DSSO/ Email Computer Backups Security On The Go Mobile Safety Your first line of defense
More informationSecurity Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment
Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Ray Colado, Information Security Analyst Raise awareness around information security to help
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationTo learn more about Stickley on Security visit You can contact Jim Stickley at
Thanks for attending this session on March 15th. To learn more about Stickley on Security visit www.stickleyonsecurity.com You can contact Jim Stickley at jim@stickleyonsecurity.com Have a great day! Fraud
More informationPersonal Physical Security
Security Essentials For Personal Personal Physical Security Lights at night and/or motion sensitive flood lights Cut your bushes so people can t hide behind them Lock your doors and windows (do a nightly
More informationCertificate-based authentication for data security
Technical white paper Certificate-based authentication for data security Table of Contents Introduction... 2 Analogy: A simple checking account... 2 Verifying a digital certificate... 2 Summary... 8 Important
More informationGSLC. GIAC Security Leadership.
GIAC GSLC GIAC Security Leadership TYPE: DEMO http://www.examskey.com/gslc.html Examskey GIAC GSLC exam demo product is here for you to test the quality of the product. This GIAC GSLC demo also ensures
More informationPersonal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018
Personal Internet Security Basics Dan Ficker Twin Cities DrupalCamp 2018 Overview Security is an aspiration, not a state. Encryption is your friend. Passwords are very important. Make a back-up plan. About
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security expert and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationClient Care Plan. Critical WordPress website care and support for your peace of mind, ongoing results & growth. So much more than just maintenance.
Find out more at: lovedadesign.co.uk Client Care Plan. Critical WordPress website care and support for your peace of mind, ongoing results & growth. So much more than just maintenance. WordPress Website
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationMastering Content Marketing
Mastering Content Marketing (while juggling 97 other tasks) Presented by: Danielle Gray Keep in Mind Be Social! Tweet using hashtag #ContentWhisperer @dgmarketingco Connect on LinkedIn: Danielle Gray,
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationEthical Hacking Series: 0x01 - Hacking Methodologies. JaxHax Makerspace Travis Phillips
Ethical Hacking Series: 0x01 - Hacking Methodologies JaxHax Makerspace Travis Phillips About Me Member of Jax Hax since it opened. Specializes in Ethical Hacking, IT Security, and penetration testing.
More informationWelcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:
Welcome Password Management & Public Wi-Fi Security Hosted by: Content by: Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 1:00 Welcome Foster & Motley Clients to Security Education
More informationMan-In-The-Browser Attacks. Daniel Tomescu
Man-In-The-Browser Attacks Daniel Tomescu 1 About me Work and education: Pentester @ KPMG Romania Moderator @ Romanian Security Team MSc. Eng. @ University Politehnica of Bucharest OSCP, CREST CRT Interests:
More informationSpam Protection Guide
Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationChapter 16: Advanced Security
: Advanced Security IT Essentials: PC Hardware and Software v4.0 1 Purpose of this Presentation To provide to instructors an overview of : List of chapter objectives Overview of the chapter contents, including
More informationIntroduction to Information Security Dr. Rick Jerz
Introduction to Information Security Dr. Rick Jerz 1 Goals Explain the various types of threats to the security of information Discuss the different categorizations of security technologies and solutions
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationTexSaw Penetration Te st in g
TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This
More informationA MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE
SESSION ID: SPO2-W12 A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE Frank Bunton VP, CISO MedImpact Healthcare Systems, Security @frankbunton Larry Biggs Security Engineer III - Threat
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationWelcome. ScrogginsGrear clients. to Cybersecurity Education Series. Password Management & Public Wi-Fi Security
Welcome ScrogginsGrear clients to Cybersecurity Education Series Password Management & Public Wi-Fi Security Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 1:00 Welcome ScrogginsGrear
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationVoice over IP. What You Don t Know Can Hurt You. by Darren Bilby
Voice over IP What You Don t Know Can Hurt You by Darren Bilby What is VoIP? Voice over Internet Protocol A method for taking analog audio signals, like the kind you hear when you talk on the phone, and
More informationSIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK.
SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK www.alienvault.com A Rose By Any Other Name SLM/LMS, SIM, SEM, SEC, SIEM Although the industry has settled on
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationINTERNET SAFETY IS IMPORTANT
INTERNET SAFETY IS IMPORTANT Internet safety is not just the ability to avoid dangerous websites, scams, or hacking. It s the idea that knowledge of how the internet works is just as important as being
More informationCyber Security Basics. Presented by Darrel Karbginsky
Cyber Security Basics Presented by Darrel Karbginsky What s to come In the following slides I am going to discuss amongst other things and in no particular order things to enlighten, frighten, educate,
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationCOMPLETING THE PAYMENT SECURITY PUZZLE
COMPLETING THE PAYMENT SECURITY PUZZLE An NCR white paper INTRODUCTION With the threat of credit card breaches and the overwhelming options of new payment technology, finding the right payment gateway
More informationDesign your network to aid forensics investigation
18th Annual FIRST Conference Design your network to aid forensics investigation Robert B. Sisk, PhD, CISSP Senior Technical Staff Member IBM Baltimore, Maryland USA Master Outline Introduction Incident
More informationPREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation
PREPARE & PREVENT The SD Comprehensive Cybersecurity Portfolio for Business Aviation SD CYBERSECURITY SERVICES At SD, security isn t a slogan, it is our culture. Just because you are in a business jet
More informationHacking Air Wireless State of the Nation. Presented By Adam Boileau
Hacking Air Wireless State of the Nation Presented By Adam Boileau Introduction Wireless in 2006 802-dot-what? Threats to Wireless Networks Denial of Service Attacks against Authentication Attacks against
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationOne of the fundamental kinds of websites that SharePoint 2010 allows
Chapter 1 Getting to Know Your Team Site In This Chapter Requesting a new team site and opening it in the browser Participating in a team site Changing your team site s home page One of the fundamental
More informationfalanx Cyber Falanx Cyber Awareness Training: Educating your staff
falanx Cyber Falanx Cyber Awareness Training: Educating your staff Contents What is Cyber Security Awareness Training? 3 Why choose Falanx for your awareness training? 4 Types of training 5 Testimonials
More informationProtecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series
Protecting your Data in the Cloud Cyber Security Awareness Month Seminar Series October 24, 2012 Agenda Introduction What is the Cloud Types of Clouds Anatomy of a cloud Why we love the cloud Consumer
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationInstalling and Configuring the Voice UPB Bridge updated 1-Jan-2019
Installing and Configuring the Voice UPB Bridge updated 1-Jan-2019 Before starting these instructions, you should already have your Voice assistant installed and working. These instructions can be used
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationIncident Response Tools
Incident Response Tools James Madison University Dept. of Computer Science June 13, 2013 1 Introduction Being successfully attacked is inevitable. A determined hacker WILL be able to penetrate your network.
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : GSLC Title : GIAC Security Leadership Certification (GSLC) Vendors : GIAC
More informationHikCentral V.1.1.x for Windows Hardening Guide
HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote
More informationHow Secured2 Uses Beyond Encryption Security to Protect Your Data
Secured2 Beyond Encryption How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption Whitepaper Document Date: 06.21.2017 Document Classification: Website Location: Document
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation
SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 312-50v7 Title : Ethical Hacking and Countermeasures (CEHv7) Vendors : EC-COUNCIL
More informationStreamline IT with Secure Remote Connection and Password Management
Streamline IT with Secure Remote Connection and Password Management Table of Contents Introduction Identifying IT pain points Selecting a secure remote connection and password management solution Turning
More information68 Insider Threat Red Flags
68 Insider Threat Red Flags Are you prepared to stop the insider threat? Enterprises of all shapes and sizes are taking a fresh look at their insider threat programs. As a company that s been in the insider
More informationLookout's cybersecurity predictions
LOOKING FORWARD AND LOOKING BACK: Lookout's cybersecurity predictions by Kevin Mahaffey Every year, cybersecurity pundits cast predictions for which issues will make headlines in the year to come. We ve
More informationDER GOBBLE. Good Secure Crypto Wallet Practices. What is your wallet?
DER GOBBLE Good Secure Crypto Wallet Practices When it comes to crypto currencies and securing your money, the absolute best 99% guaranteed security for your wallets is YOU. You are the one that will expose
More information