hidden vulnerabilities

Similar documents
CompTIA Cybersecurity Analyst+

A Passage to Penetration Testing!

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Principles of ICT Systems and Data Security

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

CYBER SECURITY AND MITIGATING RISKS

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Cybersecurity The Evolving Landscape

Cyber Security. Our part of the journey

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

Device Discovery for Vulnerability Assessment: Automating the Handoff

Exposing The Misuse of The Foundation of Online Security

CyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET

ANATOMY OF AN ATTACK!

Quick Lockdown Guide. Firmware 6.4

locuz.com SOC Services

Getting over Ransomware - Plan your Strategy for more Advanced Threats

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

Pass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Ingram Micro Cyber Security Portfolio

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

CASE STUDY. How 16 Penetration Tests Missed A Vulnerability Which Could ve Cost One Company Over $103 Million In PCI Fines

CYBERSECURITY PENETRATION TESTING - INTRODUCTION

Cyber security tips and self-assessment for business

Cyber Security. Building and assuring defence in depth

Penetration Testing! The Nitty Gritty. Jeremy Conway Partner/CTO

The GenCyber Program. By Chris Ralph

Managing an Active Incident Response Case. Paul Underwood, COO

10 FOCUS AREAS FOR BREACH PREVENTION

CPTE: Certified Penetration Testing Engineer

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Security

Frequently Asked Questions WPA2 Vulnerability (KRACK)

CompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/

Penetration testing a building automation system

BUILDING AND MAINTAINING SOC

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

align security instill confidence

SHA-1 to SHA-2. Migration Guide

the SWIFT Customer Security

RiskSense Attack Surface Validation for Web Applications

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

THE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT

Security Gaps from the Field

Curso: Ethical Hacking and Countermeasures

Chapter 4. Network Security. Part I

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cybersecurity Today Avoid Becoming a News Headline

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Imperva Incapsula Website Security

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

The Four Pillars of Modern Vulnerability Management

Internet infrastructure

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Practical SCADA Cyber Security Lifecycle Steps

Chapter 5: Vulnerability Analysis

How NOT To Get Hacked

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Automating the Top 20 CIS Critical Security Controls

Endpoint Protection : Last line of defense?

PrecisionAccess Trusted Access Control

AAD - ASSET AND ANOMALY DETECTION DATASHEET

Certified Ethical Hacker V9

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

How Breaches Really Happen

IoT & SCADA Cyber Security Services

What every IT professional needs to know about penetration tests

J. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering

Introduction to Ethical Hacking. Chapter 1

Multistage Cyber-physical Attack and SCADA Intrusion Detection

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

The 3 Pillars of SharePoint Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SECURITY TESTING. Towards a safer web world

Building Trust in the Internet of Things

VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID:

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

Security+ SY0-501 Study Guide Table of Contents

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBERSECURITY RISK LOWERING CHECKLIST

A Model for Penetration Testing

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Transcription:

hidden vulnerabilities industrial networks in 30 minutes

Cyber Security introduction Frank Kemeling Certified Ethical Hacker [CEH] EC-Council Certified Security Analyst [ESCA] Licensed Penetration Tester [LPT] OSSTMM Professional Security Tester [OPST] Manager BrainCap Cyber Security Industrial Cyber Security

Cyber Security introduction What is hacking and how does it work? What are vulnerabilities and how do we find them? Visibility and Control Security Operations Center Demo Industrial Cyber Security

Cyber Security Definition of hacking

Cyber Security Definition of hacking Intentionally accessing a computer without authorization or exceeding authorized access

Cyber Security Mindset of a hacker

Cyber Security Types of hackers White hat Grey hat Black hat Hacktivist Script Kiddie

Cyber Security Phases of ethical hacking Phase 1 - Reconnaissance Phase 2 - Scanning Phase 3 - Gaining Access Phase 4 - Maintaining Access Phase 5 - Covering Tracks

Cyber Security Cyber Crime Facts average discovery time breach is > 200 days 57 million paid in case of ransomware 2010 2015 23 million paid in case of ransomware 2015 209 million paid in Q1 2016 70% data loss by inside jobs social engineering a hackers favorite increase hacking IoT devices increase hacking ICS/SCADA devices 2010 - Stuxnet 2015 - BlackEnergy3 2016 - Crash Override (Industroyer)

Cyber Security Internet of Things

Internet of Things I.o.T. where the: S stands for Security P stands for Privacy

Internet of Things Internet of Targets? Internet of Trouble? Internet of Toys?

Internet of Things idiot! I Don t I.o.T.

Internet of Things XiongMai Technologies - Sold to downstream vendors - Millions of devices - Hard coded credentials

ICS\SCADA Industrial Control Systems Supervisory Control and Data Acquisition

ICS\SCADA devices SIEMENS ALLEN BRADLEY HIRSCHMANN

Vulnerable ICS\SCADA device ESC 8832 Data Controller - Web-based SCADA system - Not possible to upgrade firmware - Multiple vulnerabilities - Publicly available exploits - Commonly used product

Gain info about target OS, Applications, Environment, Users, Social Media Known vulnerabilities? CVE-database, SHODAN, Google Hacking Database, Passwords Exploits available? Passwords? Common mistakes? Exploit and/or gain access Install backdoor or Crypto Currency Miner, Create user, Steal data Patch vulnerability Cover tracks remove log entries Keep for own use or sell compromised target on Darkweb industrial networks How does it work?

How does it work? https://www.exploit-db.com

How does it work? https://www.shodan.io

How does it work? https://haveibeenpwned.com

How does it work? Implant device with 4G SIM to call home

How does it work? Implant device with VPN to call home

How does it work? Steal credentials with Man in the Middle attack

VPN Cloud Office industrial networks Visibility and Control ICS/SCADA VPN 2FA Vulnerability Scanner

Visibility and Control Next Generation Firewalls Next Generation Endpoint Protection Vulnerability Management Security Policy Security Awareness

Visibility and Control Next Generation Firewalls Port open/closed Traffic monitoring Threat prevention Exploit protection Anomaly detection User ID Application ID Alerting

Visibility and Control Next Generation Endpoint Protection Signature based Traffic monitoring Threat prevention Exploit protection Anomaly detection Alerting TRAPS

Visibility and Control Vulnerability Management Unknown Vulnerabilities Known Vulnerabilities Patch management Risk Management Compliancy Passive Vulnerability Scanning

Visibility and Control Security Policy and Security Awareness No protection System is missing patches No policy awareness or enforcement No security awareness Click on all links Use of weak passwords Use of the same passwords multiple times Protected secure environment System is up-to-date Policy enforcement Security awareness Use of strong unique passwords Use of Two Factor Authentication

Remediation Security assessment Security Assessment discover vulnerabilities identify and prioritize security risks technical-, social- and operational PEN-test business risk based executive report detailed technical report and advise ec-council certified personnel international methodology

Remediation - Controls Security Network Monitoring risk mitigation incident response ISO2700x, PCI vulnerability assessment weekly security incident report monthly compliance report

Security Operations Centers Beverwijk Bosschenhoofd

MyHomeNetwork??? FreeWiFi KPN Fon mcdonalds MyHomeNetwork industrial networks Demo Browser history Passwords Cookies Form data Images

Thank you for your time! Better safe than sorry

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback