Your SlideShare is downloading. ×
0
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Technology Security Through Absurdity: Lessons Learned
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Technology Security Through Absurdity: Lessons Learned

238

Published on

Dyn Director of Security Chris Brenton did a presentation in NYC regarding DNS security and how he learned some valuable lessons the absurd way.

Dyn Director of Security Chris Brenton did a presentation in NYC regarding DNS security and how he learned some valuable lessons the absurd way.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
238
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. Security Through Absurdity: Lessons Learned December 13th, 2013 Chris Brenton Director of Security @chris_brenton cbrenton@dyn.com
  2. Why Security Through Absurdity? Pg. 2 Security Through Absurdity: Lessons Learned @chris_brenton
  3. Because we need to enjoy life’s humorous moments Pg. 3 Security Through Absurdity: Lessons Learned @chris_brenton
  4. Two paths lie before you… Pg. 4 Security Through Absurdity: Lessons Learned @chris_brenton
  5. Enjoy the Journey •Find the humor “nuggets” •Leverage the life lessons •Grow and move forward Pg. 5 Security Through Absurdity: Lessons Learned @chris_brenton
  6. Let It Thin Your Soul “Like butter scraped over too much bread” Pg. 6 Security Through Absurdity: Lessons Learned @chris_brenton
  7. Rock The Gandalf Look By increasing the gray hair density Pg. 7 Security Through Absurdity: Lessons Learned @chris_brenton
  8. Rock The Gandalf Look By increasing the gray hair density I already have a 14 yr old daughter dedicated to that last task Pg. 8 Security Through Absurdity: Lessons Learned @chris_brenton
  9. Our Journey Begins Contracted as a security consultant Owner wants locked down VPN access to business Pg. 9 Security Through Absurdity: Lessons Learned @chris_brenton
  10. Security Requirements Normally disabled state Must call first to get access Must know IP address Pg. 10 Security Through Absurdity: Lessons Learned @chris_brenton
  11. More Security Requirements 2 Factor authentication Time limit on access Log and alert on everything! Pg. 11 Security Through Absurdity: Lessons Learned @chris_brenton
  12. First Day Onsite I show up early Pg. 12 Security Through Absurdity: Lessons Learned @chris_brenton
  13. First Day Onsite I show up early UPS arrives Pg. 13 Security Through Absurdity: Lessons Learned @chris_brenton
  14. First Day Onsite I show up early UPS arrives Retrieves key from under rock Pg. 14 Security Through Absurdity: Lessons Learned @chris_brenton
  15. First Day Onsite I show up early UPS arrives Retrieves key from under rock Lets themselves into building Pg. 15 Security Through Absurdity: Lessons Learned @chris_brenton
  16. Is This A Problem? Pg. 16 Security Through Absurdity: Lessons Learned @chris_brenton
  17. Is This A Problem? Key has been under rock for 5 years Pg. 17 Security Through Absurdity: Lessons Learned @chris_brenton
  18. Is This A Problem? Key has been under rock for 5 years Everyone knows its there Pg. 18 Security Through Absurdity: Lessons Learned @chris_brenton
  19. Is This A Problem? Key has been under rock for 5 years Everyone knows its there – “X” employees (including disgruntle ones) – All delivery couriers Pg. 19 Security Through Absurdity: Lessons Learned @chris_brenton
  20. Is This A Problem? Key has been under rock for 5 years Everyone knows its there – “X” employees (including disgruntle ones) – All delivery couriers – Even the local pizza parlor staff Pg. 20 Security Through Absurdity: Lessons Learned @chris_brenton
  21. Did I Forget to Mention… Business model was computer sales Pg. 21 Security Through Absurdity: Lessons Learned @chris_brenton
  22. Did I Forget to Mention… Business model was computer sales In excess of $15K in inventory Pg. 22 Security Through Absurdity: Lessons Learned @chris_brenton
  23. Did I Forget to Mention… Business model was computer sales In excess of $15K in inventory Nothing high risk saved on the corporate network Pg. 23 Security Through Absurdity: Lessons Learned @chris_brenton
  24. Security Task List Mitigate risks that could put you out of business next week Pg. 24 Security Through Absurdity: Lessons Learned @chris_brenton
  25. Security Task List Mitigate risks that could put you out of business next week Then move on to the week after that Pg. 25 Security Through Absurdity: Lessons Learned @chris_brenton
  26. Security Task List Mitigate risks that could put you out of business next week Then move on to the week after that Lather, rinse repeat Pg. 26 Security Through Absurdity: Lessons Learned @chris_brenton
  27. What Did Life Teach Me? Never assume a business risk analysis has been performed Pg. 27 Security Through Absurdity: Lessons Learned @chris_brenton
  28. What I Now Do Differently Don’t assume your contact understands their risks Perform a mini risk assessment Pg. 28 Security Through Absurdity: Lessons Learned @chris_brenton
  29. We implemented a great security solution… But don’t have resources to maintaining it Pg. 29 Security Through Absurdity: Lessons Learned @chris_brenton
  30. Case Study #2 Phishing test Pg. 30 Security Through Absurdity: Lessons Learned @chris_brenton
  31. Phishing Test Exercise Contracted to help IT test social engineering Test all employees via email Pg. 31 Security Through Absurdity: Lessons Learned @chris_brenton
  32. The Setup Pg. 32 Security Through Absurdity: Lessons Learned @chris_brenton
  33. The Results 13 of 450 employees hit reply Pg. 33 Security Through Absurdity: Lessons Learned @chris_brenton
  34. The Results 13 of 450 employees hit reply Sent their logon credentials Pg. 34 Security Through Absurdity: Lessons Learned @chris_brenton
  35. The Results 13 of 450 employees hit reply Sent their logon credentials Via plaintext email Pg. 35 Security Through Absurdity: Lessons Learned @chris_brenton
  36. The Results 13 of 450 employees hit reply Sent their logon credentials Via plaintext email To an unknown outside address Pg. 36 Security Through Absurdity: Lessons Learned @chris_brenton
  37. The Response Email sent from real IT account Pg. 37 Security Through Absurdity: Lessons Learned @chris_brenton
  38. The Response Email sent from real IT account Phishing test revealed Pg. 38 Security Through Absurdity: Lessons Learned @chris_brenton
  39. The Response Email sent from real IT account Phishing test revealed Detailed explanation Pg. 39 Security Through Absurdity: Lessons Learned @chris_brenton
  40. The Response Email sent from real IT account Phishing test revealed Detailed explanation Phishing email included as reference Pg. 40 Security Through Absurdity: Lessons Learned @chris_brenton
  41. What Happened Next? 19 people hit “reply” Pg. 41 Security Through Absurdity: Lessons Learned @chris_brenton
  42. What Happened Next? 19 people hit “reply” and sent their credentials Pg. 42 Security Through Absurdity: Lessons Learned @chris_brenton
  43. What Happened Next? 19 people hit “reply” and sent their credentials In response to an email telling them never to do this Pg. 43 Security Through Absurdity: Lessons Learned @chris_brenton
  44. Math Sanity Check… 13 < 19 Pg. 44 Security Through Absurdity: Lessons Learned @chris_brenton
  45. Root Cause Analysis “I just skipped to the executive summary” Pg. 45 Security Through Absurdity: Lessons Learned @chris_brenton
  46. What Did Life Teach Me? Email is the wrong medium for in-depth concepts How you convey info matters Pg. 46 Security Through Absurdity: Lessons Learned @chris_brenton
  47. What I Now Do Differently Consider the proper medium to convey required information Pg. 47 Security Through Absurdity: Lessons Learned @chris_brenton
  48. We rely on host-based security… To warn us when the host has been compromised Pg. 48 Security Through Absurdity: Lessons Learned @chris_brenton
  49. Case Study #3 Phishing Rev 2 Pg. 49 Security Through Absurdity: Lessons Learned @chris_brenton
  50. Phishing Attack Spoofed email from CEO Pg. 50 Security Through Absurdity: Lessons Learned @chris_brenton
  51. Phishing Attack Spoofed email from CEO Claims to point to a BBC article Pg. 51 Security Through Absurdity: Lessons Learned @chris_brenton
  52. Phishing Attack Spoofed email from CEO Claims to point to a BBC article Link prompts for email logon name and password Pg. 52 Security Through Absurdity: Lessons Learned @chris_brenton
  53. The Results 6 people are duped Pg. 53 Security Through Absurdity: Lessons Learned @chris_brenton
  54. The Results 6 people are duped Give away their logon name and password Pg. 54 Security Through Absurdity: Lessons Learned @chris_brenton
  55. The Results 6 people are duped Give away their logon name and password In order to read a news story Pg. 55 Security Through Absurdity: Lessons Learned @chris_brenton
  56. The Response Containment Pg. 56 Security Through Absurdity: Lessons Learned @chris_brenton
  57. The Response Containment 2 Factor authentication Pg. 57 Security Through Absurdity: Lessons Learned @chris_brenton
  58. The Response Containment 2 Factor authentication Followed by a huge education and awareness effort Pg. 58 Security Through Absurdity: Lessons Learned @chris_brenton
  59. What Was Included Email to all employees Pg. 59 Security Through Absurdity: Lessons Learned @chris_brenton
  60. What Was Included Email to all employees Internal blog entries Pg. 60 Security Through Absurdity: Lessons Learned @chris_brenton
  61. What Was Included Email to all employees Internal blog entries Updates to awareness training Pg. 61 Security Through Absurdity: Lessons Learned @chris_brenton
  62. What Was Included Email to all employees Internal blog entries Updates to awareness training Leverage the grape vine Pg. 62 Security Through Absurdity: Lessons Learned @chris_brenton
  63. Segway to 30 days later Pg. 63 Security Through Absurdity: Lessons Learned @chris_brenton
  64. Pentester Hired Measure results of education effort Pg. 64 Security Through Absurdity: Lessons Learned @chris_brenton
  65. Pentester Hired Measure results of education effort Mass email phishing test sent Pg. 65 Security Through Absurdity: Lessons Learned @chris_brenton
  66. The Results Good news!  Pg. 66 Security Through Absurdity: Lessons Learned @chris_brenton
  67. The Results Good news!  An order of magnitude improvement in people reporting the attack Pg. 67 Security Through Absurdity: Lessons Learned @chris_brenton
  68. The Results Bad News!  Pg. 68 Security Through Absurdity: Lessons Learned @chris_brenton
  69. The Results Bad News!  6 people failed the test Pg. 69 Security Through Absurdity: Lessons Learned @chris_brenton
  70. The Results Bad News!  6 people failed the test It’s a different 6 people 6=6 Pg. 70 Security Through Absurdity: Lessons Learned @chris_brenton
  71. What Did Life Teach Me? You Can Never Save Everyone Strive for 100% but have realistic (cost effective) expectations Pg. 71 Security Through Absurdity: Lessons Learned @chris_brenton
  72. What I Now Do Differently Awareness training is good A reward system motivates people to leverage what they learned Pg. 72 Security Through Absurdity: Lessons Learned @chris_brenton
  73. We have an Internet policy… But not a Bring Your Own Device policy. Pg. 73 Security Through Absurdity: Lessons Learned @chris_brenton
  74. Case Study #4 Product security evaluation Pg. 74 Security Through Absurdity: Lessons Learned @chris_brenton
  75. The Setup Contracted by a bank Pg. 75 Security Through Absurdity: Lessons Learned @chris_brenton
  76. The Setup Contracted by a bank Evaluate a new system they are considering for purchase Pg. 76 Security Through Absurdity: Lessons Learned @chris_brenton
  77. The Setup Contracted by a bank Evaluate a new system they are considering for purchase Hired to evaluate security Pg. 77 Security Through Absurdity: Lessons Learned @chris_brenton
  78. The Evaluation Pg. 78 Security Through Absurdity: Lessons Learned @chris_brenton
  79. The Evaluation Worst system ever!!! Pg. 79 Security Through Absurdity: Lessons Learned @chris_brenton
  80. The Evaluation Worst system ever!!! Hybrid that combines Windows and a mini computer Pg. 80 Security Through Absurdity: Lessons Learned @chris_brenton
  81. The Evaluation Worst system ever!!! Hybrid that combines Windows and a mini computer Got root 3 times in 20 minutes Pg. 81 Security Through Absurdity: Lessons Learned @chris_brenton
  82. 0wn3d During Preso Pg. 82 Security Through Absurdity: Lessons Learned @chris_brenton
  83. My Write Up Most pointed review I’ve written to date Pg. 83 Security Through Absurdity: Lessons Learned @chris_brenton
  84. My Write Up Most pointed review I’ve written to date Documented why the architecture was horribly flawed Pg. 84 Security Through Absurdity: Lessons Learned @chris_brenton
  85. My Write Up Most pointed review I’ve written to date Documented why the architecture was horribly flawed Can’t be patched! Pg. 85 Security Through Absurdity: Lessons Learned @chris_brenton
  86. Quick Factoid! The word “horrible” has over 50 synonyms Pg. 86 Security Through Absurdity: Lessons Learned @chris_brenton
  87. Quick Factoid! The word “horrible” has over 50 synonyms It is actually possible to use them all in a single professional documents Pg. 87 Security Through Absurdity: Lessons Learned @chris_brenton
  88. How The Bank Responded Pg. 88 Security Through Absurdity: Lessons Learned @chris_brenton
  89. How The Bank Responded They purchased the system Pg. 89 Security Through Absurdity: Lessons Learned @chris_brenton
  90. How The Bank Responded They purchased the system And opted for the premium support Pg. 90 Security Through Absurdity: Lessons Learned @chris_brenton
  91. How The Bank Responded They purchased the system And opted for the premium support Contract had already been signed Pg. 91 Security Through Absurdity: Lessons Learned @chris_brenton
  92. Convo With The Bank Me: Which part of “horribly insecure” did you not understand? Pg. 92 Security Through Absurdity: Lessons Learned @chris_brenton
  93. Convo With The Bank Bank: But we can migrate the data without any conversion costs! Pg. 93 Security Through Absurdity: Lessons Learned @chris_brenton
  94. Convo With The Bank Me: Sounds like you made up your mind ahead of time. Why did you have me evaluate the system? Pg. 94 Security Through Absurdity: Lessons Learned @chris_brenton
  95. Convo With The Bank Bank: We hoped you would like it. Pg. 95 Security Through Absurdity: Lessons Learned @chris_brenton
  96. What Did Life Teach Me? Not everyone understands “Security Speak” Pg. 96 Security Through Absurdity: Lessons Learned @chris_brenton
  97. What I Now Do Differently Tailor to your audience: Convert “security speak” to “risk” and “financial” lingo Pg. 97 Security Through Absurdity: Lessons Learned @chris_brenton
  98. We collect system logs… but no one actually looks at them Pg. 98 Security Through Absurdity: Lessons Learned @chris_brenton
  99. Case Study #5 The Epic battle of good and evil… Pg. 99 Security Through Absurdity: Lessons Learned @chris_brenton
  100. The Setup DNS SaaS company Pg. 100 Security Through Absurdity: Lessons Learned @chris_brenton
  101. The Setup DNS SaaS company Offers a “dynamic DNS” product Pg. 101 Security Through Absurdity: Lessons Learned @chris_brenton
  102. The Setup DNS SaaS company Offers a “dynamic DNS” product Great solution for cloud users Pg. 102 Security Through Absurdity: Lessons Learned @chris_brenton
  103. The Setup DNS SaaS company Offers a “dynamic DNS” product Great solution for cloud users Unfortunately can be used for evil Pg. 103 Security Through Absurdity: Lessons Learned @chris_brenton
  104. How The Bad Guys Operate Build an infrastructure of “Command and Control” servers Pg. 104 Security Through Absurdity: Lessons Learned @chris_brenton
  105. How The Bad Guys Operate Build an infrastructure of “Command and Control” servers These manage infections and propagate malware Pg. 105 Security Through Absurdity: Lessons Learned @chris_brenton
  106. How The Bad Guys Operate Build an infrastructure of “Command and Control” servers These manage infections and propagate malware The “brains” of the setup Pg. 106 Security Through Absurdity: Lessons Learned @chris_brenton
  107. C&C Infrastructure Designed to be fault tolerant Pg. 107 Security Through Absurdity: Lessons Learned @chris_brenton
  108. C&C Infrastructure Designed to be fault tolerant Kill one server, the rest take up the slack Pg. 108 Security Through Absurdity: Lessons Learned @chris_brenton
  109. C&C Infrastructure Designed to be fault tolerant Kill one server, the rest take up the slack Dynamic DNS provides redundancy if server is blocked or taken down Pg. 109 Security Through Absurdity: Lessons Learned @chris_brenton
  110. C&C Infrastructure Designed to be fault tolerant Kill one server, the rest take up the slack Dynamic DNS provides redundancy if server is blocked or taken down Can recover when a few servers are lost Pg. 110 Security Through Absurdity: Lessons Learned @chris_brenton
  111. Old IR Methodology Block the account Pg. 111 Security Through Absurdity: Lessons Learned @chris_brenton
  112. Old IR Methodology Block the account Black hole the host names Pg. 112 Security Through Absurdity: Lessons Learned @chris_brenton
  113. Old IR Methodology Block the account Black hole the host names Problem: If you don’t get the whole C&C network it can recover Pg. 113 Security Through Absurdity: Lessons Learned @chris_brenton
  114. New IR Methodology Research the account Pg. 114 Security Through Absurdity: Lessons Learned @chris_brenton
  115. New IR Methodology Research the account Help innocent clients recover their system from infection Pg. 115 Security Through Absurdity: Lessons Learned @chris_brenton
  116. New IR Methodology Research the account Help innocent clients recover their system from infection When evil, play cat and mouse  Pg. 116 Security Through Absurdity: Lessons Learned @chris_brenton
  117. New IR in Practice Account created from Russia Pg. 117 Security Through Absurdity: Lessons Learned @chris_brenton
  118. New IR in Practice Account created from Russia Ticked boxes as a suspect account Pg. 118 Security Through Absurdity: Lessons Learned @chris_brenton
  119. New IR in Practice Account created from Russia Ticked boxes as a suspect account 12+ scripted host names created Pg. 119 Security Through Absurdity: Lessons Learned @chris_brenton
  120. New IR in Practice Account created from Russia Ticked boxes as a suspect account 12+ scripted host names created Fingerprint of Neutrino actors Pg. 120 Security Through Absurdity: Lessons Learned @chris_brenton
  121. Time For Some Fun Let them create their servers Pg. 121 Security Through Absurdity: Lessons Learned @chris_brenton
  122. Time For Some Fun Let them create their servers Gave them time to deploy iframes Pg. 122 Security Through Absurdity: Lessons Learned @chris_brenton
  123. Time For Some Fun Let them create their servers Gave them time to deploy iframes Let servers get integrated into C&C Pg. 123 Security Through Absurdity: Lessons Learned @chris_brenton
  124. Time For Some Fun Let them create their servers Gave them time to deploy iframes Let servers get integrated into C&C Pointed their hosts at honeypots Pg. 124 Security Through Absurdity: Lessons Learned @chris_brenton
  125. Impact of Redirection Broke some C&C functionality Pg. 125 Security Through Absurdity: Lessons Learned @chris_brenton
  126. Impact of Redirection Broke some C&C functionality ID 30+ other C&C servers Pg. 126 Security Through Absurdity: Lessons Learned @chris_brenton
  127. Impact of Redirection Broke some C&C functionality ID 30+ other C&C servers Block 140,000 infections Pg. 127 Security Through Absurdity: Lessons Learned @chris_brenton
  128. Impact of Redirection Broke some C&C functionality ID 30+ other C&C servers Block 140,000 infections Collect new data on functionality Pg. 128 Security Through Absurdity: Lessons Learned @chris_brenton
  129. What We Did Next Warn C&C owners of infection Pg. 129 Security Through Absurdity: Lessons Learned @chris_brenton
  130. What We Did Next Warn C&C owners of infection Analyze previously unknown data Pg. 130 Security Through Absurdity: Lessons Learned @chris_brenton
  131. What We Did Next Warn C&C owners of infection Analyze previously unknown data Share data with the community Pg. 131 Security Through Absurdity: Lessons Learned @chris_brenton
  132. What We Did Next Warn C&C owners of infection Analyze previously unknown data Share data with the community Update our detection Pg. 132 Security Through Absurdity: Lessons Learned @chris_brenton
  133. What The Bad Guys Did Next What they always do Pg. 133 Security Through Absurdity: Lessons Learned @chris_brenton
  134. What The Bad Guys Did Next What they always do Try to set their network back up Pg. 134 Security Through Absurdity: Lessons Learned @chris_brenton
  135. Segway to 6 hours later Bad guys come back Pg. 135 Security Through Absurdity: Lessons Learned @chris_brenton
  136. Segway to 6 hours later Bad guys come back Using different account credentials Pg. 136 Security Through Absurdity: Lessons Learned @chris_brenton
  137. Segway to 6 hours later Bad guys come back Using different account credentials Same fingerprint Pg. 137 Security Through Absurdity: Lessons Learned @chris_brenton
  138. Segway to 6 hours later Bad guys come back Using different account credentials Same fingerprint Start spinning up new C&C servers Pg. 138 Security Through Absurdity: Lessons Learned @chris_brenton
  139. Lather, Rinse, Repeat We let them setup their C&C network Pg. 139 Security Through Absurdity: Lessons Learned @chris_brenton
  140. Lather, Rinse, Repeat We let them setup their C&C network Then take it all away  Pg. 140 Security Through Absurdity: Lessons Learned @chris_brenton
  141. Lather, Rinse, Repeat We let them setup their C&C network Then take it all away  This repeats a third time Pg. 141 Security Through Absurdity: Lessons Learned @chris_brenton
  142. Don’t Go Away Mad… Bad guys relocate to Central America service provider We warn the provider C&C network has yet to recover Pg. 142 Security Through Absurdity: Lessons Learned @chris_brenton
  143. What Did Life Teach Me? Remember as you watch this film Pg. 143 Security Through Absurdity: Lessons Learned @chris_brenton
  144. What Did Life Teach Me? Remember as you watch this film When things appear their darkest Pg. 144 Security Through Absurdity: Lessons Learned @chris_brenton
  145. What Did Life Teach Me? Remember as you watch this film When things appear their darkest Evil may win some of the battles Pg. 145 Security Through Absurdity: Lessons Learned @chris_brenton
  146. What Did Life Teach Me? Remember as you watch this film When things appear their darkest Evil may win some of the battles Good always wins the epic war  Pg. 146 Security Through Absurdity: Lessons Learned @chris_brenton
  147. Thanks For Attending! cbrenton@dyn.com @Chris_Brenton Pg. 147 Security Through Absurdity: Lessons Learned @chris_brenton

×