Hacking cyber-iamit

Uploaded on


  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • damn! why the nlp pseudo science bullshit?
    was enjoying the slides up until that point.
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Government Communications Headquarters - UK


  • 1. Hacking vs. CyberHacking is a single battle, Cyber attack is part of warfareIftach Ian Amit | Director of Services, IOActive inc.
  • 2. About
  • 3. Hacking
  • 4. Hacking
  • 5. Hacking• How it looks like in the industry: – Vulnerability Assessments – Penetration Testing – Code Reviews – Other marketing terminology (that may involve the term “cyber” by mistake)
  • 6. Hacking• Features: – Usually a single target – Surface of attack – shallow (opportunistic) – Tools/Techniques: common, or simple development effort• Motivation: – Financial – Political – Challenge• Defenses: – Anti-Virus, Firewalls, WAF, IDS, IPS, etc… – Really ???
  • 7. Cyber Attack
  • 8. Warfare
  • 9. Cyber Attack
  • 10. Warfare• So… how does your “cyber” work out so far?• Confused yet?• Good.
  • 11. Warfare
  • 12. This isn’t about computers anymore!Hint – it never was.
  • 13. Cyber Warfare• As the name suggests – it’s part of a bigger picture. Warfare.• Warfare is never fought in a single domain (unless you want to lose…)• Physical• Social• Intelligence• Electronic These are the domains that cyberwar is engaged in
  • 14. Hack into the server farm?Or just take the server (hack into the serverroom…)
  • 15. Bypass the firewall?Nope. I’ll just walk into the network… Or let you install my backdoor for me:
  • 16. Social
  • 17. Social-Electronic convergence
  • 18. Intelligence
  • 19. Check outGuy’s talkRight after this!
  • 20. Final convergence – Electronic/Digital• Here’s your “cyber”…The new language: Campaign• Profiling, intel gathering, reconnaissance• Vulnerability research (not just software!)• Exploitation• Establishing control, opening comm channels, In ALL domains! broadening foothold• Targeting assets• Exfiltration
  • 21. Cyber Warfare• Features: – Multiple strategic targets – Surface of attack – full – Tools/Techniques: all, including all domains, and often with custom built tools• Motivation: – Financial – Political• Defenses: – Strategic Defense in Depth (not vendor products) – Awareness and Education (the human factor) – Coverage of all domains at the defense strategy
  • 22. Practicing “cyber” – Red Team Testing Pre- Intelligence ThreatHomework engagement Gathering Modeling Interactions Vulnerability PostHands-on Analysis Exploitation ExploitationWriting Reporting
  • 23. Hacking vs. Cyber China always had it right 
  • 24. QUESTIONS?Iftach Ian Amit@iiamitiamit@ioactive.com