Hacking cyber-iamit
Upcoming SlideShare
Loading in...5

Hacking cyber-iamit






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • damn! why the nlp pseudo science bullshit?
    was enjoying the slides up until that point.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Government Communications Headquarters - UK

Hacking cyber-iamit Hacking cyber-iamit Presentation Transcript

  • Hacking vs. CyberHacking is a single battle, Cyber attack is part of warfareIftach Ian Amit | Director of Services, IOActive inc.
  • About
  • Hacking
  • Hacking
  • Hacking• How it looks like in the industry: – Vulnerability Assessments – Penetration Testing – Code Reviews – Other marketing terminology (that may involve the term “cyber” by mistake)
  • Hacking• Features: – Usually a single target – Surface of attack – shallow (opportunistic) – Tools/Techniques: common, or simple development effort• Motivation: – Financial – Political – Challenge• Defenses: – Anti-Virus, Firewalls, WAF, IDS, IPS, etc… – Really ???
  • Cyber Attack
  • Warfare
  • Cyber Attack
  • Warfare• So… how does your “cyber” work out so far?• Confused yet?• Good.
  • Warfare
  • This isn’t about computers anymore!Hint – it never was.
  • Cyber Warfare• As the name suggests – it’s part of a bigger picture. Warfare.• Warfare is never fought in a single domain (unless you want to lose…)• Physical• Social• Intelligence• Electronic These are the domains that cyberwar is engaged in
  • Hack into the server farm?Or just take the server (hack into the serverroom…)
  • Bypass the firewall?Nope. I’ll just walk into the network… Or let you install my backdoor for me:
  • Social
  • Social-Electronic convergence
  • Intelligence
  • Check outGuy’s talkRight after this!
  • Final convergence – Electronic/Digital• Here’s your “cyber”…The new language: Campaign• Profiling, intel gathering, reconnaissance• Vulnerability research (not just software!)• Exploitation• Establishing control, opening comm channels, In ALL domains! broadening foothold• Targeting assets• Exfiltration
  • Cyber Warfare• Features: – Multiple strategic targets – Surface of attack – full – Tools/Techniques: all, including all domains, and often with custom built tools• Motivation: – Financial – Political• Defenses: – Strategic Defense in Depth (not vendor products) – Awareness and Education (the human factor) – Coverage of all domains at the defense strategy
  • Practicing “cyber” – Red Team Testing Pre- Intelligence ThreatHomework engagement Gathering Modeling Interactions Vulnerability PostHands-on Analysis Exploitation ExploitationWriting Reporting
  • Hacking vs. Cyber China always had it right 
  • QUESTIONS?Iftach Ian Amit@iiamitiamit@ioactive.com