Successfully reported this slideshow.
Your SlideShare is downloading. ×

Continuous Automated Red Teaming (CART) - Bikash Barai

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 24 Ad

Continuous Automated Red Teaming (CART) - Bikash Barai

Download to read offline


The Slides cover :
Offensive Attack landscape: Analyzing Data from Deep dark and Surface web

Tools, Techniques & Trends related to Offensive Attack Simulation: Attack Surface Management (ASM), Continuous Automated Red Teaming (CART) & More

How CART (Continuous Automated Red Teaming) can help


The Slides cover :
Offensive Attack landscape: Analyzing Data from Deep dark and Surface web

Tools, Techniques & Trends related to Offensive Attack Simulation: Attack Surface Management (ASM), Continuous Automated Red Teaming (CART) & More

How CART (Continuous Automated Red Teaming) can help

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to Continuous Automated Red Teaming (CART) - Bikash Barai (20)

Advertisement

Recently uploaded (20)

Continuous Automated Red Teaming (CART) - Bikash Barai

  1. 1. The Future of Offensive Attack Simulation Bikash Barai
  2. 2. About Me • Founded multiple cyber security product companies • Currently Co-founder of FireCompass • Internet-wide monitoring and attack platform • Cyber Security Advisory Board for multiple companies • Multiple patents in cyber security • Spoke at RSA USA, RSA Singapore, Interop, TEDx etc • Recognizations : Fortune 40-under-40, UC Berkeley, etc • Passionate about algorithms, human mind, meditation, magic &
  3. 3. Key Industry Challenges
  4. 4. Top Industry Challenges • Shadow IT & Incomplete Asset Inventory • Testing partial assets - we miss shadow IT, Preprods etc • Misconfigurations • Testing “some times” vs “continuous attacks” • Security Testing Gen 1 is report based …. Gen 2 should be continuous & alert based ( Think SOC evolution)
  5. 5. Database Exposure • # of open databases (Mysql, Mongo, ES, Redis): 500K • # Sample Size of Data Exposed: ~ 20 TB
  6. 6. Code Leaks • Sample Enterprise Code Leaks: 12K + • 15% of cases internal employees leaked credentials, keys and sensitive information such as private keys, AD passwords, mail server passwords, even Pay slips. • CI/CD tools such as Jenkins, GoCD etc. leads to exposed code and remote code execution. 6
  7. 7. Exposed & Open DevOps Tools
  8. 8. Open Cloud Resources • +10K public Elastic Block Store (EBS) snapshots from 3,213 accounts. • +400 public Relational Database Service (RDS) snapshots from 200+ accounts. • +700K public Amazon Machine Images (AMIs) from +20K accounts. • +16K public IPs of exposed AWS managed ElasticSearch clusters that could have their contents stolen or data possibly deleted - this means 17% of AWS-managed ElasticSearch servers with public IPs were misconfigured. • More than 500 Million AWS Buckets Indexed hosting Terabytes of Data.
  9. 9. Exposed Network Services • 80% of large organisations has • Multiple exposed UAT servers • Vulnerable WordPress/Zoomla • Telnet/FTP • Open vulnerable routers • 30% of organizations had • Open LDAP • Open RDP • Open SMB/RPC
  10. 10. Leaked Passwords • Number of Leaked passwords reached 6.7 Billion by end of Jan 2019 • 40%+ of Organizations could be breached just using leaked passwords • Found 5+ common password patterns for every major organisation.
  11. 11. Offensive Security Landscape
  12. 12. Red Team Landscape Point-in-Time Assessment SimulatedAttacks Red Team Landscape Breach & Attack Simulation Continuous Automated Red Teaming Cyber Ranges Pen Testing Red Team Services Bug Bounty Programs Point-in-Time Assessment Continuous Testing SimulatedAttacks RealWorldAttacks Credits: Gartner
  13. 13. Blue Team Landscape InternalAssets Blue Team Landscape SimulatedAttacks Asset Management Attack Surface Management VA - Vulnerability Assessment Vulnerability App Assessment Scanners DRP - Digital Footprinting Security Rating Services More Depth More Breadth InternalAssets ExternalAssets Credits: Gartner
  14. 14. Depth vs Breadth Breadth Depth VA Pen Test Digital Footprinting Cyber Ranges BAS CART/ ASM Credits: Gartner
  15. 15. Key Trends In Offensive Security Landscape
  16. 16. Attack Surface Management ( ASM ) • Specialized internet wide monitoring to discover • Exposed Attack Surface • Orphaned DB, Pre-prod systems • Shadow IT • Key Use Cases • Asset Inventory • Vulnerability Management • Shadow IT Discovery
  17. 17. Continuous Automated Red Teaming • Moving from Point in time Red Teaming to continuous discovery of attack surface and continuous attacks • Attackers are attacking all the assets all of the time vs Organizations testing some assets some of the time • Use Cases • Vulnerability and Risk Management • Security control validation • Ransomware attack surface discovery • Nation state actor and other adversary simulation
  18. 18. Purple Teaming Adoption • Red and Blue Teams collaboratively improving security posture • Use Cases • Security control gap detection • Security control improvement
  19. 19. Hybrid = Man + Machine Effective combination of Automation / AI and manual augmentation
  20. 20. About FireCompass
  21. 21. FireCompass - Continuous Automated Red Teaming (CART) & Attack Surface Management (ASM) Index - Fast Internet based recon on 3 Billion+ IPs using headless browser - Deep, Dark and Surface web OSINT data collection - Intel collection from 3rd party sources like Shodan, Threat Intel, Honeypot feeds etc.. -Indexing using proprietary FireCompass Big Data Platform Discover Attack Prioritize - Use AI and ML algorithms to Attribute all your digital assets and near real time view of your Digital Attack Surface - Misconfigured DB servers/ S3 cloud buckets - Code leaks, leaked credentials - Vulnerabilities - Internet infrastructure, Web apps, Mobile apps - Exposed pre-prod systems - Exposed services like APIs, FTP Servers, Open Ports - Conduct Port Scanning & Network VA - Conduct DAST and OWASP Top 10 attacks on web based applications - Conduct DAST, SAST and IAST attacks on Mobile applications - Active Social Engineering attacks - Multi-Stage attacks to find out possible Attack paths --Continuous Monitoring & Alerts to detect changes in your Attack surface and new risks - Identify, Analyze and prioritize digital risks
  22. 22. Thank You
  23. 23. The Future of Offensive Attack Simulation Bikash Barai
  24. 24. The Future of Offensive Attack Simulation Bikash Barai

×