Most people who work on the defensive side of computer security only see the landscape from that perspective! In this talk, Street will show how an attacker views your Web site and employees, and then uses them against you. He will start with how a successful spear-phish is created, by using the information gathered from the company’s own ‘about’ page, as well as scouring social media sites for useful information to exploit employees. The majority of the talk will cover successful counter-measures to help stave off or detect attacks. This discussion will draw on the speaker’s 15 years’ experience of working in the US banking industry on the side of defence. At the same time, he’ll draw on over six years of participating in engagements where he has taken on the role of the attacker.
7. Who do you really think poses the most danger to your enterprise?
Nation Sates? …. Not really unless you’re building a nuclear centrifuge,
building communication gear sold world wide, the Pope, etc… ;-)
Let’s not
forget
#Vault7
LULZ!
8. Who do you really think poses the most danger to your enterprise?
L337 H4x0rs like Anonymous? …. Really, burning their 0-Day & tools (like LOIC) to
take you down for the sake of justice and all that is righteous in the world!?!
9. Who do you really think poses the most danger to your enterprise?
Criminals? ….. Who though may not know everything about the tools they’re
using but know enough to make a lot of money by going after quantity not
quality!
10. Something's just don't go great together!
(Or if you're a criminal they go together awesomely!)
56. WPAD
Make a null route (to 127.0.0.1 IPV4 ::1 IPV6) DNS entry for WPAD
Make a null route (to ::1 IPV6) DNS entry for WPADWPADWPAD
Disable NetBios resolution domain wide.
57. Evil Canary
1.Create user called “DomainAdmin_TMP”
2.Put password in the description.
3.Add to Domain Admins Group!
4. Under Logon Hours set to ZERO!!!
5. Set an alert ANY time that account
tries to logon!
DomainAdmin_TMP
58. Evil Canary
Make a public share called
“Password Audit 2015” inside create
a EXLS file about 4 MB but
“Everyone: Deny” permission.
59. Rob Fuller
Twitter @mubix
Blog – http://www.room362.com
Full video located here….
https://www.youtube.com/watch?v=VqcDjPUXPIw
67. 4. Control the countries that can see you if you can.
http://ipinfo.io/countries
68. 5. Add triggers/false leads on your job listings.
Go from this:
Candidate should be familiar with CISCO ASA Firewalls
To something more like this:
Candidate should be familiar with Checkpoint Firewall, Palo
Alto also versed in CISCO ASA Firewalls.
69. 6. Own as many domains similar to yours as possible
(Because someone will!)
70. 7. You have to click links at some point or download
attachments just be cautious!
71. 8. Web Developers should be building good code!!!
(Which then makes it more secure)
72. 9. DO NOT ASK FOR ADVICE FROM YOUR COMPANY EMAIL!!!
73. LAST but NOT Least!!!!
Create teachable moments for your employees
before a real attacker does!!!
80. Now let’s learn from others
Discussion and Questions????
Or several minutes of uncomfortable silence it’s your choice.
This concludes my presentation Thank You
81. LINKS as you LEAVE
My own lil page!
http://JaysonEStreet.com
Twitter @jaysonstreet
WeChat jaysonstreet
Also on Linkdedin too! ;-)
Thanks to John of SHODAN, Mubix, IT-Defense Roundtable 2016, Adriel of Netragard
and all my ‘victims’ for not suing! ;-)
82. Company Info
Pwnie Express - Presentation 41
Security Assessment for Remote Sites & Wireless
• Closes huge gap in security infrastructure
• Founded 2010
• Boston HQ & Vermont Research Lab
• Financing: $5.1 million Series A (July 2013)
• Over 1000 accounts globally, 600 Enterprises, & Partner Channel
• Recognition and Awards