Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Update on Exercise Mercury and OSINT for good

213 views

Published on

A presentation at the Jisc security conference 2019 by Kieren Lovell, head of TalTech CERT at Tallinn University of Technology.

Published in: Technology
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Update on Exercise Mercury and OSINT for good

  1. 1. DD.MM.YYYY EXERCISE MERCURY & EXERCISE NEPTUNE LT CDR Kieren Nicolas Lovell RNorN RTD TalTech CERT Tallinn University of Technology
  2. 2. TALLINN UNIVERSITY OF TECHNOLOGY AIM  Introduce TalTech CERT  To discuss our Open Source INT and Pentesting Programme  Overview of the exercise  Results so far….  Funky 2FA Demo and Challenge.
  3. 3. Established in 1918, Tallinn University of Technology (TalTech) is the flagship of Estonian engineering and technology education and research, where higher education can be obtained at all levels in engineering, technological, natural, and social sciences. TALTECH UNIVERSITY – CREATING A BRIGHTER FUTURE! The mission of Tallinn University of Technology is to be a promoter of science, technology and innovation and a leading provider of engineering and economic education in Estonia. TalTech values professionalism and reliability, entrepreneurship and innovation, openness and cooperativeness.
  4. 4. DD.MM.YYYY KIEREN NICOLAS LOVELL @KIERENNICOLAS WWW.KIERENNICOLAS.COM
  5. 5. DD.MM.YYYY TALTECH DIGITAL SECURITY THE DREAM TEAM
  6. 6. DD.MM.YYYY CYBER SECURITY THE PROBLEM?
  7. 7. TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> IT DOES NOT EXIST! </SCREAM> </BREATHE> …IT IS HYBRID.WE HAVE MADE THIS AN IT PROBLEM. IT IS NOT.
  8. 8. TALLINN UNIVERSITY OF TECHNOLOGY DON’T BELIEVE ME?
  9. 9. TALLINN UNIVERSITY OF TECHNOLOGY THE MILITARY ARE AHEAD? Same with Cyber Crime. It is just Crime, utilising cyber, with elements of physical, information, spying, opportunity, internal threats, mistakes……. Just like everything else.
  10. 10. TALLINN UNIVERSITY OF TECHNOLOGY WHY IS THIS IMPORTANT? DO YOU DO THIS?
  11. 11. TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> HACKERS DO NOT REDUCE THEIR SCOPE! </SCREAM> </BREATHE> TECHNICAL HACKS. PROCESS HACKING. PHYSICAL ACCESS. POLICY HACKING……
  12. 12. DD.MM.YYYY SO…. WHAT DO WE DO? TWO EXERCISES. EXERCISE NEPTUNE AND EXERCISE MERCURY
  13. 13. TALLINN UNIVERSITY OF TECHNOLOGY FOCUSING ON HE/FE AND MILITARY  Why? Both big organisations, that silo their cyber approach, and don’t know what the other arm is doing.  All have policies that no one reads  All treat cyber security as an IT problem*  We don’t go active, unless you want us too.  Keep you in the loop at all times.  Spearphishing attack optional.
  14. 14. TALLINN UNIVERSITY OF TECHNOLOGY EXERCISE MERCURY – OUR MILITARY PROGRAMME (CONTINUATION FROM LAST YEARS REPORT) Better tracking of ships than NATO has. Used Port webcams to confirm findings Cyber security? Pah, screw that. We found Electronic Warfare Compromises….
  15. 15. DD.MM.YYYY WHATS THAT? WANT MORE?
  16. 16. DD.MM.YYYY RESULT? BETTER TRACKING THAN NATO. FULL ELECTRONIC WARFARE CAPABILITIES USING GOOGLE. NO STUDENT HAD MILITARY OR MARITIME KNOWLEDGE.
  17. 17. DD.MM.YYYY NOW THE ONE YOU ARE WAITING FOR…. EDUCATION
  18. 18. DD.MM.YYYY Legacy systems being moved to cloud. Not maintained. Google hacking is great. Minutes with confidential data exposed. SQL injection resulted in embargoed research being show. Medical Data. 65,000 Passport copies downloaded by inject Cloudflare bypassed in 12 minutes Security walk….
  19. 19. TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> YOU ARENT PARSING LOGS </SCREAM> </BREATHE> ALL OF THE GEAR, NO IDEA. ONLY FOUND THREE TIMES. LATE.
  20. 20. DD.MM.YYYY CONCLUSION? THIS ISN’T STUPIDITY. THIS IS SCOPE LIMITATION. THIS IS “SECURITY IS SECURITY’S” JOB. THIS IS SILO CULTURE. “NEED TO KNOW, WITH A RESPONSIBILITY TO SHARE”
  21. 21. TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> MAKE SECURITY WORK WITH YOU. MAKE YOUR ORGANISATION EASY TO WORK SECURELY. LOOK AT YOURSELVES BEFORE YOUR THREAT DOES. DON’T SCOPE LIMIT </SCREAM> </BREATHE>
  22. 22. AN EXAMPLE OF HOW TO THINKING DIFFERENTLY. A 2FA, THAT IS INVISIBLE. THAT HAS NO APP. THAT WORKS WITH YOU.
  23. 23. KIEREN.LOVELL@TALTECH.EE SUBJECT: EXERCISE MERCURY

×