SlideShare a Scribd company logo

Breach analysis slideshare

Download as PPTX, PDF
Jonathan Sinclair
Jonathan Sinclair

A high level overview from two sides of the IT security coin

Technology
1 of 23
Breach Analysis - Insights from technical breach to protective measures By J.Sinclair Breach Analysis - Jonathan Sinclair 1
Talk Outcomes • Demonstrate security from two perspectives – The goal of a Blackhat – The goal of a Whitehat • An introduction to tooling Breach Analysis - Jonathan Sinclair 2
Perspectives White vs. Black Breach Analysis - Jonathan Sinclair 3
Blackhat Perspective • Motivating Factors – Like the challenge (dedication) – Self-promotion / Fame • Want to improve security by showing it’s failing (grey see the work by: Tavis Ormandy) – Money • Focus – Breaching security • Penetration Testing • Exploit writing • Bug hunting • Social Engineering Breach Analysis - Jonathan Sinclair 4
Where to start • Follow a methodology /plan – Intelligence Gathering: Passive/Active – Vulnerability Analysis: Active – Exploitation: Active – Post Exploitation: Active – Reporting (Bad guys don’t care about this. It leaves evidence) Breach Analysis - Jonathan Sinclair 5
Steps of an attacker (Tools of the trade) • Intelligence Gathering : Maltego, Social harvesting • Reconnaissance: – Zenmap/Nmap – Find a service • Get the service listing: – Telnet, smtp, https, printer, msrpc, irc, http-proxy, ftp • Query the services: – Test login’s e.g. ftp, telnet, smtp • Identify software information: – WinFTP version 2.3.0 Breach Analysis - Jonathan Sinclair 6
Steps of an attacker • Exploit – Check exploit-db, NIST, metasploit, Nessus etc. – Set-up a lab environment – Download the app you want to exploit – Start fuzzing : test the application to simulate a crash Breach Analysis - Jonathan Sinclair 7
Steps of an attacker • Attach to Immunity or your favourite debugger: OllyDbg, WinDbg, IdaPro Breach Analysis - Jonathan Sinclair 8
Steps of an attacker • Control the crash – Manipulate EIP via ECX and EDX – Jump to your shell code • Generate via Metasploit: – msf payload(shell_bind_tcp) > generate -b 'x00x44x67x66xfax01xe0x44x67xa1xa2xa3x75x4b‘ – Prep your exploit in Ruby – Launch at the target system • ./msfconsole • use auxiliary/dos/windows/ftp/winftp230_remote • exploit Breach Analysis - Jonathan Sinclair 9
Steps of an attacker • Got shell – Bad guy wins – Starting interaction with 2... – Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. – C:Documents and SettingsvictimDesktop> Breach Analysis - Jonathan Sinclair 10
Access Granted • Network security bi-passed • Access of a single system can lead to additional breaches • Pivot point (post-exploitation) for future attacks identified Game Over Breach Analysis - Jonathan Sinclair 11
Whitehat Perspective • Motivating Factors – Secure your enterprise – Keep company assets and intellectual property safe – Engineer a secure solution – Fame (would be nice but rarely appreciated) • Focus – Salary – Watching the bad guys – Staying current while maintaining the old Breach Analysis - Jonathan Sinclair 12
Why it’s so hard to be good • Security dilemma: – “The intruder only needs to exploit one of the victims in order to compromise the enterprise.” • Security mantra: – “There is no perfect defence” • Security solution – the 3 pillars: – Awareness – Process – Tools Breach Analysis - Jonathan Sinclair 13
Security Awareness(1) • Ensure people are educated – Set up awareness campaigns – Create training programmes – Bring security thinking to the people • Relate to cultural differences (US vs. Switzerland) Breach Analysis - Jonathan Sinclair 14
Security Awareness(2) • Create a mind-set of critical thinking and encouraging people to ask the ‘what if..’ type questions • Security thinking has nothing to do with being a techy. (Techies nearly always forget this) Breach Analysis - Jonathan Sinclair 15
Security Process • What is actually important to you? – Know what you want – Know what you’re risk appetite is – Integrate security into everything you do Breach Analysis - Jonathan Sinclair 16
Tooling • Firewalls, IPS/IDS’s, DLP, SIEM, Antivirus etc. will only cover your last 20% • Most incidents come from internal employees – Symantec figures (1996 – 2002) : 59% – CERT figures (2010) : 60% – Open Security Foundation (2010) : 47% • Tools have vulnerabilities: Wireshark! Breach Analysis - Jonathan Sinclair 17
Enterprise security • The message: “Your organisation will be breached” • What to consider – You need to know when this happens – You need to know how to contain it – You need to be able to understand your reputation Breach Analysis - Jonathan Sinclair 18
Enterprise security: Sony • Case Study: – Sony breach in 2011 – 25 million personal details stolen from the Sony Online Entertainment network • Name, Address, Email, DoB, Phone numbers • Motive: – Unknown but potentially to sell on credit card information (the hack didn’t reveal the 3-digit security code) Breach Analysis - Jonathan Sinclair 19
Enterprise security: Sony • Reaction by Sony – SOE network was suspended • SOE was then rebuilt – Company would grant 30 days additional playing time to registered users • Reaction by the public – Legal action brought against Sony – In the UK Sony was fined £250,000 Breach Analysis - Jonathan Sinclair 20
Enterprise security: Sony • Overall cost – Profits plunged 59% or 15.5bn Yen as a combined result of cyber breach and Japanese tsunami – Continued losses to the brand into 2012 • Real issues – Personal data lost – Credit card fraud became more prevalent Breach Analysis - Jonathan Sinclair 21
Enterprise security: Final Thoughts • Take away message: – The data a company may lose in a security breach may not be ‘secret’ data e.g. IP, however reputation loss will ALWAYS cost an enterprise • Security in an enterprise is about protecting reputation! Breach Analysis - Jonathan Sinclair 22
Questions and Answers ? Breach Analysis - Jonathan Sinclair 23

Recommended

Smalltalk Security Landscape
Smalltalk Security LandscapeSmalltalk Security Landscape
Smalltalk Security LandscapeESUG
 
Irari rules
Irari rulesIrari rules
Irari rulesISSA LA
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesJohn Gilligan
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolantimnolan1961
 
Ht r32
Ht r32Ht r32
Ht r32SelectedPresentations
 
Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)neeraj.sihag
 

Recommended

Smalltalk Security Landscape
Smalltalk Security LandscapeSmalltalk Security Landscape
Smalltalk Security LandscapeESUG
 
Irari rules
Irari rulesIrari rules
Irari rulesISSA LA
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesJohn Gilligan
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolantimnolan1961
 
Ht r32
Ht r32Ht r32
Ht r32SelectedPresentations
 
Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)Cs461 06.risk analysis (1)
Cs461 06.risk analysis (1)neeraj.sihag
 
CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?PECB
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Information security power point slides.ppt
Information security power point slides.pptInformation security power point slides.ppt
Information security power point slides.pptMuhammadAbdullah311866
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionStephen Cobb
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxJhaiJhai6
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 
SplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunk
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Insider Threat
Insider ThreatInsider Threat
Insider ThreatAndy Thompson
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
24 Hours After a Breach
24 Hours After a Breach 24 Hours After a Breach
24 Hours After a Breach LIFARS
 
Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Jonathan Sinclair
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or lessJonathan Sinclair
 

More Related Content

Similar to Breach analysis slideshare

CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?PECB
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Information security power point slides.ppt
Information security power point slides.pptInformation security power point slides.ppt
Information security power point slides.pptMuhammadAbdullah311866
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionStephen Cobb
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxJhaiJhai6
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 
SplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunk
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
24 Hours After a Breach
24 Hours After a Breach 24 Hours After a Breach
24 Hours After a Breach LIFARS
 

Similar to Breach analysis slideshare (20)

CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
Network security
Network securityNetwork security
Network security
 
Information security power point slides.ppt
Information security power point slides.pptInformation security power point slides.ppt
Information security power point slides.ppt
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
 
SplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakoutSplunkLive! Amsterdam 2015 - Analytics based security breakout
SplunkLive! Amsterdam 2015 - Analytics based security breakout
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Insider Threat
Insider ThreatInsider Threat
Insider Threat
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
24 Hours After a Breach
24 Hours After a Breach 24 Hours After a Breach
24 Hours After a Breach
 

More from Jonathan Sinclair

Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Jonathan Sinclair
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or lessJonathan Sinclair
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon usJonathan Sinclair
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofJonathan Sinclair
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
XAI – accountability unchecked
XAI – accountability uncheckedXAI – accountability unchecked
XAI – accountability uncheckedJonathan Sinclair
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentJonathan Sinclair
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingCyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingJonathan Sinclair
 
Vulnerability management today and tomorrow
Vulnerability management today and tomorrowVulnerability management today and tomorrow
Vulnerability management today and tomorrowJonathan Sinclair
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012Jonathan Sinclair
 

More from Jonathan Sinclair (11)

Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or less
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon us
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereof
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
XAI – accountability unchecked
XAI – accountability uncheckedXAI – accountability unchecked
XAI – accountability unchecked
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingCyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not working
 
Blue Ocean IT Security
Blue Ocean IT SecurityBlue Ocean IT Security
Blue Ocean IT Security
 
Vulnerability management today and tomorrow
Vulnerability management today and tomorrowVulnerability management today and tomorrow
Vulnerability management today and tomorrow
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 

Recently uploaded (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Breach analysis slideshare

  • 1. Breach Analysis - Insights from technical breach to protective measures By J.Sinclair Breach Analysis - Jonathan Sinclair 1
  • 2. Talk Outcomes • Demonstrate security from two perspectives – The goal of a Blackhat – The goal of a Whitehat • An introduction to tooling Breach Analysis - Jonathan Sinclair 2
  • 3. Perspectives White vs. Black Breach Analysis - Jonathan Sinclair 3
  • 4. Blackhat Perspective • Motivating Factors – Like the challenge (dedication) – Self-promotion / Fame • Want to improve security by showing it’s failing (grey see the work by: Tavis Ormandy) – Money • Focus – Breaching security • Penetration Testing • Exploit writing • Bug hunting • Social Engineering Breach Analysis - Jonathan Sinclair 4
  • 5. Where to start • Follow a methodology /plan – Intelligence Gathering: Passive/Active – Vulnerability Analysis: Active – Exploitation: Active – Post Exploitation: Active – Reporting (Bad guys don’t care about this. It leaves evidence) Breach Analysis - Jonathan Sinclair 5
  • 6. Steps of an attacker (Tools of the trade) • Intelligence Gathering : Maltego, Social harvesting • Reconnaissance: – Zenmap/Nmap – Find a service • Get the service listing: – Telnet, smtp, https, printer, msrpc, irc, http-proxy, ftp • Query the services: – Test login’s e.g. ftp, telnet, smtp • Identify software information: – WinFTP version 2.3.0 Breach Analysis - Jonathan Sinclair 6
  • 7. Steps of an attacker • Exploit – Check exploit-db, NIST, metasploit, Nessus etc. – Set-up a lab environment – Download the app you want to exploit – Start fuzzing : test the application to simulate a crash Breach Analysis - Jonathan Sinclair 7
  • 8. Steps of an attacker • Attach to Immunity or your favourite debugger: OllyDbg, WinDbg, IdaPro Breach Analysis - Jonathan Sinclair 8
  • 9. Steps of an attacker • Control the crash – Manipulate EIP via ECX and EDX – Jump to your shell code • Generate via Metasploit: – msf payload(shell_bind_tcp) > generate -b 'x00x44x67x66xfax01xe0x44x67xa1xa2xa3x75x4b‘ – Prep your exploit in Ruby – Launch at the target system • ./msfconsole • use auxiliary/dos/windows/ftp/winftp230_remote • exploit Breach Analysis - Jonathan Sinclair 9
  • 10. Steps of an attacker • Got shell – Bad guy wins – Starting interaction with 2... – Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. – C:Documents and SettingsvictimDesktop> Breach Analysis - Jonathan Sinclair 10
  • 11. Access Granted • Network security bi-passed • Access of a single system can lead to additional breaches • Pivot point (post-exploitation) for future attacks identified Game Over Breach Analysis - Jonathan Sinclair 11
  • 12. Whitehat Perspective • Motivating Factors – Secure your enterprise – Keep company assets and intellectual property safe – Engineer a secure solution – Fame (would be nice but rarely appreciated) • Focus – Salary – Watching the bad guys – Staying current while maintaining the old Breach Analysis - Jonathan Sinclair 12
  • 13. Why it’s so hard to be good • Security dilemma: – “The intruder only needs to exploit one of the victims in order to compromise the enterprise.” • Security mantra: – “There is no perfect defence” • Security solution – the 3 pillars: – Awareness – Process – Tools Breach Analysis - Jonathan Sinclair 13
  • 14. Security Awareness(1) • Ensure people are educated – Set up awareness campaigns – Create training programmes – Bring security thinking to the people • Relate to cultural differences (US vs. Switzerland) Breach Analysis - Jonathan Sinclair 14
  • 15. Security Awareness(2) • Create a mind-set of critical thinking and encouraging people to ask the ‘what if..’ type questions • Security thinking has nothing to do with being a techy. (Techies nearly always forget this) Breach Analysis - Jonathan Sinclair 15
  • 16. Security Process • What is actually important to you? – Know what you want – Know what you’re risk appetite is – Integrate security into everything you do Breach Analysis - Jonathan Sinclair 16
  • 17. Tooling • Firewalls, IPS/IDS’s, DLP, SIEM, Antivirus etc. will only cover your last 20% • Most incidents come from internal employees – Symantec figures (1996 – 2002) : 59% – CERT figures (2010) : 60% – Open Security Foundation (2010) : 47% • Tools have vulnerabilities: Wireshark! Breach Analysis - Jonathan Sinclair 17
  • 18. Enterprise security • The message: “Your organisation will be breached” • What to consider – You need to know when this happens – You need to know how to contain it – You need to be able to understand your reputation Breach Analysis - Jonathan Sinclair 18
  • 19. Enterprise security: Sony • Case Study: – Sony breach in 2011 – 25 million personal details stolen from the Sony Online Entertainment network • Name, Address, Email, DoB, Phone numbers • Motive: – Unknown but potentially to sell on credit card information (the hack didn’t reveal the 3-digit security code) Breach Analysis - Jonathan Sinclair 19
  • 20. Enterprise security: Sony • Reaction by Sony – SOE network was suspended • SOE was then rebuilt – Company would grant 30 days additional playing time to registered users • Reaction by the public – Legal action brought against Sony – In the UK Sony was fined £250,000 Breach Analysis - Jonathan Sinclair 20
  • 21. Enterprise security: Sony • Overall cost – Profits plunged 59% or 15.5bn Yen as a combined result of cyber breach and Japanese tsunami – Continued losses to the brand into 2012 • Real issues – Personal data lost – Credit card fraud became more prevalent Breach Analysis - Jonathan Sinclair 21
  • 22. Enterprise security: Final Thoughts • Take away message: – The data a company may lose in a security breach may not be ‘secret’ data e.g. IP, however reputation loss will ALWAYS cost an enterprise • Security in an enterprise is about protecting reputation! Breach Analysis - Jonathan Sinclair 22
  • 23. Questions and Answers ? Breach Analysis - Jonathan Sinclair 23

Editor's Notes

  1. Taken from: http://kerovinblack.deviantart.com/art/The-Good-and-Evil-in-Me-118469585
  2. KingPin – Kevin Poulsen
  3. http://www.pentest-standard.org/index.php/Main_Page
  4. http://www.exploit-db.com/exploits/7875/