[Bucharest] Catching up with today's malicious actors

OWASP EEE
OWASP EEEOWASP
Catching up with today's malicious actors Current security posture and future possible actions OWASP EEE Bucharest Event 2015 Adrian Ifrim
Disclaimer The content of this presentation does not reflect the official opinion of the my current employer or former employers. Responsibility for the information and views expressed in the presentation lies entirely with the author.
id -un Adrian Ifrim cat .bash_history | grep jobs - Helpdesk/Network Administrator - Junior System Administrator - Support Engineer - IS Analyst - IT Auditor - Tech Security Lead
uname -a • cat /proc/cpuinfo | grep hobbies - Information Security - Information Security - Information Security - Information Security
Chapter 1 Current state
Who are we dealing with? • State sponsored attacks • Organized Hacking Teams • State-sponsored hackers: hybrid armies • Terrorist organizations • One-man-show • Internal disgruntled employees • Malicious vendors – Software/Hardware • Trusted Third Party
What are their strengths? • Time • Unlimited budget • Open source tools • Open Knowledge base (the Internet) • No bureaucratic approvals • New tricks up their sleeves (0days) • Strong Motive (financial, political, patriotic, fun)
Who do we usually have? • Small teams of security professionals • Limited time • Limited budgets • Limited tools (if you don't have support you cant use it) • Bureaucratic approvals • Security testing requirements
Losing the war - Tools • Anti-Virus  veil framework  backdoor factory  mitmf  metasploit  powershell  wmic  vbscript • Cost to make an undetected virus ~ 0
Losing the war – More tools • Maintained by people for the people  Firewalls/Routers/Switches )  Web Site filtering  Data Leakage Protection  Web Application Firewalls  Database Activity Monitoring  SIEMs  Vulnerability scanners  IDS/IPS  Anti Malware  etc
Losing the war: Monitoring those tools • Maintained by people for the people • Various time formats • Various log formats • Alert/parsing configuration • Huge number of events
The hype: • Stagefright bug  Scary but not working on latest version of Android  Other countries may be affected :) • Heartbleed  http://siui.casan.ro/cnas/ is protected btw (no certificate)  introduced in 2012 and publicly disclosed in 2014 • Various 0days: flash,adobe reader, windows, osx, android, php, anti-virus
Start being afraid of the right things Your real problems: • Your assets. The inventory • Personnel • ~6000days • Everyone's a coder • Availability • Did you know you use IPv6? Yeah you do • Tools • Old mindsets • Credentials everywhere • No two factor • No encryption • Wireless • Monitoring • APT (Antivirus Fail) • Unauthorized tools
Various questions and answers received over the years • Why would I need security advisory in change management? • I know all my systems • But we do vulnerability scanning • If its internal they can't get in and we should not use encryption • Our anti-virus definitions are up-to-date
Chapter 2 Future State of Security
It's over • Traditional ways of protecting our networks are not working anymore • The victory of 300 Spartans is a not quite true: • 300 Spartans • 700 Thespians • 400 Thebans • and perhaps a few hundred others • most of whom were killed.
But people say • Waving the white flag means you've lost • You're compromised and you don't even know it. Are you a target?
Start being afraid of the right things • 80%+ percent of you problems come from 20% of you issues • Exploiting the 20% problems left would require some skills • It's OK to fail. • It's NOT OK not to know that you have failed or failing over and over again
Understand what you are trying to protect
Next steps • Artificial intelligence • Self-protecting mechanism just like the human immune system • Shape-shifting networks • Big Data • Advanced Honeypots • On the fly patching
Next steps • Listening • Learning • Doing
The future is here • Checkout DARPA Cyber Grand Challenge The challenge: Systems will autonomously create network defenses, deploy patches and mitigations, monitor the network, and evaluate the defenses of competitors. • Sounds like something the US would do 
What we will need to do • Gather all information • From all devices • Process that information • Identify malicious events and patterns • Establish automated alerts • Establish automated decisions and actions
What we will need to do • Establish correct incident response plans • Create production like environments • Add this layer on top of the old layers • Automate as much as you can
Q&A Wait, what are you trying to say?
1 of 25

[Bucharest] Catching up with today's malicious actors

Download to read offline
Internet

Catching up with today's malicious actors. Adrian Ifrim.

OWASP EEE
OWASP EEEOWASP

Recommended

Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D) by
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
143 views14 slides
IAEM cybersecurity 101 by
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101Sarah K Miller
192 views38 slides
Slide Deck - CISSP Mentor Program Class Session 1 by
Slide Deck - CISSP Mentor Program Class Session 1Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1FRSecure
2.2K views33 slides
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield by
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
854 views24 slides
Ransomware ly by
Ransomware lyRansomware ly
Ransomware lyLisa Young
253 views27 slides
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017 by
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 2 – FRSecure CISSP Mentor Program 2017FRSecure
833 views65 slides

More Related Content

What's hot

Mind the gap by
Mind the gapMind the gap
Mind the gapRoger Hagedorn
588 views65 slides
Cybercrime and the Hidden Perils of Patient Data by
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataStephen Cobb
983 views33 slides
Community IT Webinar - IT Security for Nonprofits by
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
815 views25 slides
How to Build a Successful Incident Response Program by
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
850 views28 slides
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain by
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNorth Texas Chapter of the ISSA
1.2K views22 slides
Cyberskills shortage: Where is the cyber workforce of tomorrow by
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowStephen Cobb
659 views37 slides

What's hot(20)

Mind the gap by Roger Hagedorn
Mind the gapMind the gap
Mind the gap
Roger Hagedorn588 views
Cybercrime and the Hidden Perils of Patient Data by Stephen Cobb
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient Data
Stephen Cobb983 views
Community IT Webinar - IT Security for Nonprofits by Community IT Innovators
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for Nonprofits
Community IT Innovators815 views
How to Build a Successful Incident Response Program by Resilient Systems
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
Resilient Systems850 views
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain by North Texas Chapter of the ISSA
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA1.2K views
Cyberskills shortage: Where is the cyber workforce of tomorrow by Stephen Cobb
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrow
Stephen Cobb659 views
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl... by North Texas Chapter of the ISSA
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
North Texas Chapter of the ISSA2.3K views
IMA - Anatomy of an Attack - Presentation- 28Aug15 by Benjamin D. Brooks, CISSP
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15
Benjamin D. Brooks, CISSP274 views
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal by North Texas Chapter of the ISSA
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougalNTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
North Texas Chapter of the ISSA1.3K views
Threat Intelligence 101 - Steve Lodin - Submitted by Steve Lodin
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin1.1K views
Purple Teaming - The Collaborative Future of Penetration Testing by FRSecure
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
FRSecure631 views
Aegis Personal Cybersecurity 101 by Nick Powers
Aegis Personal Cybersecurity 101Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101
Nick Powers249 views
Slide Deck – Session 3 – FRSecure CISSP Mentor Program 2017 by FRSecure
Slide Deck – Session 3 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 3 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 3 – FRSecure CISSP Mentor Program 2017
FRSecure862 views
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ... by North Texas Chapter of the ISSA
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
North Texas Chapter of the ISSA1.6K views
Introduction to Raspberry Pi by CyberGuider IT Services Inc.
Introduction to Raspberry PiIntroduction to Raspberry Pi
Introduction to Raspberry Pi
CyberGuider IT Services Inc.98 views
Anatomy Of A Breach: The Good, The Bad & The Ugly by Resilient Systems
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems2.2K views
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017 by FRSecure
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
FRSecure854 views
Need for cybersecurity by Sri Manakula Vinayagar Engineering College
Need for cybersecurityNeed for cybersecurity
Need for cybersecurity
Sri Manakula Vinayagar Engineering College522 views
Cultivating security in the small nonprofit by Roger Hagedorn
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofit
Roger Hagedorn1.1K views
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr... by APNIC
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...
APNIC236 views

Viewers also liked

Dia da Música by
Dia da MúsicaDia da Música
Dia da MúsicaPaulo Antunes
1.2K views18 slides
[Lithuania] Introduction to threat modeling by
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modelingOWASP EEE
444 views21 slides
[Russia] Node.JS - Architecture and Vulnerabilities by
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and VulnerabilitiesOWASP EEE
560 views15 slides
[Lithuania] DigiCerts and DigiID to Enterprise apps by
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise appsOWASP EEE
350 views16 slides
[Lithuania] I am the cavalry by
[Lithuania] I am the cavalry[Lithuania] I am the cavalry
[Lithuania] I am the cavalryOWASP EEE
539 views36 slides
[Russia] Give me a stable input by
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable inputOWASP EEE
335 views56 slides

Viewers also liked(12)

Dia da Música by Paulo Antunes
Dia da MúsicaDia da Música
Dia da Música
Paulo Antunes1.2K views
[Lithuania] Introduction to threat modeling by OWASP EEE
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
OWASP EEE444 views
[Russia] Node.JS - Architecture and Vulnerabilities by OWASP EEE
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities
OWASP EEE560 views
[Lithuania] DigiCerts and DigiID to Enterprise apps by OWASP EEE
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps
OWASP EEE350 views
[Lithuania] I am the cavalry by OWASP EEE
[Lithuania] I am the cavalry[Lithuania] I am the cavalry
[Lithuania] I am the cavalry
OWASP EEE539 views
[Russia] Give me a stable input by OWASP EEE
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable input
OWASP EEE335 views
RESUME OF MAHFUZUR RAHMAN_Oct' 15 by Mahfuzur Rahman
RESUME OF MAHFUZUR RAHMAN_Oct' 15RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15
Mahfuzur Rahman317 views
[Cluj] CSP (Content Security Policy) by OWASP EEE
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)
OWASP EEE576 views
[Poland] It's only about frontend by OWASP EEE
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontend
OWASP EEE521 views
[Bucharest] XML Based Attacks by OWASP EEE
[Bucharest] XML Based Attacks[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks
OWASP EEE610 views
[Austria] Security by Design by OWASP EEE
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by Design
OWASP EEE665 views
[Russia] MySQL OOB injections by OWASP EEE
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
OWASP EEE1.6K views

Similar to [Bucharest] Catching up with today's malicious actors

Janitor vs cleaner by
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleanerJohn Stauffacher
770 views44 slides
Cyber Incident Response & Digital Forensics Lecture by
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
2.3K views79 slides
Offensive malware usage and defense by
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
5.1K views42 slides
Event Presentation: Cyber Security for Industrial Control Systems by
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
185 views24 slides
Defending Enterprise IT - beating assymetricality by
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
930 views41 slides

Similar to [Bucharest] Catching up with today's malicious actors(20)

Janitor vs cleaner by John Stauffacher
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
John Stauffacher770 views
Cyber Incident Response & Digital Forensics Lecture by Ollie Whitehouse
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
Ollie Whitehouse2.3K views
Offensive malware usage and defense by Christiaan Beek
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
Christiaan Beek5.1K views
Computer Security by Greater Noida Institute Of Technology
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology132 views
Event Presentation: Cyber Security for Industrial Control Systems by Infonaligy
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy185 views
Defending Enterprise IT - beating assymetricality by Claus Cramon Houmann
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann930 views
2015: The year-ahead-in-cyber-security by Stephen Cobb
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
Stephen Cobb4.1K views
Mark Arena - Cyber Threat Intelligence #uisgcon9 by UISGCON
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON 1.6K views
An Introduction To IT Security And Privacy In Libraries by Blake Carver
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
Blake Carver459 views
Keeping you and your library safe and secure by LYRASIS
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secure
LYRASIS 989 views
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec... by APNIC
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC325 views
Using Technology and People to Improve your Threat Resistance and Cyber Security by Stephen Cobb
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
Stephen Cobb723 views
Intro to INFOSEC by Sean Whalen
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen1.2K views
2015 Cyber Security by Allen Zhang
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
Allen Zhang182 views
Assessing Your security by Legal Services National Technology Assistance Project (LSNTAP)
Assessing Your securityAssessing Your security
Assessing Your security
Legal Services National Technology Assistance Project (LSNTAP)426 views
Cyber security with ai by Burhan Ahmed
Cyber security with aiCyber security with ai
Cyber security with ai
Burhan Ahmed14.4K views
INFRAGARD 2014: Back to basics security by Joel Cardella
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
Joel Cardella1.5K views
IT Security Awareness-v1.7.ppt by OoXair
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair988 views
Fully Integrated Defense Operation by Rob Fry
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense Operation
Rob Fry467 views
Wfh security risks - Ed Adams, President, Security Innovation by Priyanka Aash
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash1.9K views

More from OWASP EEE

[Austria] ZigBee exploited by
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploitedOWASP EEE
747 views48 slides
[Austria] How we hacked an online mobile banking Trojan by
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking TrojanOWASP EEE
654 views41 slides
[Poland] SecOps live cooking with OWASP appsec tools by
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec toolsOWASP EEE
461 views35 slides
[Cluj] Turn SSL ON by
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
406 views16 slides
[Cluj] Information Security Through Gamification by
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through GamificationOWASP EEE
585 views17 slides
[Cluj] A distributed - collaborative client certification system by
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification systemOWASP EEE
163 views14 slides

More from OWASP EEE(17)

[Austria] ZigBee exploited by OWASP EEE
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploited
OWASP EEE747 views
[Austria] How we hacked an online mobile banking Trojan by OWASP EEE
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
OWASP EEE654 views
[Poland] SecOps live cooking with OWASP appsec tools by OWASP EEE
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools
OWASP EEE461 views
[Cluj] Turn SSL ON by OWASP EEE
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
OWASP EEE406 views
[Cluj] Information Security Through Gamification by OWASP EEE
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification
OWASP EEE585 views
[Cluj] A distributed - collaborative client certification system by OWASP EEE
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system
OWASP EEE163 views
[Russia] Bugs -> max, time <= T by OWASP EEE
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T
OWASP EEE346 views
[Russia] Building better product security by OWASP EEE
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product security
OWASP EEE382 views
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent by OWASP EEE
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
OWASP EEE774 views
[Hungary] I play Jack of Information Disclosure by OWASP EEE
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure
OWASP EEE510 views
[Hungary] Survival is not mandatory. The air force one has departured are you... by OWASP EEE
[Hungary] Survival is not mandatory. The air force one has departured are you...[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...
OWASP EEE378 views
[Hungary] Secure Software? Start appreciating your developers! by OWASP EEE
[Hungary] Secure Software? Start appreciating your developers![Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers!
OWASP EEE237 views
[Bucharest] Your intents are dirty, droid! by OWASP EEE
[Bucharest] Your intents are dirty, droid![Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid!
OWASP EEE390 views
[Bucharest] #DontTrustTheDarkSide by OWASP EEE
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
OWASP EEE517 views
[Bucharest] From SCADA to IoT Cyber Security by OWASP EEE
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security
OWASP EEE1.1K views
[Bucharest] Reversing the Apple Sandbox by OWASP EEE
[Bucharest] Reversing the Apple Sandbox[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox
OWASP EEE338 views
[Bucharest] Attack is easy, let's talk defence by OWASP EEE
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE792 views

Recently uploaded

hamro digital logics.pptx by
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptxtupeshghimire
10 views36 slides
How to think like a threat actor for Kubernetes.pptx by
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
5 views33 slides
Marketing and Community Building in Web3 by
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3Federico Ast
14 views64 slides
ATPMOUSE_융합2조.pptx by
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptxkts120898
35 views70 slides
The Dark Web : Hidden Services by
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
14 views24 slides
Affiliate Marketing by
Affiliate MarketingAffiliate Marketing
Affiliate MarketingNavin Dhanuka
17 views30 slides

Recently uploaded(6)

hamro digital logics.pptx by tupeshghimire
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptx
tupeshghimire10 views
How to think like a threat actor for Kubernetes.pptx by LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 views
Marketing and Community Building in Web3 by Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast14 views
ATPMOUSE_융합2조.pptx by kts120898
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptx
kts12089835 views
The Dark Web : Hidden Services by Anshu Singh
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh14 views
Affiliate Marketing by Navin Dhanuka
Affiliate MarketingAffiliate Marketing
Affiliate Marketing
Navin Dhanuka17 views

[Bucharest] Catching up with today's malicious actors

  • 1. Catching up with today's malicious actors Current security posture and future possible actions OWASP EEE Bucharest Event 2015 Adrian Ifrim
  • 2. Disclaimer The content of this presentation does not reflect the official opinion of the my current employer or former employers. Responsibility for the information and views expressed in the presentation lies entirely with the author.
  • 3. id -un Adrian Ifrim cat .bash_history | grep jobs - Helpdesk/Network Administrator - Junior System Administrator - Support Engineer - IS Analyst - IT Auditor - Tech Security Lead
  • 4. uname -a • cat /proc/cpuinfo | grep hobbies - Information Security - Information Security - Information Security - Information Security
  • 6. Who are we dealing with? • State sponsored attacks • Organized Hacking Teams • State-sponsored hackers: hybrid armies • Terrorist organizations • One-man-show • Internal disgruntled employees • Malicious vendors – Software/Hardware • Trusted Third Party
  • 7. What are their strengths? • Time • Unlimited budget • Open source tools • Open Knowledge base (the Internet) • No bureaucratic approvals • New tricks up their sleeves (0days) • Strong Motive (financial, political, patriotic, fun)
  • 8. Who do we usually have? • Small teams of security professionals • Limited time • Limited budgets • Limited tools (if you don't have support you cant use it) • Bureaucratic approvals • Security testing requirements
  • 9. Losing the war - Tools • Anti-Virus  veil framework  backdoor factory  mitmf  metasploit  powershell  wmic  vbscript • Cost to make an undetected virus ~ 0
  • 10. Losing the war – More tools • Maintained by people for the people  Firewalls/Routers/Switches )  Web Site filtering  Data Leakage Protection  Web Application Firewalls  Database Activity Monitoring  SIEMs  Vulnerability scanners  IDS/IPS  Anti Malware  etc
  • 11. Losing the war: Monitoring those tools • Maintained by people for the people • Various time formats • Various log formats • Alert/parsing configuration • Huge number of events
  • 12. The hype: • Stagefright bug  Scary but not working on latest version of Android  Other countries may be affected :) • Heartbleed  http://siui.casan.ro/cnas/ is protected btw (no certificate)  introduced in 2012 and publicly disclosed in 2014 • Various 0days: flash,adobe reader, windows, osx, android, php, anti-virus
  • 13. Start being afraid of the right things Your real problems: • Your assets. The inventory • Personnel • ~6000days • Everyone's a coder • Availability • Did you know you use IPv6? Yeah you do • Tools • Old mindsets • Credentials everywhere • No two factor • No encryption • Wireless • Monitoring • APT (Antivirus Fail) • Unauthorized tools
  • 14. Various questions and answers received over the years • Why would I need security advisory in change management? • I know all my systems • But we do vulnerability scanning • If its internal they can't get in and we should not use encryption • Our anti-virus definitions are up-to-date
  • 15. Chapter 2 Future State of Security
  • 16. It's over • Traditional ways of protecting our networks are not working anymore • The victory of 300 Spartans is a not quite true: • 300 Spartans • 700 Thespians • 400 Thebans • and perhaps a few hundred others • most of whom were killed.
  • 17. But people say • Waving the white flag means you've lost • You're compromised and you don't even know it. Are you a target?
  • 18. Start being afraid of the right things • 80%+ percent of you problems come from 20% of you issues • Exploiting the 20% problems left would require some skills • It's OK to fail. • It's NOT OK not to know that you have failed or failing over and over again
  • 19. Understand what you are trying to protect
  • 20. Next steps • Artificial intelligence • Self-protecting mechanism just like the human immune system • Shape-shifting networks • Big Data • Advanced Honeypots • On the fly patching
  • 21. Next steps • Listening • Learning • Doing
  • 22. The future is here • Checkout DARPA Cyber Grand Challenge The challenge: Systems will autonomously create network defenses, deploy patches and mitigations, monitor the network, and evaluate the defenses of competitors. • Sounds like something the US would do 
  • 23. What we will need to do • Gather all information • From all devices • Process that information • Identify malicious events and patterns • Establish automated alerts • Establish automated decisions and actions
  • 24. What we will need to do • Establish correct incident response plans • Create production like environments • Add this layer on top of the old layers • Automate as much as you can
  • 25. Q&A Wait, what are you trying to say?