SlideShare a Scribd company logo

Red Teaming Airport Cybersecurity

S
Saeid Atabaki

This document provides an overview of red teaming in the context of airport and aviation cyber security. It begins with examples of past cyber attacks on airports, then defines red teaming as simulating threats to help evaluate security preparedness. The document outlines the minimum skills needed for a red teamer and different engagement approaches. It presents an example red team attack scenario on an airport operations center and discusses takeaways from a red team assessment, such as improving visibility of attack surfaces and measuring security response effectiveness. The goal is to help organizations strengthen their defenses by thinking like attackers.

Presentations & Public Speaking
1 of 38
VANTAGEPOINT Cyber Red Teaming in Airport and Aviation
VANTAGEPOINT def Saeid(); • Senior Security Consultant @ VP • Crest / Offensive Security Certified (OCSP/E) • Over 10 years In the Industry • Offsec, Red Teamer, Ring0 Fuzzer • Passionate about security  I don’t like to get caught  Specific focus on offensive and stealthy operations
VANTAGEPOINT This presentation will cover Quick History of Cyber Attacks in Airport What is Red Teaming Minimum skillset as a Red Teamer Engagement Points RT Attack Overview & Scenario Post Assessment Takeaway
VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware… 2014 – Account Backdoor on Airport X-Ray Scanner Attackers may be able to use the account as backdoor to get to the system
VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
• On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware… VANTAGEPOINT Recent cyber attacks on airport
VANTAGEPOINT Airport Delicious target for hacker?!
VANTAGEPOINT Airport Delicious target for hacker?!
VANTAGEPOINT Airport Delicious target for hacker?! • Insiders (employees, contractors, etc.) who have legitimate access to the APOC, either by accidental or deliberate misuse (e.g. when threatened by terrorists) • Hacktivists, who have a cause to fight for (such as political or ideological motives) • Hackers or virus writers, who find interfering with computer systems an enjoyable challenge • Business competitors and foreign intelligence services, interested in gaining an economic advantage for their companies or countries • Cyber-criminals, who are interested in making money through fraud or from the sale ofvaluable information • Terrorists, who are interested in obtaining and using sensitive information to launch a conventional attack • Organized crime, who are interested in obtaining financial reward or ransom in exchange of not provoking cancellations or flight disruptions • State Cyber-Forces, who have large amounts of resources at their disposal, state backing and are very highly skilled
VANTAGEPOINT The Problem???!
VANTAGEPOINT The Problem???!
VANTAGEPOINT The Problem???! What we are doing wrong?
VANTAGEPOINT Active defense is our only option: • Firewalls • Multi-Tiered Networks • IDS and Monitoring Systems • Security Operations • Analytics • DLP / Encryption • Actionable Intelligence • Okay-ish patch cycle. • Strong user account & password policies. • Security staff (blue team). We build a “Castle on a Hill” But this gets us no closer to knowing what’s coming or how to prepare. Spis Castle, Slovakia. It’s incredible.
VANTAGEPOINT What is Red Teaming ? • Originally a military term used for a decision making process. • Attempting to predict the movements of an adversary by using Alternative Analysis. • Predict what will happen in a particular scenario. • Creating and simulating worst case scenarios. • Red Teams are growing in popularity. • Red Teaming has become a strategy evaluation and decision making technique. • Used by many different sectors and industries.
VANTAGEPOINT What is Red Teaming ? • Red Teams try to answer the “What If” question. If tomorrow we became the target of Anonymous. A foreign state A disgruntled employee who didn't get his bonus An eastern European cyber crime/ransomware gang An international competitor wanting to find a commercial edge Could this happen? How easily ? What is the impact ? What if our CEO left his iPhone in a taxi?
VANTAGEPOINT Red-Teaming have multiple meanings: • It can mean threat emulation, in the U.S. Marine Corps • It can mean as conducting a vulnerability assessment • It can mean using analytical techniques in the DoD Red Teaming meaning in different areas Common in the goal of improving decision making through critical thinking and analysis.
VANTAGEPOINT Center of Security Red- Teaming Physic al Securit y Mobile Securit y Web Application Security Human Vulnerabili ty Incident Respons e Security Operatio ns Center Infrastructu re Security
VANTAGEPOINT Conducting a Red Team Assessment
VANTAGEPOINT Minimum skillset required as a Red Teamer
VANTAGEPOINT Minimum skillset required as a Red Teamer
VANTAGEPOINT Minimum skillset required as a Red Teamer
Minimum skillset required as a Red Teamer VANTAGEPOINT
Engagement Points Maliciou s Insider Externa l Hacker External Threat Approach: Act as an external threat. Hack without any access to internal resources. Insider Threat Approach: Act as an insider threat. This approach does not require to do social engineering, web hacking, etc.. VANTAGEPOINT
VANTAGEPOINT
VANTAGEPOINT
VANTAGEPOINT
VANTAGEPOINT Red Team Attack Overview
VANTAGEPOINT Red Team Attack Scenario First Thing First >>> Setting a Goal E.g. Taking control of the Airport Operations Center
VANTAGEPOINT Red Team Attack Scenario Second >>> Story Board the Attack
VANTAGEPOINT Red Team Attack Scenario Spear-Phishing targeted decision makers of APOC Compromise their systems by Attachments or URL Privilege Escalation to get the full control over their systems Map the network using the infected machines and use LinkedIn as C2 Avoid detection: encrypt all the communication Infect the Active Directory Gain full control over APOC systems Data Exfiltration
VANTAGEPOINT Red Team Attack Scenario Third >>> Determining where IR should detect and respond
VANTAGEPOINT Red Team Attack Scenario Spear-Phishing targeted decision makers of APOC Compromise their systems by Attachments or URL Privilege Escalation to get the full control over their systems Map the network using the infected machines and use LinkedIn as C2 Avoid detection: encrypt all the communication Infect the Active Directory Gain full control over APOC systems Data Exfiltration
VANTAGEPOINT Red Team Attack Scenario Fourth >>> Use the Red Team to validate the story board
VANTAGEPOINT Understating the attacker
Post Assessment Takeaway Visibility in your Attack Surface How effective is your Blue Team? (IR Team) Measuring of Time to Detect – Time to Remediate Does your product work as expected? Does your product implemented and configured correctly? Discovering Security Design Flaws Identify vulnerabilities in PPT (People, Process and Technology) Identify the crown jewels How good is your organization overall posture? How your organization respond to threats and attacks? How good is your decision maker? VANTAGEPOINT
VANTAGEPOINT Saeid Atabaki Bytecod3r Q/A

Recommended

Jhon the ripper
Jhon the ripper Jhon the ripper
Jhon the ripper Merve Karabudağ
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
BGA CTF Ethical Hacking Yarışması Çözümleri
BGA CTF Ethical Hacking Yarışması ÇözümleriBGA CTF Ethical Hacking Yarışması Çözümleri
BGA CTF Ethical Hacking Yarışması ÇözümleriBGA Cyber Security
 
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abelpassword cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abelShweta Sharma
 
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020BGA Cyber Security
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Forti̇gate ayarlari
Forti̇gate ayarlariForti̇gate ayarlari
Forti̇gate ayarlarihuzeyfe
 

Recommended

Jhon the ripper
Jhon the ripper Jhon the ripper
Jhon the ripper Merve Karabudağ
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
BGA CTF Ethical Hacking Yarışması Çözümleri
BGA CTF Ethical Hacking Yarışması ÇözümleriBGA CTF Ethical Hacking Yarışması Çözümleri
BGA CTF Ethical Hacking Yarışması ÇözümleriBGA Cyber Security
 
password cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abelpassword cracking using John the ripper, hashcat, Cain&abel
password cracking using John the ripper, hashcat, Cain&abelShweta Sharma
 
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020BGA Cyber Security
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Forti̇gate ayarlari
Forti̇gate ayarlariForti̇gate ayarlari
Forti̇gate ayarlarihuzeyfe
 
The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...Jisc
 
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?BGA Cyber Security
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Hacking'in Mavi Tarafı -1
Hacking'in Mavi Tarafı -1Hacking'in Mavi Tarafı -1
Hacking'in Mavi Tarafı -1Turkhackteam Blue Team
 
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiBGA Cyber Security
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Siber Güvenlik ve Etik Hacking Sunu - 5
Siber Güvenlik ve Etik Hacking Sunu - 5Siber Güvenlik ve Etik Hacking Sunu - 5
Siber Güvenlik ve Etik Hacking Sunu - 5Murat KARA
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriBGA Cyber Security
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Security Measures
Security MeasuresSecurity Measures
Security Measureshanna91
 
DOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriDOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriBGA Cyber Security
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?BGA Cyber Security
 
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıWebinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıBGA Cyber Security
 
SSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakSSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakBGA Cyber Security
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introductionn|u - The Open Security Community
 
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)PRISMA CSI
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 

More Related Content

What's hot

The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...Jisc
 
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?BGA Cyber Security
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiBGA Cyber Security
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Siber Güvenlik ve Etik Hacking Sunu - 5
Siber Güvenlik ve Etik Hacking Sunu - 5Siber Güvenlik ve Etik Hacking Sunu - 5
Siber Güvenlik ve Etik Hacking Sunu - 5Murat KARA
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriBGA Cyber Security
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Security Measures
Security MeasuresSecurity Measures
Security Measureshanna91
 
DOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriDOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriBGA Cyber Security
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?BGA Cyber Security
 
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıWebinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıBGA Cyber Security
 
SSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakSSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakBGA Cyber Security
 
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)PRISMA CSI
 

What's hot (20)

The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...The adversary playbook - the tools, techniques and procedures used by threat ...
The adversary playbook - the tools, techniques and procedures used by threat ...
 
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
Çalıştay | DDoS Saldırıları Nasıl Gerçekleştirilir?
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Hacking'in Mavi Tarafı -1
Hacking'in Mavi Tarafı -1Hacking'in Mavi Tarafı -1
Hacking'in Mavi Tarafı -1
 
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Siber Güvenlik ve Etik Hacking Sunu - 5
Siber Güvenlik ve Etik Hacking Sunu - 5Siber Güvenlik ve Etik Hacking Sunu - 5
Siber Güvenlik ve Etik Hacking Sunu - 5
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Port scanning
Port scanningPort scanning
Port scanning
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Security Measures
Security MeasuresSecurity Measures
Security Measures
 
DOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma YöntemleriDOS, DDOS Atakları ve Korunma Yöntemleri
DOS, DDOS Atakları ve Korunma Yöntemleri
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?
 
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıWebinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
 
SSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri AtlatmakSSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
SSH Tünelleme ile İçerik Filtreleyicileri Atlatmak
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introduction
 
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 

Similar to Red Teaming Airport Cybersecurity

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorTechExeter
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Paolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat IntelligencePaolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat IntelligenceCodemotion
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfHamzaAfzal61
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
Future-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsFuture-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsSteven SIM Kok Leong
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Morakinyo Animasaun
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
 

Similar to Red Teaming Airport Cybersecurity (20)

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Paolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat IntelligencePaolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat Intelligence
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdf
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Future-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsFuture-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threats
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 

Recently uploaded

OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 

Recently uploaded (20)

OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 

Red Teaming Airport Cybersecurity

  • 1. VANTAGEPOINT Cyber Red Teaming in Airport and Aviation
  • 2. VANTAGEPOINT def Saeid(); • Senior Security Consultant @ VP • Crest / Offensive Security Certified (OCSP/E) • Over 10 years In the Industry • Offsec, Red Teamer, Ring0 Fuzzer • Passionate about security  I don’t like to get caught  Specific focus on offensive and stealthy operations
  • 3. VANTAGEPOINT This presentation will cover Quick History of Cyber Attacks in Airport What is Red Teaming Minimum skillset as a Red Teamer Engagement Points RT Attack Overview & Scenario Post Assessment Takeaway
  • 4. VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
  • 5. VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
  • 6. VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware… 2014 – Account Backdoor on Airport X-Ray Scanner Attackers may be able to use the account as backdoor to get to the system
  • 7. VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
  • 8. • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware… VANTAGEPOINT Recent cyber attacks on airport
  • 11. VANTAGEPOINT Airport Delicious target for hacker?! • Insiders (employees, contractors, etc.) who have legitimate access to the APOC, either by accidental or deliberate misuse (e.g. when threatened by terrorists) • Hacktivists, who have a cause to fight for (such as political or ideological motives) • Hackers or virus writers, who find interfering with computer systems an enjoyable challenge • Business competitors and foreign intelligence services, interested in gaining an economic advantage for their companies or countries • Cyber-criminals, who are interested in making money through fraud or from the sale ofvaluable information • Terrorists, who are interested in obtaining and using sensitive information to launch a conventional attack • Organized crime, who are interested in obtaining financial reward or ransom in exchange of not provoking cancellations or flight disruptions • State Cyber-Forces, who have large amounts of resources at their disposal, state backing and are very highly skilled
  • 15. VANTAGEPOINT Active defense is our only option: • Firewalls • Multi-Tiered Networks • IDS and Monitoring Systems • Security Operations • Analytics • DLP / Encryption • Actionable Intelligence • Okay-ish patch cycle. • Strong user account & password policies. • Security staff (blue team). We build a “Castle on a Hill” But this gets us no closer to knowing what’s coming or how to prepare. Spis Castle, Slovakia. It’s incredible.
  • 16. VANTAGEPOINT What is Red Teaming ? • Originally a military term used for a decision making process. • Attempting to predict the movements of an adversary by using Alternative Analysis. • Predict what will happen in a particular scenario. • Creating and simulating worst case scenarios. • Red Teams are growing in popularity. • Red Teaming has become a strategy evaluation and decision making technique. • Used by many different sectors and industries.
  • 17. VANTAGEPOINT What is Red Teaming ? • Red Teams try to answer the “What If” question. If tomorrow we became the target of Anonymous. A foreign state A disgruntled employee who didn't get his bonus An eastern European cyber crime/ransomware gang An international competitor wanting to find a commercial edge Could this happen? How easily ? What is the impact ? What if our CEO left his iPhone in a taxi?
  • 18. VANTAGEPOINT Red-Teaming have multiple meanings: • It can mean threat emulation, in the U.S. Marine Corps • It can mean as conducting a vulnerability assessment • It can mean using analytical techniques in the DoD Red Teaming meaning in different areas Common in the goal of improving decision making through critical thinking and analysis.
  • 20. VANTAGEPOINT Conducting a Red Team Assessment
  • 24. Minimum skillset required as a Red Teamer VANTAGEPOINT
  • 25. Engagement Points Maliciou s Insider Externa l Hacker External Threat Approach: Act as an external threat. Hack without any access to internal resources. Insider Threat Approach: Act as an insider threat. This approach does not require to do social engineering, web hacking, etc.. VANTAGEPOINT
  • 30. VANTAGEPOINT Red Team Attack Scenario First Thing First >>> Setting a Goal E.g. Taking control of the Airport Operations Center
  • 31. VANTAGEPOINT Red Team Attack Scenario Second >>> Story Board the Attack
  • 32. VANTAGEPOINT Red Team Attack Scenario Spear-Phishing targeted decision makers of APOC Compromise their systems by Attachments or URL Privilege Escalation to get the full control over their systems Map the network using the infected machines and use LinkedIn as C2 Avoid detection: encrypt all the communication Infect the Active Directory Gain full control over APOC systems Data Exfiltration
  • 33. VANTAGEPOINT Red Team Attack Scenario Third >>> Determining where IR should detect and respond
  • 34. VANTAGEPOINT Red Team Attack Scenario Spear-Phishing targeted decision makers of APOC Compromise their systems by Attachments or URL Privilege Escalation to get the full control over their systems Map the network using the infected machines and use LinkedIn as C2 Avoid detection: encrypt all the communication Infect the Active Directory Gain full control over APOC systems Data Exfiltration
  • 35. VANTAGEPOINT Red Team Attack Scenario Fourth >>> Use the Red Team to validate the story board
  • 37. Post Assessment Takeaway Visibility in your Attack Surface How effective is your Blue Team? (IR Team) Measuring of Time to Detect – Time to Remediate Does your product work as expected? Does your product implemented and configured correctly? Discovering Security Design Flaws Identify vulnerabilities in PPT (People, Process and Technology) Identify the crown jewels How good is your organization overall posture? How your organization respond to threats and attacks? How good is your decision maker? VANTAGEPOINT

Editor's Notes

  1. A red team or the red team is an independent group that challenges an organization to improve its effectiveness.
  2. its is an independent group that challenges an organization to improve its effectiveness.
  3. its is an independent group that challenges an organization to improve its effectiveness.
  4. its is an independent group that challenges an organization to improve its effectiveness.
  5. its is an independent group that challenges an organization to improve its effectiveness.
  6. its is an independent group that challenges an organization to improve its effectiveness.
  7. its is an independent group that challenges an organization to improve its effectiveness.
  8. its is an independent group that challenges an organization to improve its effectiveness.
  9. its is an independent group that challenges an organization to improve its effectiveness.
  10. its is an independent group that challenges an organization to improve its effectiveness.
  11. its is an independent group that challenges an organization to improve its effectiveness.
  12. its is an independent group that challenges an organization to improve its effectiveness.
  13. its is an independent group that challenges an organization to improve its effectiveness.
  14. the mindset of humility that is recognition that you are working for a job and you cant conceive all of the problems that your organization faces. If you think about your own profession, you will recognize that you work very close to others and you probably think very similar to them, you probably have a boss that you afraid to share your most challenging views with, you will think its pointless, researchers found out that people don’t like to find out the blind spot of their organization and challenge the assumptions where they work and its very difficult to conceive the adversary perspective, once you accept the fact that you can not grade your homework, red teams are an approach to get around this institutional pathology that we are faced, no matter where we work. especially in the companies with Bureaucracy that is any degree of hierarchy into it. Is the practice of viewing a problem from an adversary or competitor’s perspective. The goal of most red teams is to enhance decision making, either by specifying the adversary’s preferences and strategies or by simply acting as a devil’s advocate. the process of using tactics, techniques, and procedures (TTPs) to emulate a real-world threat with the goals of training and measuring the effectiveness of people, processes and technology used to defend an environment.  
  15. Businesses, governmental agencies, the Department of Defense, and each of the services have their own definition of red teaming and views on how to apply it. It can mean threat emulation, also known as “role-playing the adversary”, which is how the U.S. Marine Corps uses the term. It can meant as conducting a vulnerability assessment of a process or system design to determine its weaknesses. It can meant using analytical techniques in order to improve intelligence estimates and intelligence synchronization, common in the DOD and governmental intelligence agencies. While these definitions seem unrelated, they have in common the ultimate goal of improving decision making through critical thinking and analysis.
  16. ROI removed
  17. Red Team members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department.
  18. Red Team members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department.
  19. Red Team members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department.
  20. Red Team members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department.
  21. External Threat Approach: Act as an external threat. Hack without any access to internal resources. (E.g. Phishing, social engineering, Password Guessing, Web Hacking) Insider Threat Approach: Act as an insider threat. This approach does not require to do social engineering, web hacking, etc.. So bypassing anti-phishing or anti-spam is not required. The attacker simply connects his mini broadband dongle to a network node and run away!
  22. This is why it's important to understand attacker capabilities when building your threat model...
  23. its is an independent group that challenges an organization to improve its effectiveness.
  24. its is an independent group that challenges an organization to improve its effectiveness.
  25. its is an independent group that challenges an organization to improve its effectiveness.