Hacking vs. CyberHacking is a single battle, Cyber attack is part of warfareIftach Ian Amit | Director of Services, IOActi...
About
Hacking
Hacking
Hacking• How it looks like in the industry:   – Vulnerability Assessments   – Penetration Testing   – Code Reviews   – Oth...
Hacking• Features:   – Usually a single target   – Surface of attack – shallow (opportunistic)   – Tools/Techniques: commo...
Cyber Attack
Warfare
Cyber Attack
Warfare• So… how does your “cyber” work out so far?• Confused yet?• Good.
Warfare
This isn’t about computers anymore!Hint – it never was.
Cyber Warfare• As the name suggests – it’s part of a bigger picture. Warfare.• Warfare is never fought in a single domain ...
Hack into the server farm?Or just take the server (hack into the serverroom…)
Bypass the firewall?Nope. I’ll just walk into the network… Or let you install my backdoor for me:
Social
Social-Electronic convergence
Intelligence
Check outGuy’s talkRight after this!
Final convergence – Electronic/Digital• Here’s your “cyber”…The new language: Campaign• Profiling, intel gathering, reconn...
Cyber Warfare• Features:   – Multiple strategic targets   – Surface of attack – full   – Tools/Techniques: all, including ...
Practicing “cyber” – Red Team Testing                 Pre-                             Intelligence     ThreatHomework    ...
Hacking vs. Cyber                    China always had it right 
QUESTIONS?Iftach Ian Amit@iiamitiamit@ioactive.com
Hacking cyber-iamit
Hacking cyber-iamit
Upcoming SlideShare
Loading in …5
×

Hacking cyber-iamit

613 views

Published on

1 Comment
0 Likes
Statistics
Notes
  • damn! why the nlp pseudo science bullshit?
    was enjoying the slides up until that point.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
613
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
38
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide
  • Government Communications Headquarters - UK
  • Hacking cyber-iamit

    1. 1. Hacking vs. CyberHacking is a single battle, Cyber attack is part of warfareIftach Ian Amit | Director of Services, IOActive inc.
    2. 2. About
    3. 3. Hacking
    4. 4. Hacking
    5. 5. Hacking• How it looks like in the industry: – Vulnerability Assessments – Penetration Testing – Code Reviews – Other marketing terminology (that may involve the term “cyber” by mistake)
    6. 6. Hacking• Features: – Usually a single target – Surface of attack – shallow (opportunistic) – Tools/Techniques: common, or simple development effort• Motivation: – Financial – Political – Challenge• Defenses: – Anti-Virus, Firewalls, WAF, IDS, IPS, etc… – Really ???
    7. 7. Cyber Attack
    8. 8. Warfare
    9. 9. Cyber Attack
    10. 10. Warfare• So… how does your “cyber” work out so far?• Confused yet?• Good.
    11. 11. Warfare
    12. 12. This isn’t about computers anymore!Hint – it never was.
    13. 13. Cyber Warfare• As the name suggests – it’s part of a bigger picture. Warfare.• Warfare is never fought in a single domain (unless you want to lose…)• Physical• Social• Intelligence• Electronic These are the domains that cyberwar is engaged in
    14. 14. Hack into the server farm?Or just take the server (hack into the serverroom…)
    15. 15. Bypass the firewall?Nope. I’ll just walk into the network… Or let you install my backdoor for me:
    16. 16. Social
    17. 17. Social-Electronic convergence
    18. 18. Intelligence
    19. 19. Check outGuy’s talkRight after this!
    20. 20. Final convergence – Electronic/Digital• Here’s your “cyber”…The new language: Campaign• Profiling, intel gathering, reconnaissance• Vulnerability research (not just software!)• Exploitation• Establishing control, opening comm channels, In ALL domains! broadening foothold• Targeting assets• Exfiltration
    21. 21. Cyber Warfare• Features: – Multiple strategic targets – Surface of attack – full – Tools/Techniques: all, including all domains, and often with custom built tools• Motivation: – Financial – Political• Defenses: – Strategic Defense in Depth (not vendor products) – Awareness and Education (the human factor) – Coverage of all domains at the defense strategy
    22. 22. Practicing “cyber” – Red Team Testing Pre- Intelligence ThreatHomework engagement Gathering Modeling Interactions Vulnerability PostHands-on Analysis Exploitation ExploitationWriting Reporting
    23. 23. Hacking vs. Cyber China always had it right 
    24. 24. QUESTIONS?Iftach Ian Amit@iiamitiamit@ioactive.com

    ×