Ethical Hacking Definitions: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988 Ethics isn't just permission: https://github.com/redteamethics/redteamethics Petition to support ethical hackers: https://www.change.org/p/organizations-support-ethical-hackers Vulnerability scanning tool used, Tenable Nessus: https://www.tenable.com/products/nessus Exploitation framework used: https://www.metasploit.com/ Vulnerability Management is hard: https://medium.com/@jorgeorchilles/vulnerability-management-is-hard-how-do-you-prioritize-what-to-patch-1fc8e163d740 Example vulnerability discussed (CVE-2020-0796 SMBGhost/CoronaBlue): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0796 https://nvd.nist.gov/vuln/detail/CVE-2020-0796 https://attackerkb.com/topics/2LCXe3EPAZ/cve-2020-0796---smbghost?referrer=home Evolve from CVE to TTP with MITRE ATT&CK: https://attack.mitre.org/ Threat Intelligence with ATT&CK Navigator: https://mitre-attack.github.io/attack-navigator/enterprise/ Choosing the correct Command and Control Framework: https://www.thec2matrix.com/ Virtual machine with 8 command and controls tools: SANS Slingshot C2 Matrix Edition: https://howto.thec2matrix.com/slingshot-c2-matrix-edition

1. CYBERSECURITY IN THE DIGITAL ERA WEBCAST SERIES
“HACK YOURSELF FIRST: HANDS ON ETHICAL HACKING”
SPEAKERS:WEBINAR HOST:
Ana Curreya
Marketing Director
DigitalEra Group
Ricardo Martinez
Director of Business
Development
DigitalEra Group
Jorge Orchilles
Professional Hacker
SANS
Thank you for joining our webinar today. We will begin shortly.

2. www.DigitalEraGroup.com ∣ (786) 621-8600 ∣
GUEST SPEAKER
Jorge Orchilles
Professional Hacker
SANS

3. @jorgeorchilles
• Led the offensive security team at large financial – 10 years!
• Published author with industry contributions including:
• Common Vulnerability Scoring System (CVSSv3.1)
• Threat-led penetration testing framework (GFMA)
• SANS Certified Instructor
• Author of SEC564: Red Team Exercises and Adversary Emulation
• NSI Technologist Fellow
• ISSA fellow
• Board of the ISSA South Florida since 2010
• Author of Windows 7 Administrators Reference
ABOUT @JorgeOrchilles

4. @jorgeorchilles
• A hacker is a skilled individual who uses their technical knowledge to
overcome a problem
• Permission differentiates between ethical and sinister, often called
White Hat and Black Hat respectively
• An Ethical Hacker is a person who hacks into a computer network in
order to test or evaluate its security, rather than with malicious or
criminal intent
https://medium.com/@jorgeorchilles/ethical-hacking-definitions-
9b9a6dad4988
Ethical Hacking

5. @jorgeorchilles
• Definition: Automated (tool-based) scanning against assets (IPs or -
applications)
• Goal: Identify low hanging, known vulnerabilities pre, or post-
authentication
• Effort: Small; requires tool investment
• Many vendors: Tenable Nessus, Rapid7 Nexpose, Qualys, AlientVault,
IBM AppScan, HP WebInspect, etc.
• Focus: Technology vulnerabilities, patches, configuration
• Frequency: Weekly to Monthly
• Customer: System owners and operations teams
Vulnerability Scanning

6. @jorgeorchilles
Vulnerability Scanning
Demo

7. @jorgeorchilles
• Definition: Automated and manual assessment of assets in scope to
find security vulnerabilities, which may or may not be used to get in or
steal data
• Goal: Identify ALL vulnerabilities from assets in scope
• Effort: ~30% tools based and ~70% manual testing
• Focus: Technology and Configurations. Assessments are broader and
often include explicit policy and procedure reviews
• Frequency: Once per year or once per certification of product/version
• Customer: System owners, operations, engineers, application
stakeholders
Vulnerability Assessments

8. @jorgeorchilles
Vulnerability Assessment
Demo

9. @jorgeorchilles
• Definition: exploit the vulnerabilities identified; in a professional, safe
manner according to a carefully designed scope and Rules of
Engagement; to determine business risk and potential impact
• Goal: Report all exploitable vulnerabilities under controlled
circumstances.
• Effort: ~10% tools based and ~90% manual testing
• Focus: technology and preventive controls
• Frequency: ~once per year
• Customer: System owners, operations, engineering, and application
stakeholders
PenetrationTesting

10. @jorgeorchilles
Exploitation Demo

11. @jorgeorchilles
• Common Vulnerability Scoring System (CVSS)
• Exploit Predictability Scoring System (EPSS)
• AttackerKB.com
• Tenable Vulnerability Priority Rating
• Rapid7 Real Risk Score
• Mandiant/FireEye Risk Rating
https://medium.com/@jorgeorchilles/vulnerability-management-is-hard-
how-do-you-prioritize-what-to-patch-1fc8e163d740
Prioritization is Hard!

12. @jorgeorchilles
• Common Vulnerabilities and Exposures (CVE)
• https://cve.mitre.org
• Tactics, Techniques, and Procedures (TTPs)
• https://attack.mitre.org
• Assume Breach
• You will get breached by an exploited vulnerability or a TTP
“I am convinced that there are only two types of companies: those that have been
hacked and those that will be.” – Robert Muller March 1, 2012 RSA
• Can you detect and respond to what comes after?
Evolve from CVE toTTP

13. @jorgeorchilles
• Definition: Red Team emulates Tactics, Techniques, and Procedures (TTPs) of
real adversaries to improve the people, processes, and technology in the
target environment. “The practice of looking at a problem or situation from
the perspective of an adversary” – Red Team Journal 1997
• Goal: Make Blue Team better. Train and measure blue teams' detection and
response policies, procedures, and technologies are effective.
• Effort: Manual; some Red Team Automation tools
• Focus: detective controls; testing the defenders
• Frequency: Intelligence-led (new exploit, tool, or TTP)
• Customer: Blue Teams
RedTeam

14. @jorgeorchilles
• Definition: the defenders in an organization entrusted with identifying
and remediating attacks. Generally associated with Security Operations
Center or Managed Security Service Provider (MSSP), Hunt Team,
Incident Response, and Digital Forensics. Really, it is everyone's
responsibility!
• Goal: identify, report the attack, contain, and eradicate attacks
• Effort: Automated and Manual. People are the best defenders
• Focus: identify, contain, eradicate, and recover from attacks
• Frequency: Every Day 24/7
• Customer: entire organization
BlueTeam

15. @jorgeorchilles
• Definition: A function, or virtual team, where red and blue work
together to improve the overall security of the organization. Red Team
does not focus on stealth as they normally would.
• Goal: Red Team emulates adversary TTPs while blue teams watch and
improve detection and response policies, procedures, and technologies
in real time.
• Effort: Manual
• Frequency: Intelligence-led (new exploit, tool, or TTP)
• Customer: Red Team & Blue Team
PurpleTeam

16. @jorgeorchilles
• Definition: A type of Red Team exercise where the Red Team emulates
how an adversary operates, following the same tactics, techniques, and
procedures (TTPs), with a specific objective similar to those of realistic
threats or adversaries.
• Goal: Emulate an end-to-end attack against a target organization.
Obtain a holistic view of the organization’s preparedness for a real,
sophisticated attack.
• Effort: Manual; more setup than a limited scope Penetration Test
• Frequency: Twice a year or yearly
• Customer: Entire organization
Adversary Emulation

17. @jorgeorchilles
EmulatingTTP Demo

18. • All these ethical hacking and offensive security offerings are meant to
provide value to the business (getting a shell is not business value)
• Understand the business requirements and communicate in business
terms
DigitalEra has partnered with AvanseCyber, where I am an advisor, to
deliver these services, contact us if you are interested in learning more or
if you would like an assessment
Provide Value
www.DigitalEraGroup.com ∣ (786) 621-8600 ∣ info@avansecyber.com

19. Provide Value
www.DigitalEraGroup.com ∣ (786) 621-8600 ∣ info@avansecyber.com

20. www.DigitalEraGroup.com ∣ (786) 621-8600 ∣
Q&A

21. www.DigitalEraGroup.com ∣ (786) 621-8600 ∣
THANKYOU