SlideShare a Scribd company logo

Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

EnergySec
EnergySec

An interactive look at what security research means today and how we got to zero days, bug bounties, and hoodie hackers in the news. What particular skills or talents are most essential to be effective as a security researcher, and how much can we learn from the new digital anthropologist in waiting.

Technology
1 of 42
Download to read offline
WHAT “YOU’VE GOT MAIL” TAUGHT ME ABOUT CYBER SECURITY Hawaii Security Sessions
2 Reintroduce Ideas Break old ones. What the Heck?! TOM HANKS NY152 MEG RYAN Shopgirl
What is a researcher? What do they do?
5 WHAT IS A “ZERO-DAY” 01 02 03 04 05 06 07 Su Mo Tu Th We Fr Sa FEBRUARY 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 01 02 03 04 05 It’s easer then you might think but you might be looking in the wrong places, the wrong way and if you blink you could miss it in some special instances. Can you find one? Not the 29th Too busy, 5th 9th Monday ehh 21st seems good ”Who cares thats just a defcon term” Above is the list of reasons why anyone might not be familiar with a cyber security researcher, there are few of us and we don't get introduced until people put on sad faces. ”Think the news was using it” ”Was part of stuxnet and we’ve scanned for it” ”Why did all of the PLC’s go offline then back?”
6 @DanielCLance Twitter to Hacking Step by Step Miami to Phoenix PLAN None PROCHEDURE Ehh Not really SCHEDULE None
7 @DanielCLance Twitter Start to no2ce a trend in the technologies developers are using to promote new products. The Tech I wasn’t Looking but found something ”“
8 @DanielCLance Event-Horizon The go-no-go point for any good guy or bad the moment you can’t pass something up that you know or have a great feeling about Funny feeling I wasn’t Looking but found something ”“
9 @DanielCLance Approach Tactic Analogous Path CompleRon Company Who Uses Company Who Adds To Company Who Works On Customer (Enduser) Service Provider Company Who Dev Weighing Analysis There isn't a right answer or a wrong one. But picking the lesser evil path if possible is advised and more oXen easier. 9
10 @DanielCLance Is there a way of telling all par2es involved what the issue is and what milestones will escalate this effort? Planing Is this going to be something loud? What is the current reputa2on of the target and how will a vulnerability force change. Promotion Who are we really looking at and why? You can waste a ton of 2me contempla2ng who and what to peek into. Research Bounce ideas off other people in the industry. Use the kinda detail that protects the idea from harming the public. Review
11 @DanielCLance Knowing the target “size” can tell you a liZle about possible reac2ons to your findings. They might not be a good target. Size Is there a win-win that can be found in working with one target over another. Customers demanding change works. Relationships Is this issue going to only effect one major player or will it effect all of them, and in what way? Industry Target
12 @DanielCLance Strategic Is this really the best use of Rme, how mission criRcal is the issue? Ask this throughout research. Loyal Do we have a way to see the issue through to the end. Is the body of work going to require any longterm funding? Honest Can the data collected about the target be a risk to the researcher and when do you stop. Respectful Are there relaRonships at play that might effect the company you work for and the target? Accomplishment What do we show to the public when we show the capability of working on a parRcular set of equipment. Energetic What is the speed of approach based on any possible past experiences with the target
13 @DanielCLance Respectful Accomplishment Approach Speed Industry The End User The Company Weighing should be interlaced ”“
14 @DanielCLance CERT Use Repor2ng Method Public Disclosure Personal Risk Mi2ga2on w/effected Private Disclosure Weighing Analysis There isn't a right answer or a wrong one. But picking the lesser evil path if possible is advised and more oXen easier.
15 @DanielCLance The two forks are op2onal but the center in the integrity of approach and must always be done Approach Tactic RequiredOptionalOptional
16 @DanielCLance This can all be very useful later if you have to write a vulnerability report INVESTIGATE What all are they showing on there website. Are they talking about the technology as a new innova2on. Websites What did they saw the public in the past. Can this be used against them. Way-back Machine See how people are using the technology and if it already shows up in the public space. ShowDan Many companies use video as a training tool. How can this be used against them. YouTube
17 @DanielCLance This is a very light assessment on the public percep2on of the company and isn't always needed at this point in the process. This informa2on can be used to help the vulnerability report. FISHING IN THE DARK Service Process What tools are used to service the technology itself. What service do they do RMA Process How do they handle returned product. Can I get an exploit in to them that way Carrer Center How do I stack up against what they are looking for. Build an account apply. Photos of Controls Everyone wants to show off. Show me your (NOC) network operaRons center
You would be shocked how much you will find. Hardcoded passwords lee in, default passwords lee in with no way to change them in the manual. 18 @DanielCLance When an engineer writes the manual they tend to over inform you for the task at hand. Us this to your advantage. READ THE MANUAL a
19 @DanielCLance Why wait so long? DOWNLOADING LOOKING There wasn't a password to download manuals and firmware, the manuals had direc2ons to all of the tools needed to service and break the device. Even had direc2ons on how to build the parser they use and that happen to be a stock parse. Then they showed you how to upload new calibra2on files, even gave me fake telemetry to test with. WEBSITE
20 @DanielCLance Collect all of your findings and package them up so it is easy to understand to anyone reading. Then encrypt the hell out of it, and at this point it should be clear you have something that could be cri2cal to humans on the other end of the technology CLARIFY BASIC SECURITY PRACTICES SUGGESTIONS This aZack was done without having the physical device. If they had protected some of the things we covered this wouldn't have been possible to uncover. FULL NETWORK SEGMENTATION SUGGESTIONS This is really more of a mi2ga2on and not a long term fix. RECALL ANY DEVICES THAT ARE USED FOR MISSION CRITICAL SUGGESTIONS Rarely done in the real world but serves as a way of saying this is a major issue. UNAUTHENTICATED COMMAND AND CONTROL VULNERABILITY The sweetest words. You could remotely blow away the firmware on the device and even install applica2ons of your own. NETWORK LEVEL COMMAND AND CONTROL VULNERABILITY Not a worst case scenario most of the 2me this is a quick fix. But in this case the device could be spoofed on the network. So it was a big issue.
21 @DanielCLance This is the easiest part to mess up, you want your work to be taken seriously so write it up professionally say what you mean and mean what you say or the report wont be taken seriously by any developer SEND TO THE CORRECT PARTIES Submit ICS-CERT and US-CERT both lack a forma`ng rule for submi`ng new reports. Format Start with company background and the industries effected. Then a narraRve explaining the issue at a high level. Close with technical detail. Proof-of-concept is always good to include. This is where that pre- research will come in. www.inspirasign I am contac2ng you both as this product is used in both consumer products and ICS the vendor claims. Velodyne LiDAR, Inc. Velodyne’s three flagship products the HDL-64E, HDL-32E, and the PUCK suggest they are used for: Automo2ve UAV Mapping Automa2on (ICS) Robo2cs Security (Ironic) Urban Planning Agriculture Mining R&D Topography Geology HDL-64E, HDL-32E, and the PUCK (AKA VLP-16) All make use of packet captures to relay in plain text, telemetry from the sensor to server. The server will make a logical determina2on based on the telemetry this could be leveraged to, in the case of an automobile tell the server (CPU) in the system that the sensor or vehicle has a wall in front of it. They’ve employed an embedded web server that doesn’t require authen2ca2on to access and update both firmware and calibra2on files for the lasers. If an aZacker can gain network level access at any point they can modify the firmware and calibra2on files and remove any forensic evidence in the process. With very liZle effort an aZacker could access the GPS data also collected in some configura2ons of the sensor and launch a replay aZack replaying telemetry from the sensor itself at plus or minus a given la2tude and longitude. Sample .pcap files can be found at hZp://midas3.kitware.com/midas/community/29 for tes2ng. Some of the documenta2on that is public also shows you how they parse the data. Addi2onally if an aZacker is on the network, all they need to do is launch an aZack at a given telemetry and control what the vehicle (for our example) can see live thus allowing them to steer the vehicle if an aZacker has commend and control of a network enabled device. The official vulnerability of this system: Unauthen2cated command and control with network level command and control lacking basic security prac2ces. Sugges2ons: Full network segmenta2on. Recall any devices that are used for mission cri2cal, or could present a health and welfare risk to users, and/or bystanders. Un2l basic security prac2ces can be implemented. hZp://velodynelidar.com hZp://velodynelidar.com/downloads.html Firmware, Manuals, and soeware are all free to download. Suggest user authen2ca2on here. P.S. hZps://www.youtube.com/watch?v=wUfHadExvs8 (Proves a good deal of the claims above in the promo video) You can give them my name, our goal at Archer is to strengthen cri2cal infrastructure through a collabora2ve effort with effected venders. Please keep me updated so I may be of service when needed. Thank you, Daniel Lance
22 @DanielCLance As of 1 Sept 2011 the other elements of our disclosure policy, see below, are no longer in effect. We will decide what we want to do with any vulnerability. We may disclose it to the vendor; we may disclose some or part of it publicly; we may disclose only to our affected customers; we may keep to ourselves for future use; or we may do something else. OTHERS Our goal at Archer is to strengthen cri2cal infrastructure through a collabora2ve effort with effected venders. Please keep us updated so we may be of service when needed. ARCHER LABS Iden2fying a vulnerability is easy; taking care of the vulnerability so your work beZers the overall health of an industry is the hard part oeen 2mes. And reading vulnerability disclosure policies around the industry proves how most aren’t cut out for the job of security research. VULNERABILITY DISCLOSURE POLICY
23 @DanielCLance MALWARE IN A NUTSHELL Malicious SoXware “ Generally, software is considered malware based on the intent of the creator rather than its actual features.“ -pctools.com- Dynamic Attack Surface “ Code should be classified from its behavior alone.“ -Daniel Lance-
24 @DanielCLance Where do these people come from? Becoming a security researcher? Former coder, a hacker, a programmer, a developer, and a computer scientist.
25 @DanielCLance Venn Diagram
26 White, Black, Gray, and everything between?  Hat Trick BAD GUYS Typically use there skill for some type of personal gain or agenda. GOOD GUYS Use there skill for penetra2on tes2ng and implement. GRAY GUYS They are everywhere you want to be, and typically where you need them.
27 @DanielCLance HACKING/RESEARCH BACKGROUND COMPUTER SECURITY HACKER HISTORY
28 @DanielCLance Nevil Maskelyne 1903 Disrupts John Ambrose Fleming's public demonstraRon of Guglielmo Marconi's purportedly secure wireless telegraphy technology, sending insulRng Morse code messages through the auditorium's projector. A family of portable cipher machines with rotor scramblers. Broken by Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki The Enigma cipher machine Finds a frequency of 2600 Hz would interact with AT&T's implementa2on of fully automa2c switches. Joe Engressia, 1932 1943 1957 French computer expert René Carmille, hacked the punched card used by the Nazis to locate Jews. IBM Punchcard Used to interact with automated telephone systems Phreaking boxes 1960s Na2onal CSS employee revealed the existence of his password cracker 1980
29 @DanielCLance MORAL HAZARD You have to wonder if we are major enough for the technology we choose to use Movies The Net and Hackers are released. Pop Culture 1995 1981 The New York Times Describes hackers for the first 2me as we all have come to know them. Hundreds of advisories and patches are released Windows 98 1999 Stuxnet, The first Malware Conference, MALCON. Intellectual property thee from Google. Malware 2010 Hospital pays ransom to get computers back. $17,000 ransom 2016
WHAT DOES SUCCESS LOOK LIKE? Great, now your in who cares. Is finding nothing good.
Is there an obvious difference? ”From the Rme you get in your car for your morning commute, to the Rme you walk through your door at the end of the day, you make decisions about your security” -Daniel Lance (Ripely Stole This)- Forensic vs Clinical
32 @DanielCLance The Best We've Got In ICS Working with ICS-CERT Report Complete report gets sent-in via encrypted email, some2mes other encrypted files get sent as well Weighing analysis done, report is done. Everything in the report is now TLP RED to us
33 @DanielCLance Report Reviewed The good folks at ICS-CERT review and send any comments back with a 2cket number This next part takes forever, you wait for a whole Siberian winter to pass before gexng another email Vender ICS-CERT will let you know your report is in the hands of the vendor.
34 Learn To Play Darts Then you get another email saying they are “s2ll working to verify claims” or maybe get a ques2on or two [but s2ll learn darts]
35 @DanielCLance Disclosure Zero-days maZer because we are all effected in some way. Picking the appropriate 2ming can be key to a effec2ve disclosure Patch or quit 2me. If aeer an appropriate 2me period you’ll know the kinda ac2on the vendor will take
36 patch or quit Timeline For Disclosure Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct 2015 Disclosure Requires Vender To follow a proper disclosure path the vender must take the time to work with research and want to fix the issues. If they don't want to play kick ball we play dodge ball. Report Sent Assigned Ticket Vendor Verification Drop Dead Date 100% Full Disclosure PUBLIC WITH CUSTOMER OUT REACH
Vender, Customer, Public and I Disclosure role play Right side of the room: How would you handle escala2ng the process or would you? Lee side of the room: Would you want to know about the issue from the vender or from me the researcher. Public Everyone whom has an opinion.
”Cybersecurity Researchers Are Hunted from All Sides” -Motherboard- Image: Shutterstock
39 Hacker Motivations White Hat Hackers State Sponsored Hackers Spy Hackers Security Researcher Black Hat Hackers Script Kiddies Hacktivists Cyber Terrorists
40 @DanielCLance DEGREES OF HACKING State Sponsored Malware Militarized code Think OS level attack code. This is the stuff most real “Zero-Days” are made of. Custom attack They’ve installed something and left default passcode in or a port open   Implementation Tools are already made they are just making use of whats around Penetration
41 Free research given to critical infrastructure ARCHERS CONTRIBUTION All will publish before the end of the year Could Represent 2015 the number of reported vulnerabili2es was 142* 21% 29+ 3 6 13 Applications SensorsPLC’s Industries Of all advisories for ICS-CERT in 2016 *Based on Advisories By Vendor coded as a “15”
@DanielCLance CLOSING PATH Build an Ark Go medieval on malicious code You’ll be hacked Accept that and move on Hire blue team Start using firewalls how they were meant to be used. Hire a researcher Find problems not solutions Use carrier pigeons Stop using email Isn't everything owned Go with the masses pay bounties Hold BEER-ISAC Have a beer and talk about those dam hackers Baseline everything Blow away everything and always start from scratch. Where do we go from here?

Recommended

Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
Device discovery for vulnerability assessment: Automating the Handoff
Device discovery for vulnerability assessment: Automating the HandoffDevice discovery for vulnerability assessment: Automating the Handoff
Device discovery for vulnerability assessment: Automating the Handoff
nathan-axonius
 
Webinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day everWebinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day ever
Sophia Price
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile Devices
Skycure
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
APNIC
 

Recommended

Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
centralohioissa
 
Device discovery for vulnerability assessment: Automating the Handoff
Device discovery for vulnerability assessment: Automating the HandoffDevice discovery for vulnerability assessment: Automating the Handoff
Device discovery for vulnerability assessment: Automating the Handoff
nathan-axonius
 
Webinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day everWebinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day ever
Sophia Price
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile Devices
Skycure
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
APNIC
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2
Sylvain Martinez
 
Allianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftAllianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draft
Eoin Keary
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
Ivanti
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
Sylvain Martinez
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
EnergySec
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense Solutions
Skycure
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
IJNSA Journal
 
Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
Using Hackers’ Own Methods and Tools to Defeat Persistent AdversariesUsing Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
EC-Council
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
Security Innovation
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups
Dragos, Inc.
 
FinalResearch_95752_oliver
FinalResearch_95752_oliverFinalResearch_95752_oliver
FinalResearch_95752_oliverMadison Oliver
 
How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?
0 0
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdf
TravisMcPeak1
 
Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)
dhubbard858
 

More Related Content

What's hot

DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2
Sylvain Martinez
 
Allianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftAllianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draft
Eoin Keary
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
Ivanti
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
Sylvain Martinez
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
EnergySec
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense Solutions
Skycure
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
IJNSA Journal
 
Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
Using Hackers’ Own Methods and Tools to Defeat Persistent AdversariesUsing Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
EC-Council
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
Security Innovation
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups
Dragos, Inc.
 
FinalResearch_95752_oliver
FinalResearch_95752_oliverFinalResearch_95752_oliver
FinalResearch_95752_oliverMadison Oliver
 
How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?
0 0
 

What's hot (20)

DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2
 
Allianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draftAllianz Global CISO october-2015-draft
Allianz Global CISO october-2015-draft
 
Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense Solutions
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
Using Hackers’ Own Methods and Tools to Defeat Persistent AdversariesUsing Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups
 
FinalResearch_95752_oliver
FinalResearch_95752_oliverFinalResearch_95752_oliver
FinalResearch_95752_oliver
 
How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?
 

Similar to Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdf
TravisMcPeak1
 
Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)
dhubbard858
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
Lacework
 
Less is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/OLess is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/O
Michael Roytman
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just Chaos
Charity Majors
 
SDN - beyond the obvious
SDN - beyond the obviousSDN - beyond the obvious
SDN - beyond the obvious
Peter van der Voort
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Barry Greene
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration risk
Edgevalue
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionService2Media
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
Positive Hack Days
 
Another Day In Paradise
Another Day In ParadiseAnother Day In Paradise
Another Day In Paradise
kum72
 
From 🤦 to 🐿️
From 🤦 to 🐿️From 🤦 to 🐿️
From 🤦 to 🐿️
Ori Pekelman
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
Adrian Sanabria
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
MyNOG
 
Digital 101 MCQ (1).pdf
Digital 101 MCQ (1).pdfDigital 101 MCQ (1).pdf
Digital 101 MCQ (1).pdf
rajkumar234953
 
Abb e guide3
Abb e guide3Abb e guide3
Abb e guide3
Claricio Gobbo
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing InvestmentsCaston Thomas
 

Similar to Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security (20)

A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdf
 
Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)Security for AWS : Journey to Least Privilege (update)
Security for AWS : Journey to Least Privilege (update)
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
 
Less is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/OLess is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/O
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just Chaos
 
SDN - beyond the obvious
SDN - beyond the obviousSDN - beyond the obvious
SDN - beyond the obvious
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
 
Cloud migration risk
Cloud migration riskCloud migration risk
Cloud migration risk
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcription
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Another Day In Paradise
Another Day In ParadiseAnother Day In Paradise
Another Day In Paradise
 
Charan Resume
Charan ResumeCharan Resume
Charan Resume
 
From 🤦 to 🐿️
From 🤦 to 🐿️From 🤦 to 🐿️
From 🤦 to 🐿️
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 
Digital 101 MCQ (1).pdf
Digital 101 MCQ (1).pdfDigital 101 MCQ (1).pdf
Digital 101 MCQ (1).pdf
 
Abb e guide3
Abb e guide3Abb e guide3
Abb e guide3
 
7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments7.5 steps to overlaying BYoD & IoT on Existing Investments
7.5 steps to overlaying BYoD & IoT on Existing Investments
 

More from EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
EnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
EnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
EnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
EnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
EnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
EnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
EnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
EnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
EnergySec
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
EnergySec
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
EnergySec
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber Perspectives
EnergySec
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid Security
EnergySec
 

More from EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber Perspectives
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid Security
 

Recently uploaded

PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 

Recently uploaded (20)

PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 

Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security

  • 1. WHAT “YOU’VE GOT MAIL” TAUGHT ME ABOUT CYBER SECURITY Hawaii Security Sessions
  • 2. 2 Reintroduce Ideas Break old ones. What the Heck?! TOM HANKS NY152 MEG RYAN Shopgirl
  • 3.
  • 4. What is a researcher? What do they do?
  • 5. 5 WHAT IS A “ZERO-DAY” 01 02 03 04 05 06 07 Su Mo Tu Th We Fr Sa FEBRUARY 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 01 02 03 04 05 It’s easer then you might think but you might be looking in the wrong places, the wrong way and if you blink you could miss it in some special instances. Can you find one? Not the 29th Too busy, 5th 9th Monday ehh 21st seems good ”Who cares thats just a defcon term” Above is the list of reasons why anyone might not be familiar with a cyber security researcher, there are few of us and we don't get introduced until people put on sad faces. ”Think the news was using it” ”Was part of stuxnet and we’ve scanned for it” ”Why did all of the PLC’s go offline then back?”
  • 6. 6 @DanielCLance Twitter to Hacking Step by Step Miami to Phoenix PLAN None PROCHEDURE Ehh Not really SCHEDULE None
  • 7. 7 @DanielCLance Twitter Start to no2ce a trend in the technologies developers are using to promote new products. The Tech I wasn’t Looking but found something ”“
  • 8. 8 @DanielCLance Event-Horizon The go-no-go point for any good guy or bad the moment you can’t pass something up that you know or have a great feeling about Funny feeling I wasn’t Looking but found something ”“
  • 9. 9 @DanielCLance Approach Tactic Analogous Path CompleRon Company Who Uses Company Who Adds To Company Who Works On Customer (Enduser) Service Provider Company Who Dev Weighing Analysis There isn't a right answer or a wrong one. But picking the lesser evil path if possible is advised and more oXen easier. 9
  • 10. 10 @DanielCLance Is there a way of telling all par2es involved what the issue is and what milestones will escalate this effort? Planing Is this going to be something loud? What is the current reputa2on of the target and how will a vulnerability force change. Promotion Who are we really looking at and why? You can waste a ton of 2me contempla2ng who and what to peek into. Research Bounce ideas off other people in the industry. Use the kinda detail that protects the idea from harming the public. Review
  • 11. 11 @DanielCLance Knowing the target “size” can tell you a liZle about possible reac2ons to your findings. They might not be a good target. Size Is there a win-win that can be found in working with one target over another. Customers demanding change works. Relationships Is this issue going to only effect one major player or will it effect all of them, and in what way? Industry Target
  • 12. 12 @DanielCLance Strategic Is this really the best use of Rme, how mission criRcal is the issue? Ask this throughout research. Loyal Do we have a way to see the issue through to the end. Is the body of work going to require any longterm funding? Honest Can the data collected about the target be a risk to the researcher and when do you stop. Respectful Are there relaRonships at play that might effect the company you work for and the target? Accomplishment What do we show to the public when we show the capability of working on a parRcular set of equipment. Energetic What is the speed of approach based on any possible past experiences with the target
  • 13. 13 @DanielCLance Respectful Accomplishment Approach Speed Industry The End User The Company Weighing should be interlaced ”“
  • 14. 14 @DanielCLance CERT Use Repor2ng Method Public Disclosure Personal Risk Mi2ga2on w/effected Private Disclosure Weighing Analysis There isn't a right answer or a wrong one. But picking the lesser evil path if possible is advised and more oXen easier.
  • 15. 15 @DanielCLance The two forks are op2onal but the center in the integrity of approach and must always be done Approach Tactic RequiredOptionalOptional
  • 16. 16 @DanielCLance This can all be very useful later if you have to write a vulnerability report INVESTIGATE What all are they showing on there website. Are they talking about the technology as a new innova2on. Websites What did they saw the public in the past. Can this be used against them. Way-back Machine See how people are using the technology and if it already shows up in the public space. ShowDan Many companies use video as a training tool. How can this be used against them. YouTube
  • 17. 17 @DanielCLance This is a very light assessment on the public percep2on of the company and isn't always needed at this point in the process. This informa2on can be used to help the vulnerability report. FISHING IN THE DARK Service Process What tools are used to service the technology itself. What service do they do RMA Process How do they handle returned product. Can I get an exploit in to them that way Carrer Center How do I stack up against what they are looking for. Build an account apply. Photos of Controls Everyone wants to show off. Show me your (NOC) network operaRons center
  • 18. You would be shocked how much you will find. Hardcoded passwords lee in, default passwords lee in with no way to change them in the manual. 18 @DanielCLance When an engineer writes the manual they tend to over inform you for the task at hand. Us this to your advantage. READ THE MANUAL a
  • 19. 19 @DanielCLance Why wait so long? DOWNLOADING LOOKING There wasn't a password to download manuals and firmware, the manuals had direc2ons to all of the tools needed to service and break the device. Even had direc2ons on how to build the parser they use and that happen to be a stock parse. Then they showed you how to upload new calibra2on files, even gave me fake telemetry to test with. WEBSITE
  • 20. 20 @DanielCLance Collect all of your findings and package them up so it is easy to understand to anyone reading. Then encrypt the hell out of it, and at this point it should be clear you have something that could be cri2cal to humans on the other end of the technology CLARIFY BASIC SECURITY PRACTICES SUGGESTIONS This aZack was done without having the physical device. If they had protected some of the things we covered this wouldn't have been possible to uncover. FULL NETWORK SEGMENTATION SUGGESTIONS This is really more of a mi2ga2on and not a long term fix. RECALL ANY DEVICES THAT ARE USED FOR MISSION CRITICAL SUGGESTIONS Rarely done in the real world but serves as a way of saying this is a major issue. UNAUTHENTICATED COMMAND AND CONTROL VULNERABILITY The sweetest words. You could remotely blow away the firmware on the device and even install applica2ons of your own. NETWORK LEVEL COMMAND AND CONTROL VULNERABILITY Not a worst case scenario most of the 2me this is a quick fix. But in this case the device could be spoofed on the network. So it was a big issue.
  • 21. 21 @DanielCLance This is the easiest part to mess up, you want your work to be taken seriously so write it up professionally say what you mean and mean what you say or the report wont be taken seriously by any developer SEND TO THE CORRECT PARTIES Submit ICS-CERT and US-CERT both lack a forma`ng rule for submi`ng new reports. Format Start with company background and the industries effected. Then a narraRve explaining the issue at a high level. Close with technical detail. Proof-of-concept is always good to include. This is where that pre- research will come in. www.inspirasign I am contac2ng you both as this product is used in both consumer products and ICS the vendor claims. Velodyne LiDAR, Inc. Velodyne’s three flagship products the HDL-64E, HDL-32E, and the PUCK suggest they are used for: Automo2ve UAV Mapping Automa2on (ICS) Robo2cs Security (Ironic) Urban Planning Agriculture Mining R&D Topography Geology HDL-64E, HDL-32E, and the PUCK (AKA VLP-16) All make use of packet captures to relay in plain text, telemetry from the sensor to server. The server will make a logical determina2on based on the telemetry this could be leveraged to, in the case of an automobile tell the server (CPU) in the system that the sensor or vehicle has a wall in front of it. They’ve employed an embedded web server that doesn’t require authen2ca2on to access and update both firmware and calibra2on files for the lasers. If an aZacker can gain network level access at any point they can modify the firmware and calibra2on files and remove any forensic evidence in the process. With very liZle effort an aZacker could access the GPS data also collected in some configura2ons of the sensor and launch a replay aZack replaying telemetry from the sensor itself at plus or minus a given la2tude and longitude. Sample .pcap files can be found at hZp://midas3.kitware.com/midas/community/29 for tes2ng. Some of the documenta2on that is public also shows you how they parse the data. Addi2onally if an aZacker is on the network, all they need to do is launch an aZack at a given telemetry and control what the vehicle (for our example) can see live thus allowing them to steer the vehicle if an aZacker has commend and control of a network enabled device. The official vulnerability of this system: Unauthen2cated command and control with network level command and control lacking basic security prac2ces. Sugges2ons: Full network segmenta2on. Recall any devices that are used for mission cri2cal, or could present a health and welfare risk to users, and/or bystanders. Un2l basic security prac2ces can be implemented. hZp://velodynelidar.com hZp://velodynelidar.com/downloads.html Firmware, Manuals, and soeware are all free to download. Suggest user authen2ca2on here. P.S. hZps://www.youtube.com/watch?v=wUfHadExvs8 (Proves a good deal of the claims above in the promo video) You can give them my name, our goal at Archer is to strengthen cri2cal infrastructure through a collabora2ve effort with effected venders. Please keep me updated so I may be of service when needed. Thank you, Daniel Lance
  • 22. 22 @DanielCLance As of 1 Sept 2011 the other elements of our disclosure policy, see below, are no longer in effect. We will decide what we want to do with any vulnerability. We may disclose it to the vendor; we may disclose some or part of it publicly; we may disclose only to our affected customers; we may keep to ourselves for future use; or we may do something else. OTHERS Our goal at Archer is to strengthen cri2cal infrastructure through a collabora2ve effort with effected venders. Please keep us updated so we may be of service when needed. ARCHER LABS Iden2fying a vulnerability is easy; taking care of the vulnerability so your work beZers the overall health of an industry is the hard part oeen 2mes. And reading vulnerability disclosure policies around the industry proves how most aren’t cut out for the job of security research. VULNERABILITY DISCLOSURE POLICY
  • 23. 23 @DanielCLance MALWARE IN A NUTSHELL Malicious SoXware “ Generally, software is considered malware based on the intent of the creator rather than its actual features.“ -pctools.com- Dynamic Attack Surface “ Code should be classified from its behavior alone.“ -Daniel Lance-
  • 24. 24 @DanielCLance Where do these people come from? Becoming a security researcher? Former coder, a hacker, a programmer, a developer, and a computer scientist.
  • 26. 26 White, Black, Gray, and everything between?  Hat Trick BAD GUYS Typically use there skill for some type of personal gain or agenda. GOOD GUYS Use there skill for penetra2on tes2ng and implement. GRAY GUYS They are everywhere you want to be, and typically where you need them.
  • 28. 28 @DanielCLance Nevil Maskelyne 1903 Disrupts John Ambrose Fleming's public demonstraRon of Guglielmo Marconi's purportedly secure wireless telegraphy technology, sending insulRng Morse code messages through the auditorium's projector. A family of portable cipher machines with rotor scramblers. Broken by Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki The Enigma cipher machine Finds a frequency of 2600 Hz would interact with AT&T's implementa2on of fully automa2c switches. Joe Engressia, 1932 1943 1957 French computer expert René Carmille, hacked the punched card used by the Nazis to locate Jews. IBM Punchcard Used to interact with automated telephone systems Phreaking boxes 1960s Na2onal CSS employee revealed the existence of his password cracker 1980
  • 29. 29 @DanielCLance MORAL HAZARD You have to wonder if we are major enough for the technology we choose to use Movies The Net and Hackers are released. Pop Culture 1995 1981 The New York Times Describes hackers for the first 2me as we all have come to know them. Hundreds of advisories and patches are released Windows 98 1999 Stuxnet, The first Malware Conference, MALCON. Intellectual property thee from Google. Malware 2010 Hospital pays ransom to get computers back. $17,000 ransom 2016
  • 30. WHAT DOES SUCCESS LOOK LIKE? Great, now your in who cares. Is finding nothing good.
  • 31. Is there an obvious difference? ”From the Rme you get in your car for your morning commute, to the Rme you walk through your door at the end of the day, you make decisions about your security” -Daniel Lance (Ripely Stole This)- Forensic vs Clinical
  • 32. 32 @DanielCLance The Best We've Got In ICS Working with ICS-CERT Report Complete report gets sent-in via encrypted email, some2mes other encrypted files get sent as well Weighing analysis done, report is done. Everything in the report is now TLP RED to us
  • 33. 33 @DanielCLance Report Reviewed The good folks at ICS-CERT review and send any comments back with a 2cket number This next part takes forever, you wait for a whole Siberian winter to pass before gexng another email Vender ICS-CERT will let you know your report is in the hands of the vendor.
  • 34. 34 Learn To Play Darts Then you get another email saying they are “s2ll working to verify claims” or maybe get a ques2on or two [but s2ll learn darts]
  • 35. 35 @DanielCLance Disclosure Zero-days maZer because we are all effected in some way. Picking the appropriate 2ming can be key to a effec2ve disclosure Patch or quit 2me. If aeer an appropriate 2me period you’ll know the kinda ac2on the vendor will take
  • 36. 36 patch or quit Timeline For Disclosure Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct 2015 Disclosure Requires Vender To follow a proper disclosure path the vender must take the time to work with research and want to fix the issues. If they don't want to play kick ball we play dodge ball. Report Sent Assigned Ticket Vendor Verification Drop Dead Date 100% Full Disclosure PUBLIC WITH CUSTOMER OUT REACH
  • 37. Vender, Customer, Public and I Disclosure role play Right side of the room: How would you handle escala2ng the process or would you? Lee side of the room: Would you want to know about the issue from the vender or from me the researcher. Public Everyone whom has an opinion.
  • 38. ”Cybersecurity Researchers Are Hunted from All Sides” -Motherboard- Image: Shutterstock
  • 39. 39 Hacker Motivations White Hat Hackers State Sponsored Hackers Spy Hackers Security Researcher Black Hat Hackers Script Kiddies Hacktivists Cyber Terrorists
  • 40. 40 @DanielCLance DEGREES OF HACKING State Sponsored Malware Militarized code Think OS level attack code. This is the stuff most real “Zero-Days” are made of. Custom attack They’ve installed something and left default passcode in or a port open   Implementation Tools are already made they are just making use of whats around Penetration
  • 41. 41 Free research given to critical infrastructure ARCHERS CONTRIBUTION All will publish before the end of the year Could Represent 2015 the number of reported vulnerabili2es was 142* 21% 29+ 3 6 13 Applications SensorsPLC’s Industries Of all advisories for ICS-CERT in 2016 *Based on Advisories By Vendor coded as a “15”
  • 42. @DanielCLance CLOSING PATH Build an Ark Go medieval on malicious code You’ll be hacked Accept that and move on Hire blue team Start using firewalls how they were meant to be used. Hire a researcher Find problems not solutions Use carrier pigeons Stop using email Isn't everything owned Go with the masses pay bounties Hold BEER-ISAC Have a beer and talk about those dam hackers Baseline everything Blow away everything and always start from scratch. Where do we go from here?