This presentation will take a high level look at the malware life cycle and the role that both hackers and IT professionals play in it. It should be interesting to IT professionals as well as individuals interested in learning more about the general approach used by hackers to gain unauthorized access to systems, applications, and sensitive data.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
Cyber espionage attacks have been aware of for around 10 years. Security vendors keep inventing new technology to defend against attack. Many solutions look fancy, however breaches keep happening. People spent a lot of budget to improve their fences, but the effectiveness of these security products remains doubtful. In Taiwan, we have more than 10 years history with cyber espionage attacks. Government, enterprises, and security vendors were fighting hard with threat actors, but new victims still got compromised day by day.
In recent years, a lot of Japanese government agencies, defense industry, enterprises are suffering from cyber attacks from cyber espionage groups. We keep seeing breaches and incidents from news. We believe many victims still have no good strategy to defend and control the situation.
In this talk, cyber espionage attacks in the last decade would be discussed from Asia Pacific region’s point of view. We’ll discuss why security solutions didn’t work, how actors easily bypassed those fancy solutions and adopted countermeasures quickly with very low cost. Besides, according to our incident response’s experience for hundreds times and consulting to help victim for several years, we will try to propose a design of security model to prevent, detect, react, and remediate cyber espionage threats.
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
Senior Security Specialist Adli Wahid presents on incident response for ransomeware attacks at the Cambodia CERT Seminar, held online on 13 August 2021.
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKelly Robertson
Have you ever wondered why our web apps, and mobile web apps in particular, are hard to secure?
Be sure to read the speakers notes in this presentation
In this lengthy presentation, you will observe where researchers and hackers corrupt the developer's intentions...then, you will look at the Good, the Bad and the Ugly of Secure Software Development, WAF considerations, and Mobile Device Management...
Peter Wood has worked as an ethical hacker for the past 20 years, with clients in sectors as diverse as banking, insurance, retail and manufacturing. He will describe how advanced persistent threats operate from a security intelligence perspective, based on published case studies and analysis. He will highlight APT entry points and exploitation techniques and suggest practical prevention and detection strategies.
There have been many recent publications that focused on malware evasion techniques – specifically techniques that malware employs to avoid detection and tools that can be used to defeat this evasion. But what happens when malware doesn’t need to evade detection because it first disables the very tools you’re using to detect malware and evade detection? It sounds complicated but the threat is very real and extremely easy to accomplish.
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
Cyber espionage attacks have been aware of for around 10 years. Security vendors keep inventing new technology to defend against attack. Many solutions look fancy, however breaches keep happening. People spent a lot of budget to improve their fences, but the effectiveness of these security products remains doubtful. In Taiwan, we have more than 10 years history with cyber espionage attacks. Government, enterprises, and security vendors were fighting hard with threat actors, but new victims still got compromised day by day.
In recent years, a lot of Japanese government agencies, defense industry, enterprises are suffering from cyber attacks from cyber espionage groups. We keep seeing breaches and incidents from news. We believe many victims still have no good strategy to defend and control the situation.
In this talk, cyber espionage attacks in the last decade would be discussed from Asia Pacific region’s point of view. We’ll discuss why security solutions didn’t work, how actors easily bypassed those fancy solutions and adopted countermeasures quickly with very low cost. Besides, according to our incident response’s experience for hundreds times and consulting to help victim for several years, we will try to propose a design of security model to prevent, detect, react, and remediate cyber espionage threats.
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
Senior Security Specialist Adli Wahid presents on incident response for ransomeware attacks at the Cambodia CERT Seminar, held online on 13 August 2021.
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKelly Robertson
Have you ever wondered why our web apps, and mobile web apps in particular, are hard to secure?
Be sure to read the speakers notes in this presentation
In this lengthy presentation, you will observe where researchers and hackers corrupt the developer's intentions...then, you will look at the Good, the Bad and the Ugly of Secure Software Development, WAF considerations, and Mobile Device Management...
Peter Wood has worked as an ethical hacker for the past 20 years, with clients in sectors as diverse as banking, insurance, retail and manufacturing. He will describe how advanced persistent threats operate from a security intelligence perspective, based on published case studies and analysis. He will highlight APT entry points and exploitation techniques and suggest practical prevention and detection strategies.
There have been many recent publications that focused on malware evasion techniques – specifically techniques that malware employs to avoid detection and tools that can be used to defeat this evasion. But what happens when malware doesn’t need to evade detection because it first disables the very tools you’re using to detect malware and evade detection? It sounds complicated but the threat is very real and extremely easy to accomplish.
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Ransomware attacks are not only growing and evolving but are getting more sophisticated by using advanced evasion techniques impacting individuals and organizations across verticals.
Seqrite security solutions provide multi-layered defense that prevents and blocks real-time threats and emerging ransomware infections.
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.
Even in good times, insider threats are challenging to identify. Insiders have access. They know what normal behavior is expected. They know the network, the organization, and the culture. All making it easier for them to deceive and hide their tracks. With defensive systems weakened, the opportunity increases for employees with ill intent to gain and maintain enhanced access and privileges undetected.
Anomaly detection and other tools most often used to identify insider behavior have suddenly been rendered useless. Behavioral monitoring never worked well at finding needles in haystacks, but in a crisis like this, when everything looks like a needle, it falls over completely. No normal baseline exists. Everything is an anomaly.
In this webinar, Illusive Networks Field CTO Wade Lance and former City National Bank CISO Karl Mattson will explore how to successfully deal with insider threats during the current moment as workforces massively shift to remote environments. At a time when incident response teams are overrun with alerts, analytical tools are failing to keep up with changing activity patterns, and economies are dealing with unprecedented changes, better insider threat strategies are needed to more accurately identify and respond to potential risk. Join our webinar to hear more about what those insider threat strategies should look like and gain practical tips for implementing those tactics quickly.
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
Deception over the years
• Millions of years in Natural World for survival/aggression
• Millions of years in bacteria and virus to thrive
• 1000s of years in Warfare/Military to attack or defend
This webinar is focused on the comparison between traditional and next generation security solutions. And cover following -
• Traditional Antivirus vs. Next-Gen Security Products
• Busting Security Myths
• VirusTotal & Next-Gen AVs
• Comparison of Next-Gen Security Products
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
Passwords, multi-factor authentication, knowledge-based questions/answers, and hard tokens are based on technologies that are now 20 years old. With organizations losing the battle against cyber attacks, it’s clearly time to move beyond these legacy technologies and adopt a modern approach in which awareness and flexibility are king. Authentication must adapt based on the level of risk, so that it can deliver strong security yet be invisible to users most of the time.
Achieving that balance of strong security and appropriate user friction is the basis for modern authentication. This session will explore what modern authentication is and why using it across all users, devices, and services is vital to turning a losing battle into a winning strategy to stop cyber attacks.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
Ransomware is the universal threat. No matter an organization's data center location, or its size, it can be devastated by a ransomware attack. While most organizations focus on the periphery, they also need to be prepared for a breach, something that ransomware is particularly adept. In case of a breach, an advanced backup and disaster recovery solution can ensure safe and timely recovery of data without paying ransom.
In this webinar join experts from Storage Switzerland and Micro Focus as they discuss the impact of ransomware and the core features of a backup solution that can mitigate the associated risks.
As threats are increasingly more sophisticated and targeted, traditional anti-virus detection is struggling to keep up. The traditional approach focuses on using fingerprint signatures of known malware to identify malware in the enterprise. This method of fingerprinting for detection is not only easily evaded, but it provides limited value to detecting targeted attacks against companies and emerging threats.
To combat this problem, Invincea developed a novel method for detecting and analyzing previously unknown malware and 0-day exploits. The advanced detection approach runs in conjunction with Invincea’s secure virtual container, which is used to isolate the operating system and user data from exploits against vulnerable applications. By running high-risk apps like web browsers in a secure container, no prior knowledge, including signatures and IOCs of threats is required in order to prevent their damage to the system and loss of data.
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
http://www.securedocs.com -The recent increase in high-profile cyberattacks has made online security a hot topic, and rightfully so. Companies from The New York Times to Facebook have fallen victim to attacks by cybercriminals, highlighting just how vulnerable any business is. In the past few years, malware has evolved dramatically and is a serious threat to all organizations, both big and small.
This presentation covers what advanced malware is and the impact it can have on an organization. Learn how to protect your business from this type of threat.
Media Conglomerate Chooses Lastline For Advanced Malware Protection
Industry: Mass Media
Company: A national media company serving a global audience
Description: Media organization focused on providing business news
Challenge: Provide protection against advanced threats that elude standard virus protection systems
Solution: Lastline Enterprise Hosted
Results: Fill void in security portfolio and protect both company and user base from advanced persistent threats, zero-day attacks, and evasive malware
With malware accounting for at least 40% of all breaches, knowing how malware works can be an extremely valuable asset in your threat detection cache – especially for the incident responder. According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network.
Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this SlideShare to learn how malware works, and what we believe are the most common types of malware you should be prepared for.
By learning how malware works and recognizing its different types, you’ll understand:
- How they find their way into your network
- How attackers control them remotely
- How they use your systems for nefarious purposes
- And most importantly, the security controls you need to effectively defend against and detect malware infections. (Hint: you need more than antivirus!)
Combating Cyber Crimes 2 is the 6th Nugget in the series Cyber Security Awareness Month 2017. It is important to 'STOP, THINK before CONNECTing to the Internet Resources.
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Ransomware attacks are not only growing and evolving but are getting more sophisticated by using advanced evasion techniques impacting individuals and organizations across verticals.
Seqrite security solutions provide multi-layered defense that prevents and blocks real-time threats and emerging ransomware infections.
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.
Even in good times, insider threats are challenging to identify. Insiders have access. They know what normal behavior is expected. They know the network, the organization, and the culture. All making it easier for them to deceive and hide their tracks. With defensive systems weakened, the opportunity increases for employees with ill intent to gain and maintain enhanced access and privileges undetected.
Anomaly detection and other tools most often used to identify insider behavior have suddenly been rendered useless. Behavioral monitoring never worked well at finding needles in haystacks, but in a crisis like this, when everything looks like a needle, it falls over completely. No normal baseline exists. Everything is an anomaly.
In this webinar, Illusive Networks Field CTO Wade Lance and former City National Bank CISO Karl Mattson will explore how to successfully deal with insider threats during the current moment as workforces massively shift to remote environments. At a time when incident response teams are overrun with alerts, analytical tools are failing to keep up with changing activity patterns, and economies are dealing with unprecedented changes, better insider threat strategies are needed to more accurately identify and respond to potential risk. Join our webinar to hear more about what those insider threat strategies should look like and gain practical tips for implementing those tactics quickly.
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
Deception over the years
• Millions of years in Natural World for survival/aggression
• Millions of years in bacteria and virus to thrive
• 1000s of years in Warfare/Military to attack or defend
This webinar is focused on the comparison between traditional and next generation security solutions. And cover following -
• Traditional Antivirus vs. Next-Gen Security Products
• Busting Security Myths
• VirusTotal & Next-Gen AVs
• Comparison of Next-Gen Security Products
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
Passwords, multi-factor authentication, knowledge-based questions/answers, and hard tokens are based on technologies that are now 20 years old. With organizations losing the battle against cyber attacks, it’s clearly time to move beyond these legacy technologies and adopt a modern approach in which awareness and flexibility are king. Authentication must adapt based on the level of risk, so that it can deliver strong security yet be invisible to users most of the time.
Achieving that balance of strong security and appropriate user friction is the basis for modern authentication. This session will explore what modern authentication is and why using it across all users, devices, and services is vital to turning a losing battle into a winning strategy to stop cyber attacks.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
Ransomware is the universal threat. No matter an organization's data center location, or its size, it can be devastated by a ransomware attack. While most organizations focus on the periphery, they also need to be prepared for a breach, something that ransomware is particularly adept. In case of a breach, an advanced backup and disaster recovery solution can ensure safe and timely recovery of data without paying ransom.
In this webinar join experts from Storage Switzerland and Micro Focus as they discuss the impact of ransomware and the core features of a backup solution that can mitigate the associated risks.
As threats are increasingly more sophisticated and targeted, traditional anti-virus detection is struggling to keep up. The traditional approach focuses on using fingerprint signatures of known malware to identify malware in the enterprise. This method of fingerprinting for detection is not only easily evaded, but it provides limited value to detecting targeted attacks against companies and emerging threats.
To combat this problem, Invincea developed a novel method for detecting and analyzing previously unknown malware and 0-day exploits. The advanced detection approach runs in conjunction with Invincea’s secure virtual container, which is used to isolate the operating system and user data from exploits against vulnerable applications. By running high-risk apps like web browsers in a secure container, no prior knowledge, including signatures and IOCs of threats is required in order to prevent their damage to the system and loss of data.
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
http://www.securedocs.com -The recent increase in high-profile cyberattacks has made online security a hot topic, and rightfully so. Companies from The New York Times to Facebook have fallen victim to attacks by cybercriminals, highlighting just how vulnerable any business is. In the past few years, malware has evolved dramatically and is a serious threat to all organizations, both big and small.
This presentation covers what advanced malware is and the impact it can have on an organization. Learn how to protect your business from this type of threat.
Media Conglomerate Chooses Lastline For Advanced Malware Protection
Industry: Mass Media
Company: A national media company serving a global audience
Description: Media organization focused on providing business news
Challenge: Provide protection against advanced threats that elude standard virus protection systems
Solution: Lastline Enterprise Hosted
Results: Fill void in security portfolio and protect both company and user base from advanced persistent threats, zero-day attacks, and evasive malware
With malware accounting for at least 40% of all breaches, knowing how malware works can be an extremely valuable asset in your threat detection cache – especially for the incident responder. According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network.
Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this SlideShare to learn how malware works, and what we believe are the most common types of malware you should be prepared for.
By learning how malware works and recognizing its different types, you’ll understand:
- How they find their way into your network
- How attackers control them remotely
- How they use your systems for nefarious purposes
- And most importantly, the security controls you need to effectively defend against and detect malware infections. (Hint: you need more than antivirus!)
Combating Cyber Crimes 2 is the 6th Nugget in the series Cyber Security Awareness Month 2017. It is important to 'STOP, THINK before CONNECTing to the Internet Resources.
ESET researcher Aryeh Goretsky explains in this presentation why he hates the term Advanced Persitent Threats (APT), what are the common mechanisms of APT and what are the defensive technologies.
Cyber Security presentation given by Luke Schneider, Chief Executive Officer of Medicine Bow Technologies at the 2016 Wyoming Hospital Association Annual Conference
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...Lumension
IT security professionals rank third-party application vulnerabilities as the greatest security risk in 2012. Yet, malware continues to exploit these - and other - vulnerabilities to breach our defenses. Knowing how to bridge the gap between knowing the problem and finding a solution is critical to mitigate risks in your endpoint environment.
In this presentation, learn:
• What the vital layers of defense are for your endpoints.
• How to thwart exploitation of your endpoint OS, configuration and 3rd party application vulnerabilities.
• How to prevent unknown applications from executing on your systems.
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
This presentation covers:
- Why today’s Retail POS systems are at risk
- How using relatively simple techniques, cyber criminals get onto retailer networks and POS machines
- How POS malware works in capturing credit card data
- How antiquated security architectures and technology put retailers and customers at risk
- How good security architecture and advanced threat protection tools can defeat these attacks before data is breached.
- How to recognize outdated vulnerable POS endpoints that might expose you to credit card fraud
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)Scott Sutherland
During this presentation, we’ll talk about how to identify and triage the large volume of excessive access most standard Active Directory users have to common network shares. Over the course of hundreds of internal network penetration tests and audits one theme has stood out, vulnerability management programs do not adequately identify excessive share privileges. The excessive shares have become a risk for data exposure, ransomware attacks, and privilege escalation within enterprise environments. During this discussion, we will talk about why this gap exists, how to inventory excessive share across an entire Active Directory domain quickly, and how to triage those results to help reduce risk for your organization.
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
Ransomware is a strategy for adversaries to make money – a strategy that’s proven successful. During this presentation, we will cover how ransomware works, ransomware trends to watch, best practices for prevention, and more. At the core of the discussion, Scott will explain how to build detections for common tactics, techniques, and procedures (TTPs) used by ransomware families and how to validate they work, ongoing, as part of the larger security program. Participants will leave this webinar with actionable advice to ensure their organization is more resilient to ever-evolving ransomware attacks.
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsScott Sutherland
During this presentation, I’ll cover common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. I’ll also share a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
Where there is Active Directory, there are SQL Servers. In dynamic enterprise environments it’s common to see both platforms suffer from misconfigurations that lead to unauthorized system and sensitive data access. During this presentation, I’ll cover common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. I’ll also share a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationScott Sutherland
This is the presentation we provided at the 2018 Blackhat USA Arsenal to introduce PowerUpSQL. PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server. This should be interesting to red, blue, and purple teams interested in automating day to day tasks involving SQL Server.
More information can be found at:
https://github.com/NetSPI/PowerUpSQL/wiki
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL ServerScott Sutherland
During this presentation, we’ll cover interesting techniques for executing operating system commands through SQL Server that can be used to avoid detection and maintain persistence during red team engagements. We’ll also talk about automating attacks through PowerShell Empire and PowerUpSQL. This will include a review of command execution through custom extended stored procedures, CLR assemblies, WMI providers, R scripts, python scripts, agent jobs, and custom ole objects. We’ll also dig into some new integrations with PowerShell Empire. All code and slide decks will be released during the presentation. This should be interesting to blue teamers looking for a faster way to test their detective control capabilities and red teamers looking for a practical way to avoid detection while trying to maintain access to their target environments.
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL ServerScott Sutherland
During this presentation, we’ll cover interesting techniques for executing operating system commands through SQL Server that can be used to avoid detection and maintain persistence during red team engagements. We’ll also talk about automating attacks through PowerShell Empire and PowerUpSQL. This will include a review of command execution through custom extended stored procedures, CLR assemblies, WMI providers, R scripts, python scripts, agent jobs, and custom ole objects. We’ll also dig into some new integrations with PowerShell Empire. All code and slide decks will be released during the presentation. This should be interesting to blue teamers looking for a faster way to test their detective control capabilities and red teamers looking for a practical way to avoid detection while trying to maintain access to their target environments.
Beyond xp_cmdshell: Owning the Empire through SQL ServerScott Sutherland
During this presentation, we’ll cover interesting techniques for executing operating system commands through SQL Server that can be used to avoid detection and maintain persistence during red team engagements. We’ll also talk about automating attacks through PowerShell Empire and PowerUpSQL. This will include a review of command execution through custom extended stored procedures, CLR assemblies, WMI providers, R scripts, python scripts, agent jobs, and custom ole objects. We’ll also dig into some new integrations with PowerShell Empire. All code and slide decks will be released during the presentation.
This should be interesting to blue teamers looking for a faster way to test their detective control capabilities and red teamers looking for a practical way to avoid detection while trying to maintain access to their target environments.
2017 Secure360 - Hacking SQL Server on Scale with PowerShellScott Sutherland
This presentation will provide an overview of common SQL Server discovery, privilege escalation, persistence, and data targeting techniques. Techniques will be shared for escalating privileges on SQL Server and associated Active Directory domains. Finally I’ll show how PowerShell automation can be used to execute the SQL Server attacks on scale with PowerUpSQL. All scripts demonstrated during the presentation are available on GitHub. This should be useful to penetration testers and system administrators trying to gain a better understanding of their SQL Server attack surface and how it can be exploited.
2017 Thotcon - Hacking SQL Servers on Scale with PowerShellScott Sutherland
This presentation will provide an overview of common SQL Server discovery, privilege escalation, persistence, and data targeting techniques. Techniques will be shared for escalating privileges on SQL Server and associated Active Directory domains. Finally I’ll show how PowerShell automation can be used to execute the SQL Server attacks on scale with PowerUpSQL. All scripts demonstrated during the presentation are available on GitHub. This should be useful to penetration testers and system administrators trying to gain a better understanding of their SQL Server attack surface and how it can be exploited.
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShellScott Sutherland
This presentation will provide an overview of common SQL Server discovery, privilege escalation, persistence, and data targeting techniques. Techniques will be shared for escalating privileges on SQL Server and associated Active Directory domains. Finally I’ll show how PowerShell automation can be used to execute the SQL Server attacks on scale with PowerUpSQL. All scripts demonstrated during the presentation are available on GitHub. This should be useful to penetration testers and system administrators trying to gain a better understanding of their SQL Server attack surface and how it can be exploited.
Sections Updated for OWASP Meeting:
- SQL Server Link Crawling
- UNC path injection targets
- Command execution details
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial EmulationScott Sutherland
This presentation provides an overview off common adversarial emulation approaches along with attack and detection trends. It should be interesting to penetration testers and professionals in security operations roles.
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellScott Sutherland
This presentation will provide an overview of common SQL Server discovery, privilege escalation, persistence, and data targeting techniques. Techniques will be shared for escalating privileges on SQL Server and associated Active Directory domains. Finally we?ll show how PowerShell automation can be used to execute the SQL Server attacks on scale. All scripts created and demonstrated during the presentation will be open sourced. This should be useful to penetration testers and system administrators trying to gain a better understanding of their SQL Server attack surface and how it can be exploited.
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015Scott Sutherland
This presentation will cover 10 common weak SQL Server configurations and the practical attacks that help hackers gain unauthorized access to data, applications, and systems. This will include a few demonstrations of the techniques that are being used during real-world attacks and penetration tests. This should be interesting to developers, new database admins, and aspiring penetration testers looking to gain a better understanding of the risks associated with weak SQL Server configurations.
Full Video Presentation: http://youtu.be/SIeMz6gCK3Q
Attack All the Layers: What's Working during Pentests (OWASP NYC)Scott Sutherland
This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. Vulnerabilities related to the application, network, and server layers will be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks.
This is the version modified for the OWASP meeting in June of 2014.
This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. This talk includes real-world examples of attacks that they use on a daily basis, and some reflections on what techniques have changed over the last year. Vulnerabilities related to the application, network, and server layers will all be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation will provide an overview of common methods that can be used to obtain clear text credentials from Microsoft products such as Windows, IIS, and SQL Server. It also provides an overview of the proof of concept script used to recover MSSQL Linked Server passwords.
Relevant blog links have been provided below.
https://www.netspi.com/blog/entryid/215/decrypting-iis-passwords-to-break-out-of-the-dmz-part-1
https://www.netspi.com/blog/entryid/226/decrypting-iis-passwords-to-break-out-of-the-dmz-part-2
https://www.netspi.com/blog/entryid/221/decrypting-mssql-database-link-server-passwords
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation is intended to provide an overview of vulnerabilities and attack techniques that are popular in penetration testing at the moment. Vulnerabilities related to the application, network, and server layers will be covered along with current anti-virus bypass and privilege escalation techniques used by attackers and penetration testers. This presentation should be interesting to security professionals and system administrators looking for more insight into real world attacks. Karl Fosaaen and I put this together for Secure 360 in Minneapolis. We hope you enjoy it.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. Who are we?
IT Security Consultants @ NetSPI
We help organizations:
• Identify vulnerabilities
• Determine impact
• Develop remediation plans
• Reduce risk
3. Presentation Overview?
• What is malware?
• Who creates malware?
• Why do they create malware?
• What skill level is required?
• The malware lifecycle
‒The “good” guy’s role
‒The “bad” guy’s role
• The “ugly” truth
5. What is Malware?
Wikipedia definition:
…“software used or created by attackers to
disrupt computer operation, gather
sensitive information, or gain access to
private computer systems”…
Our definition:
…“software created to do bad
things and is generally a pain in the butt”…
6. Types of Malware
• Remote Exploits
• Local Exploits
• Trojans
• Backdoors
• Rootkits
• Viruses
• Worms
11. Why are they Creating Malware?
• Sell, sell, sell
• Steal money
• Steal information
• Strategic position
• Denial of Service
..
.. .
• Political gain
• Hacking as a hobby .
.
• Internal employees
.
.
13. What skill level is required?
• Malware Developers = Programmers
‒ More advanced programming skillset
‒ Create custom malware
• Less likely to be noticed
• Personal use or sold to specific group
‒ Commoditized malware kits
• More likely to be noticed
• Free and commercial
• Malware Kit Users
‒ Don’t require advanced skillset
‒ Much more likely to
cause damage by mistake
17. Malware Development
• Professional Malware Development
‒ Often work like software companies
‒ Often produce very secure malware
• Create different types of malware
‒ Remote exploits
‒ Local exploits
‒ Backdoors, “bots”, and/or rootkits
‒ Worms or viruses
‒ Command and control
‒ Update functions
19. Malware Deployment
69%
Of all breaches incorporate malware
As reported in the Verizon Business – 2012 Data Breach Investigations Report
Available at www.verizonenterprise.com
20. Malware Deployment
79%
Of all breaches were targets of opportunity
As reported in the Verizon Business – 2012 Data Breach Investigations Report
Available at www.verizonenterprise.com
21. Malware Deployment
• Malware is often deployed via:
‒ Social engineering – email, phone, physical
‒ Default passwords on management applications
‒ Web application issues
‒ “Water holing” web applications
• Web Browser Issues etc
Email Apps
Users Malware Pass
Package
23. Detecting Malware?
“…the median number of days advanced
attackers are on the network before
being detected is…”
416
As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
24. Detecting Malware?
94%
Of organizations learn they
are victims of targeted
attacks from an
external entity
As report by Mandiant in their Annual Threat Report: M-Trends™ 2012
25. Detecting Malware!
• Where threats being detected:
‒ Networks
‒ Servers
‒ Workstations
‒ Applications / Databases
‒ People
• How are threats being detected:
‒ Behavioral / Anomaly based analysis
‒ Signature based analysis
‒ SIEM / Statistics based analysis
‒ Canaries / Honey pots !
Detect
26. Detecting Malware!
• Challenges:
‒Identify signatures related to
• undocumented malware
• encrypted traffic
‒Keeping up with the amount
of malware being released
!
‒Creating dependable behavioral
based profiles
‒Creating useful statistical rules
‒Identifying malware in memory
Detect
28. Correcting Affected Assets!
• Where does correction occur:
‒ Networks
‒ Servers
‒ Workstations
‒ Applications / Databases
‒ People
• How does correction occur:
‒ Incident response
‒ Patch systems and applications
‒ Code applications securely
‒ Securely configure
•
•
•
•
•
Firewalls
Servers
Applications
User accounts
Training
X
Correct
29. Correcting Affected Assets!
• Challenges:
‒Creating patches for exploits before
they are widely used
‒Patching 3rd party software
‒Creating and managing secure code
‒Legacy and unsupported applications
‒Vendor contracts
‒Providing adequate training
X
Correct
31. Protecting Assets!
• Where are assets protected:
‒ Networks
‒ Servers
‒ Workstations
‒ Applications / Databases
‒ People
• How are assets being protected:
‒ Build/manage secure configurations
‒ Build/manage secure applications
‒ Network Access Control &
Intrusion Prevention Systems
‒ Proactive exploit development
‒ Proactive vulnerability identification
‒ Development of signatures
‒ 3rd Party Risk assessments
P
Protect
32. Protecting Assets!
• Challenges:
‒Security vs. usability
‒Asset inventory
‒Managing secure configurations
‒Communication/risk related to
partners, contractors, and vendors
‒Cost / Time / Skills
‒Education and training
P
Protect
47. The Ugly Truth: Bad Guys
Bad guys are creating Malware that is:
• Not going away
• Getting more advanced
• Getting harder to detect
• Getting easier to use
• Getting used by more people
48. The Ugly Truth: Good Guys
Good guys need to:
• Continue to fight the good fight!
• Continue to develop new methods of detection,
correction, and prevention
• Develop better security policies that make attacks:
• Harder to execute
• Easier to detect
• Easier to respond to and contain
• Focus on proactive vulnerability identification
• Get rid of unnecessary sensitive data
• Encrypt remaining sensitive data
• Educate more users more often
That can start with you…
49. What’s Next?
What can I do?
• Don’t visit sketchy web sites
• Don’t open mail from unknown senders
• Review links before clicking them in emails
• Patch your systems and software
• Validate website before providing sensitive
information
Click the “little lock” in your browser
• Don’t create and/or use malware ...
…unless it’s for the good guys