50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
Ever steal a Boeing 777? How about transfer more than $400,000,000 from an account? Have you ever had one of those bad days where one wrong press of the “enter” key accidently broadcasts an emergency message to the radio station asking an entire city to evacuate? The real destruction of a business doesn’t come from a shell, a picked lock or a simple lie. The REAL threat is when all of the disciplines are combined and the only thing left in the crosshairs is the BUSINESS itself. Red Teaming is not a process of finding “A” vulnerability, but showing how flaws at EVERY level of the program combine to cause devastating effects to the company (or the tester =) ).
After 15 years in the Red Teaming, Pen Testing and Security Testing Business, I have had some of the weirdest things happen. In this 50 min story time, I plan to go over our methodology, some of our BEST and WORST moments on the job, tips/tricks we picked up along the way and hopefully we can have a few laughs at our (mis)fortune(s).
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
Ever steal a Boeing 777? How about transfer more than $400,000,000 from an account? Have you ever had one of those bad days where one wrong press of the “enter” key accidently broadcasts an emergency message to the radio station asking an entire city to evacuate? The real destruction of a business doesn’t come from a shell, a picked lock or a simple lie. The REAL threat is when all of the disciplines are combined and the only thing left in the crosshairs is the BUSINESS itself. Red Teaming is not a process of finding “A” vulnerability, but showing how flaws at EVERY level of the program combine to cause devastating effects to the company (or the tester =) ).
After 15 years in the Red Teaming, Pen Testing and Security Testing Business, I have had some of the weirdest things happen. In this 50 min story time, I plan to go over our methodology, some of our BEST and WORST moments on the job, tips/tricks we picked up along the way and hopefully we can have a few laughs at our (mis)fortune(s).
sharing the data using audio and image Steganography- Nikhil Praharshi
sharing the data using audio and image Steganography.
This is implemented in Python. This Covers the basics of Audio and Image Steganography.
If You Like it Share it <3
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
BruCon 2019 Keynote -=> My name is Rob Fuller, I've been around a bit, not as long as some but longer than others. From the US military to government contracting, consulting, large companies, tiny startups and silicon valley behemoths, from podcasting to television, I've had a storied and humbling career in infosec. Let’s get past complaining about blinky lights and users. Let’s talk about what actually works and what doesn't.
Juice Jacking 101 covers the hisotry behind why and what we learned from building malicious cell phone charging kiosks (and then setting them up at various hacker conferences)
Trustleap - Mathematically-Proven Unbreakable SecurityTWD Industries AG
Acknowledging the need for certainty, this document explains why standard cryptography fails - and how TrustLeap makes the encryption standards provably safe.
It has been estimated that the global earnings of Cyber Criminals will equal or exceed the GDP of the UK sometime in the 2022/23 window. If this was the capability of a country they would be joining the G8! Clearly, we are losing the Cyber War hands down, and the time has long passed when we might ignore the threat scenarios surrounding us.
In this lecture we examine global networks from home and office through the ‘last mile,’ and on to national and international networks to identify the key vulnerabilities and points of potential ingress. We identify the cyber risks as escalating as we approach the periphery of all forms of network. For the most part, the core/carrier networks are virtually unassailable physically as they are dominated by terrestrial and undersea optical fibre cables.
Throughout the ‘carrier’ network levels the difficulty of physical interception, encryption, routing, and path diversity employed renders them secure in the extreme. Attackers, therefore, tend to focus on the exploitation of people, devices, services, home, and office appliances, and latterly, a poorly engineered IoT.
In reality, we are expanding the attack surface of the planet exponentially without due caution or care in the most exposed sectors and locations. And so, we explore potential tech and operational solutions for the future.
NOTE: This lecture is one of a series that has examined technology design and deployment, devices and the IoT, people fallibility, deviousness, internal and external threats.
In class; RED and BLUE Team Exercises have also been conducted in support of the complete Cyber Security Package to date.
This is a talk on enforcing better GDPR compliance, user data privacy, and “security by design” principles through the language and visual components of API documentation. Practical and immediately applicable tips and insights from a Technical Writer working in data security.
John Lorens shares his presentation about maintaining computer health. What do you need to know or do so that you can avoid bringing your computer into the shop.
Perimeter Defense in a World Without WallsDan Houser
Perimeter Defense when you don't have a perimeter, and how to change the paradigm to protect hosts, and hide from the bad guys. Introduction of the Big Freakin' Haystack project (that, sadly, went nowhere).
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
More Related Content
Similar to Information Security, some illustrated principles
sharing the data using audio and image Steganography- Nikhil Praharshi
sharing the data using audio and image Steganography.
This is implemented in Python. This Covers the basics of Audio and Image Steganography.
If You Like it Share it <3
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
BruCon 2019 Keynote -=> My name is Rob Fuller, I've been around a bit, not as long as some but longer than others. From the US military to government contracting, consulting, large companies, tiny startups and silicon valley behemoths, from podcasting to television, I've had a storied and humbling career in infosec. Let’s get past complaining about blinky lights and users. Let’s talk about what actually works and what doesn't.
Juice Jacking 101 covers the hisotry behind why and what we learned from building malicious cell phone charging kiosks (and then setting them up at various hacker conferences)
Trustleap - Mathematically-Proven Unbreakable SecurityTWD Industries AG
Acknowledging the need for certainty, this document explains why standard cryptography fails - and how TrustLeap makes the encryption standards provably safe.
It has been estimated that the global earnings of Cyber Criminals will equal or exceed the GDP of the UK sometime in the 2022/23 window. If this was the capability of a country they would be joining the G8! Clearly, we are losing the Cyber War hands down, and the time has long passed when we might ignore the threat scenarios surrounding us.
In this lecture we examine global networks from home and office through the ‘last mile,’ and on to national and international networks to identify the key vulnerabilities and points of potential ingress. We identify the cyber risks as escalating as we approach the periphery of all forms of network. For the most part, the core/carrier networks are virtually unassailable physically as they are dominated by terrestrial and undersea optical fibre cables.
Throughout the ‘carrier’ network levels the difficulty of physical interception, encryption, routing, and path diversity employed renders them secure in the extreme. Attackers, therefore, tend to focus on the exploitation of people, devices, services, home, and office appliances, and latterly, a poorly engineered IoT.
In reality, we are expanding the attack surface of the planet exponentially without due caution or care in the most exposed sectors and locations. And so, we explore potential tech and operational solutions for the future.
NOTE: This lecture is one of a series that has examined technology design and deployment, devices and the IoT, people fallibility, deviousness, internal and external threats.
In class; RED and BLUE Team Exercises have also been conducted in support of the complete Cyber Security Package to date.
This is a talk on enforcing better GDPR compliance, user data privacy, and “security by design” principles through the language and visual components of API documentation. Practical and immediately applicable tips and insights from a Technical Writer working in data security.
John Lorens shares his presentation about maintaining computer health. What do you need to know or do so that you can avoid bringing your computer into the shop.
Perimeter Defense in a World Without WallsDan Houser
Perimeter Defense when you don't have a perimeter, and how to change the paradigm to protect hosts, and hide from the bad guys. Introduction of the Big Freakin' Haystack project (that, sadly, went nowhere).
Similar to Information Security, some illustrated principles (20)
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
21. Terminology &
definitions
• Cryptographers and computer security
people talk a different language (e.g.
‘authentication’ vs ‘authorisation’)
• Integrity(Data authentication? Entity authentication?)
• Availability (Denial of Service? Non-repudiation?)
• Confidentiality
• Trust
22. Terminology &
definitions
• Cryptographers and computer security
people talk a different language (e.g.
‘authentication’ vs ‘authorisation’)
• Integrity(Data authentication? Entity authentication?)
• Availability (Denial of Service? Non-repudiation?)
• Confidentiality
• Trust
23. Terminology &
definitions
• Cryptographers and computer security
people talk a different language (e.g.
‘authentication’ vs ‘authorisation’)
• Integrity(Data authentication? Entity authentication?)
• Availability (Denial of Service? Non-repudiation?)
• Confidentiality
• Trust
24. Terminology &
definitions
• Cryptographers and computer security
people talk a different language (e.g.
‘authentication’ vs ‘authorisation’)
• Integrity(Data authentication? Entity authentication?)
• Availability (Denial of Service? Non-repudiation?)
• Confidentiality
• Trust
25. Terminology &
definitions
• Cryptographers and computer security
people talk a different language (e.g.
‘authentication’ vs ‘authorisation’)
• Integrity(Data authentication? Entity authentication?)
• Availability (Denial of Service? Non-repudiation?)
• Confidentiality
• Trust
26. Vertrouwen (trust)
➡ Dieter Gollman:
“Trust is not the ➡ Based on
concept that ➡ reputation
unifies security, it ➡ control and
is an absolute punishment
mess.”
➡ policy enforcement
➡ “If it is trusted, it ➡ ... or blind
can hurt you.”
27. Vertrouwen (trust)
➡ Dieter Gollman:
“Trust is not the ➡ Based on
concept that ➡ reputation
unifies security, it ➡ control and
is an absolute punishment
mess.”
➡ policy enforcement
➡ “If it is trusted, it ➡ ... or blind
can hurt you.”
28. Vertrouwen (trust)
➡ Dieter Gollman:
“Trust is not the ➡ Based on
concept that ➡ reputation
unifies security, it ➡ control and
is an absolute punishment
mess.”
➡ policy enforcement
➡ “If it is trusted, it ➡ ... or blind
can hurt you.”
40. Don’ts
• Security and complexity do not mix:
• operating system
• network architecture
• applications
• mobile code
• services: XML, SOAP, VoIP (through the firewall!)
• always on connections (botnets!)
41. Don’ts
• Security and complexity do not mix:
• operating system
• network architecture
• applications
• mobile code
• services: XML, SOAP, VoIP (through the firewall!)
• always on connections (botnets!)
42. Don’ts
• Security and complexity do not mix:
• operating system
• network architecture
• applications
• mobile code
• services: XML, SOAP, VoIP (through the firewall!)
• always on connections (botnets!)
43. Don’ts
• Security and complexity do not mix:
• operating system
• network architecture
• applications
• mobile code
• services: XML, SOAP, VoIP (through the firewall!)
• always on connections (botnets!)
44. Don’ts
• Security and complexity do not mix:
• operating system
• network architecture
• applications
• mobile code
• services: XML, SOAP, VoIP (through the firewall!)
• always on connections (botnets!)
45. Don’ts
• Security and complexity do not mix:
• operating system
• network architecture
• applications
• mobile code
• services: XML, SOAP, VoIP (through the firewall!)
• always on connections (botnets!)
46. Don’ts
• Security through obscurity:
• mobile phone systems: GSM in US
• DVD copyright protection (DVD Jon!)
• Sony rootkit
• Diebold voting machines
• Microsoft
• Cisco router OS
• physical locks
• blacking out text in PDF (hack: “read out loud”)
47. Don’ts
• Security through obscurity:
• mobile phone systems: GSM in US
• DVD copyright protection (DVD Jon!)
• Sony rootkit
• Diebold voting machines
• Microsoft
• Cisco router OS
• physical locks
• blacking out text in PDF (hack: “read out loud”)
48. Don’ts
• Security through obscurity:
• mobile phone systems: GSM in US
• DVD copyright protection (DVD Jon!)
• Sony rootkit
• Diebold voting machines
• Microsoft
• Cisco router OS
• physical locks
• blacking out text in PDF (hack: “read out loud”)
49. Don’ts
• Security through obscurity:
• mobile phone systems: GSM in US
• DVD copyright protection (DVD Jon!)
• Sony rootkit
• Diebold voting machines
• Microsoft
• Cisco router OS
• physical locks
• blacking out text in PDF (hack: “read out loud”)
50. Don’ts
• Security through obscurity:
• mobile phone systems: GSM in US
• DVD copyright protection (DVD Jon!)
• Sony rootkit
• Diebold voting machines
• Microsoft
• Cisco router OS
• physical locks
• blacking out text in PDF (hack: “read out loud”)
51. Don’ts
• Security through obscurity:
• mobile phone systems: GSM in US
• DVD copyright protection (DVD Jon!)
• Sony rootkit
• Diebold voting machines
• Microsoft
• Cisco router OS
• physical locks
• blacking out text in PDF (hack: “read out loud”)
52. Don’ts
• Security through obscurity:
• mobile phone systems: GSM in US
• DVD copyright protection (DVD Jon!)
• Sony rootkit
• Diebold voting machines
• Microsoft
• Cisco router OS
• physical locks
• blacking out text in PDF (hack: “read out loud”)
53. Don’ts
• Security through obscurity:
• mobile phone systems: GSM in US
• DVD copyright protection (DVD Jon!)
• Sony rootkit
• Diebold voting machines
• Microsoft
• Cisco router OS
• physical locks
• blacking out text in PDF (hack: “read out loud”)
54. Don’ts
• Risk avoidance:
• accept the risk
• reduce risk with technology
• reduce risk with procedures
• reduce risk with insurance
• reduce risk with disclaimers
• transfer the risk (e.g.: from data to key)
55. Don’ts
• Risk avoidance:
• accept the risk
• reduce risk with technology
• reduce risk with procedures
• reduce risk with insurance
• reduce risk with disclaimers
• transfer the risk (e.g.: from data to key)
56. Don’ts
• Risk avoidance:
• accept the risk
• reduce risk with technology
• reduce risk with procedures
• reduce risk with insurance
• reduce risk with disclaimers
• transfer the risk (e.g.: from data to key)
57. Don’ts
• Risk avoidance:
• accept the risk
• reduce risk with technology
• reduce risk with procedures
• reduce risk with insurance
• reduce risk with disclaimers
• transfer the risk (e.g.: from data to key)
58. Don’ts
• Risk avoidance:
• accept the risk
• reduce risk with technology
• reduce risk with procedures
• reduce risk with insurance
• reduce risk with disclaimers
• transfer the risk (e.g.: from data to key)
59. Don’ts
• Risk avoidance:
• accept the risk
• reduce risk with technology
• reduce risk with procedures
• reduce risk with insurance
• reduce risk with disclaimers
• transfer the risk (e.g.: from data to key)
60. Don’ts
• Security is not forever:
• Cryptography:
• 1958 vs now : peanuts
• now vs 2058 : ?
• Advances in:
• reverse engineering
• side channel attacks
61. Don’ts
• Security is not forever:
• Cryptography:
• 1958 vs now : peanuts
• now vs 2058 : ?
• Advances in:
• reverse engineering
• side channel attacks
62. Don’ts
• Security and complexity don’t mix
• Security through obscurity does not work
• 100% security doesn’t exist
• Security is not forever
79. Do’s
• Clearly state the assumptions behind the system.
• Need for integrated approach
• Find the right mix of technology and law
• Need for secure implementations
80. Secure implementations
• “Nothing is more practical than a good
theory”
• “Theory is important, at least in theory”
81. Secure implementations
• Consider:
• Secure software/hardware (orlly?)
• Side channel attacks
• Buffer overflows
• API errors
• Random number generators
• Model vs reality
96. Credits
• Introduction to security and course overview,
prof. dr. ir. Bart Preneel,
Intensive Program on Information and Communication Security, July 2006
• Google Images (most of the images)
• Sigridschrijft.be / Sony (Terminator 4 poster)