SlideShare a Scribd company logo

Let's Go To The Movies

Dennis M. Allen, CISSP
Dennis M. Allen, CISSP

The document provides a summary of various movies and their depictions of cybersecurity elements. It discusses movies from the 1980s like WarGames that showed early hacking concepts. Later movies like Sneakers, Hackers and The Net portrayed more modern hacking, malware and social engineering. Recent films like Blackhat and Untraceable showed advanced techniques like digital forensics, attribution and hackbacks. The document also lists some additional real world cybersecurity resources like breach reports, cyber fugitives and documentaries.

1 of 23
Download to read offline
Let’s Go To The Movies Introduction to Cybersecurity Dennis M. Allen https://www.linkedin.com/in/dennis-m-allen-cissp-a709724
NOW SHOWING
WarGames – 1983 © 1983 Metro-Goldwyn-Mayer Studios Inc. All Rights Reserved. http://www.imdb.com/title/tt0086567 PG Cybersecurity Elements 0:10:36 - 0:13:45 “Take the men out of the loop,” WOPR, big data, war gaming 0:17:35 - 0:17:55 Password insecurity 0:20:20 - 0:22:15 Old school tech, grade tampering 0:24:25 - 0:25:30 War dialing, “Saul’s fish market” 0:26:14 - 0:30:17 War dialing (Bank, PanAm, Games) 0:32:30 - 0:33:40 “Mr. Potatohead, back door’s are not secrets!” 0:38:28 - 0:45:35 Unauthorized access, Artificial Intelligence, Global Thermal Nuclear War, Operations Centers 1:03:47 - 1:06:10 Physical security and tone hacking 1:11:28 - 1: 12:45 Payphone hacking
Sneakers – 1992 http://www.imdb.com/title/tt0105435© 1992 Universal Pictures Studios, Inc. All Rights Reserved. PG-13 Cybersecurity Elements 0:01:45 - 0:03:05 Wire Fraud 0:05:15 - 0:10:58 Penetration Testing including social engineering & physical security: “Your communication lines are vulnerable, fire exits need to be monitored, and your rent-a-cops are a tad under trained” 0:11:38 - 0:14:20 Government hired hadckers 0:25:20 - 0:30:51 Reconnasaince, shoulder surfing, security bypass with cake & baloons 0:39:39 - 0:46:30 Electronics hacking, unauthorized access, code breaking 1:21:27 - 1:22:54 Dumpster diving – trash analysis 1:27:34 - 1:41:06 Security control bypass (guard, cameras, voice authentication, etc.), failure to review the security log!
Hackers – 1995 http://www.imdb.com/title/tt0113243© 1995 UNITED ARTISTS PICTURES INC. ALL RIGHTS RESERVED PG-13 Cybersecurity Elements 0:04:33 - 0:08:33 Social engineering (skip the war dialing), hacking a TV station 0:13:34 - 0:15:02 Student record modification, and hacker handles – poor Joey 0:18:53 - 0:20:02 Late night hacking, Sprinkler test 0:22:40 - 0:25:40 1984, Rainbow Books, Common Passwords & Attack methodology? 0:25:42 - 0:29:29 Joey hacks the Gibson as God and downloads some “Garbage” 0:31:13 - 0:31:18 Hack the planet, Tone hacking with Razor and Blade 0:33:00 - 0:33:40 USS collection and Interview, “These people are terrorists”
The Net – 1995 http://www.imdb.com/title/tt0113957© 1995 Columbia Pictures Industries, Inc. All Rights Reserved. PG-13 Cybersecurity Elements 0:03:38 - 0:05:14 Malware Analysis, Assembly Lang. 0:11:30 - 0:13:16 Clean versus Analyze? 0:14:17 - 0:15:06 Airplane navigation hacked 0:15:45 - 0:16:20 Runtime analysis, talent recruiting 0:17:22 - 0:17:56 Airport computer malfunction 0:19:00 - 0:20:50 Beach computing, Social Engineering 0:39:22 - 0:40:45 Identity manipulation 0:48:02 - 0:48:29 Cell phone tracking and triangulation 0:55:00 - 0:57:02 International ISP, unauthorized system access, IP attribution, medical records 0:57:28 - 0:59:29 Chat user attribution and recruiting 1:20:55 - 1:22:04 False sense of security from software 1:30:53 - 1:37:36 Physical security, Social Engineering, Terminal Echo, Command and Control App, Attribution 1:42:00 – 1:45:00 Hacking from RSA or MacWorld?
Track down / Takedown – 2000 http://www.imdb.com/title/tt0159784 R 2000 Dimension Films (presents) Millennium Films (in association with) Hacker Productions (copyright owner) Cybersecurity Elements 0:03:12 - 0:04:31 1st Meeting with undercover LE 0:05:50 - 0:06:53 Social Engineering for serial number and manufacturer info 0:07:22 - 0:08:45 Social Engineering for specs and docs 0:09:11 - 0:10:22 Switched Access Services – S.A.S., Telephone monitoring service for LE? 0:14:15 - 0:15:58 Mitnick Article 0:20:57 - 0:23:07 Rollerblading in a data center – “Challenge accepted!” 0:24:35 - 0:26:17 Stealing Nokitel code and deleting files (backups?) 0:27:23 - 0:27:42 Tape recorder tone dialing 0:28:55 - 0:30:25 Contempt virus 0:33:14 - 0:35:02 Messing with Agent Gibson (Water, Gas, Power) 0:35:51 - 0:39:01 Tsutomu Shimomura - Investigation (connections, firewalls, modems, log files) 0:47:17 - 0:49:03 CellularOne investigation, hijacking cell phones, cloning cards, signal tracking 1:01:05 - 1:03:52 Dumpster diving, Social Engineering and using University computing resources 1:04:50 - 1:07:42 ISP (Netcom) and identifying last hop (real PoP) 1:08:40 - 1:09:55 Civilian investigation – “What can we do?” 1:10:22 - 1:14:13 Social Engineering and using University computing 1:16:23 - 1:18:07 Trolling/Cell scope/ War driving 1:26:17 - 1:26:42 Packet Capture to recover lost files on final upload
Antitrust – 2001 http://www.imdb.com/title/tt0218817© METRO-GOLDWYN-MAYER PICTURES INC. (2001) PG-13 Cybersecurity Elements 0:00:20 - 0:03:35 Programming, “First Mover Advantage” 0:03:40 - 0:05:00 The Garage Business 0:09:36 - 0:19:00 Smart Home 0:10:10 - 0:10:34 Open Source/Free v. Software Business 0:11:35 - 0:12:58 Synapse architecture, backdoors, etc. 0:16:08 - 0:17:04 Government recruiting (42K and a Buick) 0:18:26 - 0:18:45 Security briefing 0:20:00 - 0:21:10 Programmer swag – The Egg 0:44:10 - 0:48:35 Tailgating, Building and Badge Security, Unlocked terminal with privileged access (Printed badge, altered security feeds) 0:49:40 - 1:00:24 Milo snooping – No multi-factor!!!!!! 0:54:00 - 1:00:24 Very detailed NURV employee database Good ol’ Linux CLI 1:27:39 Vehicle Tracking System 1:29:20 - 1:40:00 Milo versus Gary and who can access the Satellites faster, Release of Synapse source code to the world Other interesting points: •  Social Engineering to get an invite to the Art Museum Benefit •  Several Java code and compilation examples throughout
http://www.imdb.com/title/tt0244244 Swordfish – 2001 © 2001 Village Roadshow Films (BVI) Limited. All rights reserved. R Cybersecurity Elements 0:27:00 - 0:30:00 Performance Based Interview 0:51:40 – 0:53:00 Stashing worm generator code on an Internet accessible PDP-10 0:55:05 – 0:57:10 Creating the Hydra. Terrible, yet spectacular. Other interesting points: •  Ironically, the movie starts by stressing the importance of realism in movies •  Bad guys and good guys recruiting the same talent •  Computer facilitated crime funding terrorists To be clear – The technology is terrible!
Firewall – 2006 http://www.imdb.com/title/tt0408345© 2006 Warner Bros. Entertainment Inc. 2006 Village Roadshow (BMI) Limited. All rights reserved PG-13 Cybersecurity Elements 0:07:02 - 0:07:33 Wireshark and Cisco ACLs (kinda) 0:07:50 - 0:09:00 Boardroom and CISO challenges 0:10:42 - 0:11:15 ID Theft and dumpster diving 0:53:00 - 0:55:54 Building the scanner 0:58:07 - 1:01:52 Navigating the Data Center 1:02:50 - 1:08:08 Cat & Mouse (Catching an insider) 1:29:19 - 1:30:08 PET-NAV 3000
Untraceable – 2008 http://www.imdb.com/title/tt0880578© 2008 Lakeshore Entertainment Group LLC. All Rights Reserved. R Cybersecurity Elements 0:03:40 - 0:06:14 FBI Cyber tradecraft: - Chats, - Honeypots - Virtual machines - Fake data - Hack back authority? - Attribution 0:14:52 - 0:15:46 IP black holing, Fast flux DNS, Russian hosting, botnets of compromised hosts 0:56:52 - 0:57:05 Horsez – Trojan – RAT, unauthorized network access 1:22:20 – 1:23:20 Automobile hacking
Blackhat – 2015 http://www.imdb.com/title/tt2717822© 2015 Universal Studios. All Rights Reserved RCybersecurity Elements 0:01:28 - 0:06:03 Cooling system failure in 8 nuclear reactors – STUXNET-ish (about 1 min is good) 0:07:49 - 0:08:15 Thor’s prison phone/attack tool 0:09:02 - 0:10:15 RAT malware discussion (in Chinese). Motivations. Collaboration with FBI? 0:10:22 - 0:11:18 Profiling and discussion about Nation-state cyber 0:11:25 - 0:12:03 Initial code analysis – with some key pounding 0:13:50 - 0:18:00 Run up on Soy, Different authors for the RAT and the payload, Justifying use of a “blackhat” 0:23:38 - 0:25:30 Datacenter, fancy language, thumb print keyfab, a little CLI, insider threat 0:25:30 - 0:26:30 Some more ode analysis, and discussion for motives 0:31:00 - 0:31:50 Little bit of forensics (WRT hardware, TOR, chat/email history, impersonation) 0:39:48 - 0:41:00 Whois lookups and a little CLI from ghostman 0:48:16 - 0:54:40 Tracking the money mules and a little bluetooth signals tracking – GPG, 512-bit encryption 1:09:19 - 1:14:00 HD recovery from the hot zone, snippets of malware in memory, access “Black Widow” 1:14:45 - 1:15:15 Plausible deniability 1:16:11 - 1:17:32 Spear Phishing NSA with a malicious PDF/keylogger, Internet accessible systems, EtherApe? 1:18:18 - 1:18:59 Bulletproof hosting in Indonesia from hard drive recovery – some missing steps though 1:19:30 - 1:19:58 Hi resolution satellite imagery 1:37:07 - 1:39:00 Physical recon/security, same model pump controlled by the same model PLC, motivation reveal 1:42:00 - 1:43:45 Compromising the data center (with a car), physical access is key, more CLI to image hard drives 1:43:46 - 1:44:10 Malware source code analysis 1:45:38 - 1:47:05 Social Engineering, Removable media, Waiting for your shell, pivoting to banking apps 1:47:13 - 1:47:52 SSH and CLI trash talking – Linux command “write” 1:52:29 - 1:54:00 Fight hacking
•  Real Genius (1985), h3p://www.imdb.com/>tle/30089886 •  Pirates of Silicon Valley (1999), h3p://www.imdb.com/>tle/30168122 •  The Italian Job (2003), h3p://www.imdb.com/>tle/30317740 •  The Matrix Reloaded (2003), h3p://www.imdb.com/>tle/30234215 •  The Bourne Ul>matum (2007), h3p://www.imdb.com/>tle/30440963 •  Live Free or Die Hard (2007), h3p://www.imdb.com/>tle/30337978 •  The Girl with the Dragon Ta3oo (2009), h3p://www.imdb.com/>tle/31132620 •  The Social Network (2010), h3p://www.imdb.com/>tle/31285016 •  Tron Legacy (2011), h3p://www.imdb.com/>tle/31104001 •  Code 2600 (2011), h3p://www.imdb.com/>tle/31830538 •  Skyfall (2012), h3p://www.imdb.com/>tle/31074638 •  The Internship (2013), h3p://www.imdb.com/>tle/32234155 •  The Imita>on Game (2014), h3p://www.imdb.com/>tle/32084970 At the Dollar Cinema
•  Verizon Data Breach Report, h3p://www.verizonenterprise.com/DBIR •  FBI Cyber Most Wanted, h3p://www.^i.gov/wanted/cyber •  Digital Carjackers Show Off New A3acks, h3ps://www.youtube.com/watch?v=oqe6S6m73Zw •  NMAP in the movies, h3p://nmap.org/movies •  Bureau of Jus>ce Sta>s>cs, h3p://www.bjs.gov/index.cfm?ty=tp&>d=42 •  Opera>on Get Rich or Die Trying, h3p://www.hulu.com/watch/420138 •  FBI Warns of Cyber Terror, h3p://freebeacon.com/na>onal-security/^i-warns-of-an>-israel-cyber-a3acks •  Hackers Breach Major Law Enforcement Portal, h3ps://www.iden>tyforce.com/blog/hackers-breach-law-enforcement-portal-leo-gov •  PBS – NOVA Rise of the Hackers, h3p://www.pbs.org/wgbh/nova/tech/rise-of-the-hackers.html •  The first Na>on-state cyber weapon? h3p://www.wired.com/2014/11/countdown-to-zero-day-stuxnet •  Nasdaq hacked, h3p://www.bloomberg.com/bw/ar>cles/2014-07-17/how-russian-hackers-stole-the-nasdaq •  Kevin Mitnick now selling 0-days h3p://www.wired.com/2014/09/kevin-mitnick-selling-zero-day-exploits •  An Outlaw in Cyberspace, h3p://www.ny>mes.com/1996/02/04/books/an-outlaw-in-cyberspace.html?pagewanted=all •  Vulnerable Cri>cal Infrastructure, h3p://www.forbes.com/sites/realspin/2014/11/11/americas-cri>cal-infrastructure-is-vulnerable-to-cyber-a3acks •  Hackers successfully ground 1,400 passengers, h3p://www.cnn.com/2015/06/22/poli>cs/lot-polish-airlines-hackers-ground-planes/ •  Southwest: No evidence hackers caused flight delays, h3p://thehill.com/policy/cybersecurity/256676-southwest-no-evidence-hackers-caused-flight-delays •  Grade Tampering, h3p://www.nbclosangeles.com/news/local/Corona-del-Mar-High-School-Chea>ng-Hacking-Scandal-Tutor-242423361.html •  GPS Tracking, h3p://www.pe3racker.com •  Movie mistakes and trivia, h3p://www.moviemistakes.com Other Things to Check Out
Encore?
•  NetSmartz Workshop, h3p://www.netsmartz.org •  FBI Cyber Surf Islands, h3ps://sos.^i.gov •  CIA Kids’ Zone, h3ps://www.cia.gov/kids-page •  The Carnegie Cadets: MySecureCyberspace, h3p://www.carnegiecyberacademy.com •  CyberCIEGE, h3p://cisr.nps.edu/cyberciege •  Control-Alt-Hack, h3p://www.controlalthack.com •  Cyber Awareness Challenge, h3p://iase.disa.mil/eta/cyberchallenge/launchPage.htm •  OnGuardOnline.gov, h3p://www.onguardonline.gov •  PBS – Nova Cybersecurity Lab, h3p://www.pbs.org/wgbh/nova/labs/lab/cyber •  Using Video Games to Prepare the Next Genera>on Cyber Warriors h3p://resources.sei.cmu.edu/library/asset-view.cfm?assetID=442338 Games
Cyber-Fic*on •  Jeff Aiken Novels: Zero Day by Mark Russinovich and Howard Schmidt (Aug 2012) Trojan Horse by Mark Russinovich and Kevin Mitnick (Sep 2012) Rogue Code by Mark Russinovich (May 2014) •  Stealing the Network: How to Own the Box by Rayan Russell and others (May 2003) How to Own a Con>nent by FX and others (May 2004) How to Own an Iden>ty by Ryan Russell and others (May 2005) How to Own a Shadow by Johnny Long and others (Feb 2007) Non-Fic*on •  The Cuckoo’s Egg: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, Cliff Stoll •  Cyber War: The Next Threat to Na>onal Security and What to Do About It, Robert K. Knake •  Spam Na>on: The Inside Story of Organized Cybercrime –from Global Epidemic to Your Front Door by Brian Krebs •  America the Vulnerable: New Technology and the Next Threat to Na>onal Security by Joel Brenner •  Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen •  Countdown to Zero Day: Stuxnet and the Launch of th World’s First Digital Weapon by Kim Ze3er Books
•  Na>onal Ini>a>ve for Cybersecurity Careers and Studies, h3p://niccs.us-cert.gov •  Compe>>ons, h3p://niccs.us-cert.gov/training/tc/search/cmp/new •  Games & Programming, h3p://niccs.us-cert.gov/educa>on/cyber-games-and-programming •  Camps and Clubs, h3p://niccs.us-cert.gov/educa>on/cyber-camps-clubs •  University Examples •  Carnegie Mellon Picocr, h3ps://picocr.com •  Rochester Ins>tute of Technology CPTC, h3p://cptc.csec.rit.edu •  SANS Ins>tute •  NetWars, h3ps://www.sans.org/netwars/ •  Cyber Aces, h3p://cyberaces.org •  Other “Challenges” •  h3p://www.na>onalccdc.org •  h3p://www.cyberaces.org/compe>>ons/ •  h3p://www.uscyberchallenge.org •  Hacker Challenges (Ed Skoudis), •  h3p://www.counterhack.net/Counter_Hack/Challenges.html Competitions
•  Scholarship for Service h3ps://www.sfs.opm.gov/StudFAQ.aspx •  Na>onal Centers of Academic Excellence in Informa>on Assurance/ Cyber Defense h3ps://www.nsa.gov/ia/academic_outreach/nat_cae/ •  Professional Organiza>ons •  h3ps://www.rocissa.org •  h3ps://www.owasp.org/index.php/Rochester •  h3p://www.isaca.org/chapters11/Western-New-York Training, Education & Awareness
•  The 10 Most Notorious Hackers of All Time! (8:19) h3ps://www.youtube.com/watch?v=-XpPEmcnKCk •  5 Most Dangerous Hackers Of All Time (4:31) h3ps://www.youtube.com/watch?v=7UaPL5PGywo •  The Secret Interna>onal Cyber War Dividing Na>ons (42:17) h3ps://www.youtube.com/watch?v=zAS-agcQqEk •  25 Biggest Cyber A3acks in History (14:07) h3ps://www.youtube.com/watch?v=Zl_BQoJqClM •  Opera>on Get Rich or Die Trying (43:21) h3p://www.hulu.com/watch/420138 YouTube & Hulu – Must Watch
•  IT Free Training, h3p://www.youtube.com/user/irreetraining •  itTaster, h3p://www.youtube.com/user/i3aster •  Professor Messer, h3ps://www.youtube.com/user/professormesser •  StormWindLive, h3ps://www.youtube.com/user/StormWindLive •  Eli the Computer Guy, h3ps://www.youtube.com/user/elithecomputerguy •  Microsox Support Videos, h3ps://www.youtube.com/user/MicrosoxCSSVideo •  DansCourses, h3p://www.youtube.com/user/danscourses •  InfoSec Ins>tute Training, h3ps://www.youtube.com/user/InfoSecIns>tute •  Soxware Engineering Ins>tute, h3ps://www.youtube.com/user/TheSEICMU •  Hak5 (h3ps://hak5.org), h3ps://www.youtube.com/user/Hak5Darren YouTube Learning Channels
•  Cyber Aggregator, @cybfor •  The Hacker News, @TheHackersNews •  Team Cymru, @teamcymru •  WhiteHat Security, @whitehatsec •  Threatpost, @threatpost •  Briankrebs, @briankrebs Twitter
The End

Recommended

NAB Lessons Learned Paper Greig 2015
NAB Lessons Learned Paper Greig 2015NAB Lessons Learned Paper Greig 2015
NAB Lessons Learned Paper Greig 2015
Andrew Greig
 
Save Football in Peacehaven
Save Football in Peacehaven Save Football in Peacehaven
Save Football in Peacehaven
Jez Avens
 
BROCHURE INGLES 5 FUEGOS
BROCHURE INGLES 5 FUEGOSBROCHURE INGLES 5 FUEGOS
BROCHURE INGLES 5 FUEGOS
Xiomara Hills
 
NC & JS Working Draft 2
NC & JS Working Draft 2NC & JS Working Draft 2
NC & JS Working Draft 2
Nicole Corneau
 
الگوریتم ژنتیک
الگوریتم ژنتیکالگوریتم ژنتیک
الگوریتم ژنتیک
saeedeh ezzati
 
Resume
ResumeResume
Resume
Amit sharma
 
Linux
LinuxLinux
Linux
david montenegro
 
China kmr bearing manufacturer
China kmr bearing manufacturerChina kmr bearing manufacturer
China kmr bearing manufacturer
冬花 陈
 

Recommended

NAB Lessons Learned Paper Greig 2015
NAB Lessons Learned Paper Greig 2015NAB Lessons Learned Paper Greig 2015
NAB Lessons Learned Paper Greig 2015
Andrew Greig
 
Save Football in Peacehaven
Save Football in Peacehaven Save Football in Peacehaven
Save Football in Peacehaven
Jez Avens
 
BROCHURE INGLES 5 FUEGOS
BROCHURE INGLES 5 FUEGOSBROCHURE INGLES 5 FUEGOS
BROCHURE INGLES 5 FUEGOS
Xiomara Hills
 
NC & JS Working Draft 2
NC & JS Working Draft 2NC & JS Working Draft 2
NC & JS Working Draft 2
Nicole Corneau
 
الگوریتم ژنتیک
الگوریتم ژنتیکالگوریتم ژنتیک
الگوریتم ژنتیک
saeedeh ezzati
 
Resume
ResumeResume
Resume
Amit sharma
 
Linux
LinuxLinux
Linux
david montenegro
 
China kmr bearing manufacturer
China kmr bearing manufacturerChina kmr bearing manufacturer
China kmr bearing manufacturer
冬花 陈
 
La escuela y yo
La escuela y yoLa escuela y yo
La escuela y yo
Daniel Eduardo Pèrez Vàzquez
 
OCT-20
OCT-20OCT-20
OCT-20
Kavosh Havaledarnejad
 
Mantenimiento de una computadora copia
Mantenimiento de una computadora copiaMantenimiento de una computadora copia
Mantenimiento de una computadora copia
martin vasquez
 
Tecnología e informática tafur
Tecnología e informática tafurTecnología e informática tafur
Tecnología e informática tafur
Alejandro Caro
 
Quiz
Quiz Quiz
Quiz
VereinAuxilium
 
Resume Mackey
Resume MackeyResume Mackey
Resume Mackey
Leah Mackey
 
Crystal diner menu
Crystal diner menuCrystal diner menu
Crystal diner menu
Ahmad Alex Hamzy
 
hrm case analysis of magnum engineering pvt.ltd
hrm case analysis of magnum engineering pvt.ltdhrm case analysis of magnum engineering pvt.ltd
hrm case analysis of magnum engineering pvt.ltd
RECONNECT
 
La Familia
La FamiliaLa Familia
La Familia
Carla Ortiz
 
OIT_ Profile
OIT_ ProfileOIT_ Profile
OIT_ Profile
Alsafa Gazi
 
Paris Professional resume (1)
Paris Professional resume (1)Paris Professional resume (1)
Paris Professional resume (1)
Prabjot Kaur
 
El automóvil
El automóvil El automóvil
El automóvil
Maria Fernanda Ortiz Fernadez
 
Balagarden
BalagardenBalagarden
Balagarden
rosasbala
 
Tesina Master in E-Commerce Management Paolo Selce
Tesina Master in E-Commerce Management Paolo SelceTesina Master in E-Commerce Management Paolo Selce
Tesina Master in E-Commerce Management Paolo Selce
Paolo Selce
 
Practicacalificadadearticulodeopinion (1)jisus
Practicacalificadadearticulodeopinion (1)jisusPracticacalificadadearticulodeopinion (1)jisus
Practicacalificadadearticulodeopinion (1)jisus
jesuseduardm
 
Mantenimiento de una computadora
Mantenimiento de una computadora Mantenimiento de una computadora
Mantenimiento de una computadora
martin vasquez
 
Tutoría y participación de los padres en el marco legal
Tutoría y participación de los padres en el marco legalTutoría y participación de los padres en el marco legal
Tutoría y participación de los padres en el marco legal
Carla Ortiz
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 

More Related Content

Viewers also liked

La escuela y yo
La escuela y yoLa escuela y yo
La escuela y yo
Daniel Eduardo Pèrez Vàzquez
 
OCT-20
OCT-20OCT-20
OCT-20
Kavosh Havaledarnejad
 
Mantenimiento de una computadora copia
Mantenimiento de una computadora copiaMantenimiento de una computadora copia
Mantenimiento de una computadora copia
martin vasquez
 
Tecnología e informática tafur
Tecnología e informática tafurTecnología e informática tafur
Tecnología e informática tafur
Alejandro Caro
 
Quiz
Quiz Quiz
Quiz
VereinAuxilium
 
Resume Mackey
Resume MackeyResume Mackey
Resume Mackey
Leah Mackey
 
Crystal diner menu
Crystal diner menuCrystal diner menu
Crystal diner menu
Ahmad Alex Hamzy
 
hrm case analysis of magnum engineering pvt.ltd
hrm case analysis of magnum engineering pvt.ltdhrm case analysis of magnum engineering pvt.ltd
hrm case analysis of magnum engineering pvt.ltd
RECONNECT
 
La Familia
La FamiliaLa Familia
La Familia
Carla Ortiz
 
OIT_ Profile
OIT_ ProfileOIT_ Profile
OIT_ Profile
Alsafa Gazi
 
Paris Professional resume (1)
Paris Professional resume (1)Paris Professional resume (1)
Paris Professional resume (1)
Prabjot Kaur
 
El automóvil
El automóvil El automóvil
El automóvil
Maria Fernanda Ortiz Fernadez
 
Balagarden
BalagardenBalagarden
Balagarden
rosasbala
 
Tesina Master in E-Commerce Management Paolo Selce
Tesina Master in E-Commerce Management Paolo SelceTesina Master in E-Commerce Management Paolo Selce
Tesina Master in E-Commerce Management Paolo Selce
Paolo Selce
 
Practicacalificadadearticulodeopinion (1)jisus
Practicacalificadadearticulodeopinion (1)jisusPracticacalificadadearticulodeopinion (1)jisus
Practicacalificadadearticulodeopinion (1)jisus
jesuseduardm
 
Mantenimiento de una computadora
Mantenimiento de una computadora Mantenimiento de una computadora
Mantenimiento de una computadora
martin vasquez
 
Tutoría y participación de los padres en el marco legal
Tutoría y participación de los padres en el marco legalTutoría y participación de los padres en el marco legal
Tutoría y participación de los padres en el marco legal
Carla Ortiz
 

Viewers also liked (17)

La escuela y yo
La escuela y yoLa escuela y yo
La escuela y yo
 
OCT-20
OCT-20OCT-20
OCT-20
 
Mantenimiento de una computadora copia
Mantenimiento de una computadora copiaMantenimiento de una computadora copia
Mantenimiento de una computadora copia
 
Tecnología e informática tafur
Tecnología e informática tafurTecnología e informática tafur
Tecnología e informática tafur
 
Quiz
Quiz Quiz
Quiz
 
Resume Mackey
Resume MackeyResume Mackey
Resume Mackey
 
Crystal diner menu
Crystal diner menuCrystal diner menu
Crystal diner menu
 
hrm case analysis of magnum engineering pvt.ltd
hrm case analysis of magnum engineering pvt.ltdhrm case analysis of magnum engineering pvt.ltd
hrm case analysis of magnum engineering pvt.ltd
 
La Familia
La FamiliaLa Familia
La Familia
 
OIT_ Profile
OIT_ ProfileOIT_ Profile
OIT_ Profile
 
Paris Professional resume (1)
Paris Professional resume (1)Paris Professional resume (1)
Paris Professional resume (1)
 
El automóvil
El automóvil El automóvil
El automóvil
 
Balagarden
BalagardenBalagarden
Balagarden
 
Tesina Master in E-Commerce Management Paolo Selce
Tesina Master in E-Commerce Management Paolo SelceTesina Master in E-Commerce Management Paolo Selce
Tesina Master in E-Commerce Management Paolo Selce
 
Practicacalificadadearticulodeopinion (1)jisus
Practicacalificadadearticulodeopinion (1)jisusPracticacalificadadearticulodeopinion (1)jisus
Practicacalificadadearticulodeopinion (1)jisus
 
Mantenimiento de una computadora
Mantenimiento de una computadora Mantenimiento de una computadora
Mantenimiento de una computadora
 
Tutoría y participación de los padres en el marco legal
Tutoría y participación de los padres en el marco legalTutoría y participación de los padres en el marco legal
Tutoría y participación de los padres en el marco legal
 

Recently uploaded

System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 

Recently uploaded (20)

System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 

Let's Go To The Movies

  • 1. Let’s Go To The Movies Introduction to Cybersecurity Dennis M. Allen https://www.linkedin.com/in/dennis-m-allen-cissp-a709724
  • 3. WarGames – 1983 © 1983 Metro-Goldwyn-Mayer Studios Inc. All Rights Reserved. http://www.imdb.com/title/tt0086567 PG Cybersecurity Elements 0:10:36 - 0:13:45 “Take the men out of the loop,” WOPR, big data, war gaming 0:17:35 - 0:17:55 Password insecurity 0:20:20 - 0:22:15 Old school tech, grade tampering 0:24:25 - 0:25:30 War dialing, “Saul’s fish market” 0:26:14 - 0:30:17 War dialing (Bank, PanAm, Games) 0:32:30 - 0:33:40 “Mr. Potatohead, back door’s are not secrets!” 0:38:28 - 0:45:35 Unauthorized access, Artificial Intelligence, Global Thermal Nuclear War, Operations Centers 1:03:47 - 1:06:10 Physical security and tone hacking 1:11:28 - 1: 12:45 Payphone hacking
  • 4. Sneakers – 1992 http://www.imdb.com/title/tt0105435© 1992 Universal Pictures Studios, Inc. All Rights Reserved. PG-13 Cybersecurity Elements 0:01:45 - 0:03:05 Wire Fraud 0:05:15 - 0:10:58 Penetration Testing including social engineering & physical security: “Your communication lines are vulnerable, fire exits need to be monitored, and your rent-a-cops are a tad under trained” 0:11:38 - 0:14:20 Government hired hadckers 0:25:20 - 0:30:51 Reconnasaince, shoulder surfing, security bypass with cake & baloons 0:39:39 - 0:46:30 Electronics hacking, unauthorized access, code breaking 1:21:27 - 1:22:54 Dumpster diving – trash analysis 1:27:34 - 1:41:06 Security control bypass (guard, cameras, voice authentication, etc.), failure to review the security log!
  • 5. Hackers – 1995 http://www.imdb.com/title/tt0113243© 1995 UNITED ARTISTS PICTURES INC. ALL RIGHTS RESERVED PG-13 Cybersecurity Elements 0:04:33 - 0:08:33 Social engineering (skip the war dialing), hacking a TV station 0:13:34 - 0:15:02 Student record modification, and hacker handles – poor Joey 0:18:53 - 0:20:02 Late night hacking, Sprinkler test 0:22:40 - 0:25:40 1984, Rainbow Books, Common Passwords & Attack methodology? 0:25:42 - 0:29:29 Joey hacks the Gibson as God and downloads some “Garbage” 0:31:13 - 0:31:18 Hack the planet, Tone hacking with Razor and Blade 0:33:00 - 0:33:40 USS collection and Interview, “These people are terrorists”
  • 6. The Net – 1995 http://www.imdb.com/title/tt0113957© 1995 Columbia Pictures Industries, Inc. All Rights Reserved. PG-13 Cybersecurity Elements 0:03:38 - 0:05:14 Malware Analysis, Assembly Lang. 0:11:30 - 0:13:16 Clean versus Analyze? 0:14:17 - 0:15:06 Airplane navigation hacked 0:15:45 - 0:16:20 Runtime analysis, talent recruiting 0:17:22 - 0:17:56 Airport computer malfunction 0:19:00 - 0:20:50 Beach computing, Social Engineering 0:39:22 - 0:40:45 Identity manipulation 0:48:02 - 0:48:29 Cell phone tracking and triangulation 0:55:00 - 0:57:02 International ISP, unauthorized system access, IP attribution, medical records 0:57:28 - 0:59:29 Chat user attribution and recruiting 1:20:55 - 1:22:04 False sense of security from software 1:30:53 - 1:37:36 Physical security, Social Engineering, Terminal Echo, Command and Control App, Attribution 1:42:00 – 1:45:00 Hacking from RSA or MacWorld?
  • 7. Track down / Takedown – 2000 http://www.imdb.com/title/tt0159784 R 2000 Dimension Films (presents) Millennium Films (in association with) Hacker Productions (copyright owner) Cybersecurity Elements 0:03:12 - 0:04:31 1st Meeting with undercover LE 0:05:50 - 0:06:53 Social Engineering for serial number and manufacturer info 0:07:22 - 0:08:45 Social Engineering for specs and docs 0:09:11 - 0:10:22 Switched Access Services – S.A.S., Telephone monitoring service for LE? 0:14:15 - 0:15:58 Mitnick Article 0:20:57 - 0:23:07 Rollerblading in a data center – “Challenge accepted!” 0:24:35 - 0:26:17 Stealing Nokitel code and deleting files (backups?) 0:27:23 - 0:27:42 Tape recorder tone dialing 0:28:55 - 0:30:25 Contempt virus 0:33:14 - 0:35:02 Messing with Agent Gibson (Water, Gas, Power) 0:35:51 - 0:39:01 Tsutomu Shimomura - Investigation (connections, firewalls, modems, log files) 0:47:17 - 0:49:03 CellularOne investigation, hijacking cell phones, cloning cards, signal tracking 1:01:05 - 1:03:52 Dumpster diving, Social Engineering and using University computing resources 1:04:50 - 1:07:42 ISP (Netcom) and identifying last hop (real PoP) 1:08:40 - 1:09:55 Civilian investigation – “What can we do?” 1:10:22 - 1:14:13 Social Engineering and using University computing 1:16:23 - 1:18:07 Trolling/Cell scope/ War driving 1:26:17 - 1:26:42 Packet Capture to recover lost files on final upload
  • 8. Antitrust – 2001 http://www.imdb.com/title/tt0218817© METRO-GOLDWYN-MAYER PICTURES INC. (2001) PG-13 Cybersecurity Elements 0:00:20 - 0:03:35 Programming, “First Mover Advantage” 0:03:40 - 0:05:00 The Garage Business 0:09:36 - 0:19:00 Smart Home 0:10:10 - 0:10:34 Open Source/Free v. Software Business 0:11:35 - 0:12:58 Synapse architecture, backdoors, etc. 0:16:08 - 0:17:04 Government recruiting (42K and a Buick) 0:18:26 - 0:18:45 Security briefing 0:20:00 - 0:21:10 Programmer swag – The Egg 0:44:10 - 0:48:35 Tailgating, Building and Badge Security, Unlocked terminal with privileged access (Printed badge, altered security feeds) 0:49:40 - 1:00:24 Milo snooping – No multi-factor!!!!!! 0:54:00 - 1:00:24 Very detailed NURV employee database Good ol’ Linux CLI 1:27:39 Vehicle Tracking System 1:29:20 - 1:40:00 Milo versus Gary and who can access the Satellites faster, Release of Synapse source code to the world Other interesting points: •  Social Engineering to get an invite to the Art Museum Benefit •  Several Java code and compilation examples throughout
  • 9. http://www.imdb.com/title/tt0244244 Swordfish – 2001 © 2001 Village Roadshow Films (BVI) Limited. All rights reserved. R Cybersecurity Elements 0:27:00 - 0:30:00 Performance Based Interview 0:51:40 – 0:53:00 Stashing worm generator code on an Internet accessible PDP-10 0:55:05 – 0:57:10 Creating the Hydra. Terrible, yet spectacular. Other interesting points: •  Ironically, the movie starts by stressing the importance of realism in movies •  Bad guys and good guys recruiting the same talent •  Computer facilitated crime funding terrorists To be clear – The technology is terrible!
  • 10. Firewall – 2006 http://www.imdb.com/title/tt0408345© 2006 Warner Bros. Entertainment Inc. 2006 Village Roadshow (BMI) Limited. All rights reserved PG-13 Cybersecurity Elements 0:07:02 - 0:07:33 Wireshark and Cisco ACLs (kinda) 0:07:50 - 0:09:00 Boardroom and CISO challenges 0:10:42 - 0:11:15 ID Theft and dumpster diving 0:53:00 - 0:55:54 Building the scanner 0:58:07 - 1:01:52 Navigating the Data Center 1:02:50 - 1:08:08 Cat & Mouse (Catching an insider) 1:29:19 - 1:30:08 PET-NAV 3000
  • 11. Untraceable – 2008 http://www.imdb.com/title/tt0880578© 2008 Lakeshore Entertainment Group LLC. All Rights Reserved. R Cybersecurity Elements 0:03:40 - 0:06:14 FBI Cyber tradecraft: - Chats, - Honeypots - Virtual machines - Fake data - Hack back authority? - Attribution 0:14:52 - 0:15:46 IP black holing, Fast flux DNS, Russian hosting, botnets of compromised hosts 0:56:52 - 0:57:05 Horsez – Trojan – RAT, unauthorized network access 1:22:20 – 1:23:20 Automobile hacking
  • 12. Blackhat – 2015 http://www.imdb.com/title/tt2717822© 2015 Universal Studios. All Rights Reserved RCybersecurity Elements 0:01:28 - 0:06:03 Cooling system failure in 8 nuclear reactors – STUXNET-ish (about 1 min is good) 0:07:49 - 0:08:15 Thor’s prison phone/attack tool 0:09:02 - 0:10:15 RAT malware discussion (in Chinese). Motivations. Collaboration with FBI? 0:10:22 - 0:11:18 Profiling and discussion about Nation-state cyber 0:11:25 - 0:12:03 Initial code analysis – with some key pounding 0:13:50 - 0:18:00 Run up on Soy, Different authors for the RAT and the payload, Justifying use of a “blackhat” 0:23:38 - 0:25:30 Datacenter, fancy language, thumb print keyfab, a little CLI, insider threat 0:25:30 - 0:26:30 Some more ode analysis, and discussion for motives 0:31:00 - 0:31:50 Little bit of forensics (WRT hardware, TOR, chat/email history, impersonation) 0:39:48 - 0:41:00 Whois lookups and a little CLI from ghostman 0:48:16 - 0:54:40 Tracking the money mules and a little bluetooth signals tracking – GPG, 512-bit encryption 1:09:19 - 1:14:00 HD recovery from the hot zone, snippets of malware in memory, access “Black Widow” 1:14:45 - 1:15:15 Plausible deniability 1:16:11 - 1:17:32 Spear Phishing NSA with a malicious PDF/keylogger, Internet accessible systems, EtherApe? 1:18:18 - 1:18:59 Bulletproof hosting in Indonesia from hard drive recovery – some missing steps though 1:19:30 - 1:19:58 Hi resolution satellite imagery 1:37:07 - 1:39:00 Physical recon/security, same model pump controlled by the same model PLC, motivation reveal 1:42:00 - 1:43:45 Compromising the data center (with a car), physical access is key, more CLI to image hard drives 1:43:46 - 1:44:10 Malware source code analysis 1:45:38 - 1:47:05 Social Engineering, Removable media, Waiting for your shell, pivoting to banking apps 1:47:13 - 1:47:52 SSH and CLI trash talking – Linux command “write” 1:52:29 - 1:54:00 Fight hacking
  • 13. •  Real Genius (1985), h3p://www.imdb.com/>tle/30089886 •  Pirates of Silicon Valley (1999), h3p://www.imdb.com/>tle/30168122 •  The Italian Job (2003), h3p://www.imdb.com/>tle/30317740 •  The Matrix Reloaded (2003), h3p://www.imdb.com/>tle/30234215 •  The Bourne Ul>matum (2007), h3p://www.imdb.com/>tle/30440963 •  Live Free or Die Hard (2007), h3p://www.imdb.com/>tle/30337978 •  The Girl with the Dragon Ta3oo (2009), h3p://www.imdb.com/>tle/31132620 •  The Social Network (2010), h3p://www.imdb.com/>tle/31285016 •  Tron Legacy (2011), h3p://www.imdb.com/>tle/31104001 •  Code 2600 (2011), h3p://www.imdb.com/>tle/31830538 •  Skyfall (2012), h3p://www.imdb.com/>tle/31074638 •  The Internship (2013), h3p://www.imdb.com/>tle/32234155 •  The Imita>on Game (2014), h3p://www.imdb.com/>tle/32084970 At the Dollar Cinema
  • 14. •  Verizon Data Breach Report, h3p://www.verizonenterprise.com/DBIR •  FBI Cyber Most Wanted, h3p://www.^i.gov/wanted/cyber •  Digital Carjackers Show Off New A3acks, h3ps://www.youtube.com/watch?v=oqe6S6m73Zw •  NMAP in the movies, h3p://nmap.org/movies •  Bureau of Jus>ce Sta>s>cs, h3p://www.bjs.gov/index.cfm?ty=tp&>d=42 •  Opera>on Get Rich or Die Trying, h3p://www.hulu.com/watch/420138 •  FBI Warns of Cyber Terror, h3p://freebeacon.com/na>onal-security/^i-warns-of-an>-israel-cyber-a3acks •  Hackers Breach Major Law Enforcement Portal, h3ps://www.iden>tyforce.com/blog/hackers-breach-law-enforcement-portal-leo-gov •  PBS – NOVA Rise of the Hackers, h3p://www.pbs.org/wgbh/nova/tech/rise-of-the-hackers.html •  The first Na>on-state cyber weapon? h3p://www.wired.com/2014/11/countdown-to-zero-day-stuxnet •  Nasdaq hacked, h3p://www.bloomberg.com/bw/ar>cles/2014-07-17/how-russian-hackers-stole-the-nasdaq •  Kevin Mitnick now selling 0-days h3p://www.wired.com/2014/09/kevin-mitnick-selling-zero-day-exploits •  An Outlaw in Cyberspace, h3p://www.ny>mes.com/1996/02/04/books/an-outlaw-in-cyberspace.html?pagewanted=all •  Vulnerable Cri>cal Infrastructure, h3p://www.forbes.com/sites/realspin/2014/11/11/americas-cri>cal-infrastructure-is-vulnerable-to-cyber-a3acks •  Hackers successfully ground 1,400 passengers, h3p://www.cnn.com/2015/06/22/poli>cs/lot-polish-airlines-hackers-ground-planes/ •  Southwest: No evidence hackers caused flight delays, h3p://thehill.com/policy/cybersecurity/256676-southwest-no-evidence-hackers-caused-flight-delays •  Grade Tampering, h3p://www.nbclosangeles.com/news/local/Corona-del-Mar-High-School-Chea>ng-Hacking-Scandal-Tutor-242423361.html •  GPS Tracking, h3p://www.pe3racker.com •  Movie mistakes and trivia, h3p://www.moviemistakes.com Other Things to Check Out
  • 16. •  NetSmartz Workshop, h3p://www.netsmartz.org •  FBI Cyber Surf Islands, h3ps://sos.^i.gov •  CIA Kids’ Zone, h3ps://www.cia.gov/kids-page •  The Carnegie Cadets: MySecureCyberspace, h3p://www.carnegiecyberacademy.com •  CyberCIEGE, h3p://cisr.nps.edu/cyberciege •  Control-Alt-Hack, h3p://www.controlalthack.com •  Cyber Awareness Challenge, h3p://iase.disa.mil/eta/cyberchallenge/launchPage.htm •  OnGuardOnline.gov, h3p://www.onguardonline.gov •  PBS – Nova Cybersecurity Lab, h3p://www.pbs.org/wgbh/nova/labs/lab/cyber •  Using Video Games to Prepare the Next Genera>on Cyber Warriors h3p://resources.sei.cmu.edu/library/asset-view.cfm?assetID=442338 Games
  • 17. Cyber-Fic*on •  Jeff Aiken Novels: Zero Day by Mark Russinovich and Howard Schmidt (Aug 2012) Trojan Horse by Mark Russinovich and Kevin Mitnick (Sep 2012) Rogue Code by Mark Russinovich (May 2014) •  Stealing the Network: How to Own the Box by Rayan Russell and others (May 2003) How to Own a Con>nent by FX and others (May 2004) How to Own an Iden>ty by Ryan Russell and others (May 2005) How to Own a Shadow by Johnny Long and others (Feb 2007) Non-Fic*on •  The Cuckoo’s Egg: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, Cliff Stoll •  Cyber War: The Next Threat to Na>onal Security and What to Do About It, Robert K. Knake •  Spam Na>on: The Inside Story of Organized Cybercrime –from Global Epidemic to Your Front Door by Brian Krebs •  America the Vulnerable: New Technology and the Next Threat to Na>onal Security by Joel Brenner •  Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen •  Countdown to Zero Day: Stuxnet and the Launch of th World’s First Digital Weapon by Kim Ze3er Books
  • 18. •  Na>onal Ini>a>ve for Cybersecurity Careers and Studies, h3p://niccs.us-cert.gov •  Compe>>ons, h3p://niccs.us-cert.gov/training/tc/search/cmp/new •  Games & Programming, h3p://niccs.us-cert.gov/educa>on/cyber-games-and-programming •  Camps and Clubs, h3p://niccs.us-cert.gov/educa>on/cyber-camps-clubs •  University Examples •  Carnegie Mellon Picocr, h3ps://picocr.com •  Rochester Ins>tute of Technology CPTC, h3p://cptc.csec.rit.edu •  SANS Ins>tute •  NetWars, h3ps://www.sans.org/netwars/ •  Cyber Aces, h3p://cyberaces.org •  Other “Challenges” •  h3p://www.na>onalccdc.org •  h3p://www.cyberaces.org/compe>>ons/ •  h3p://www.uscyberchallenge.org •  Hacker Challenges (Ed Skoudis), •  h3p://www.counterhack.net/Counter_Hack/Challenges.html Competitions
  • 19. •  Scholarship for Service h3ps://www.sfs.opm.gov/StudFAQ.aspx •  Na>onal Centers of Academic Excellence in Informa>on Assurance/ Cyber Defense h3ps://www.nsa.gov/ia/academic_outreach/nat_cae/ •  Professional Organiza>ons •  h3ps://www.rocissa.org •  h3ps://www.owasp.org/index.php/Rochester •  h3p://www.isaca.org/chapters11/Western-New-York Training, Education & Awareness
  • 20. •  The 10 Most Notorious Hackers of All Time! (8:19) h3ps://www.youtube.com/watch?v=-XpPEmcnKCk •  5 Most Dangerous Hackers Of All Time (4:31) h3ps://www.youtube.com/watch?v=7UaPL5PGywo •  The Secret Interna>onal Cyber War Dividing Na>ons (42:17) h3ps://www.youtube.com/watch?v=zAS-agcQqEk •  25 Biggest Cyber A3acks in History (14:07) h3ps://www.youtube.com/watch?v=Zl_BQoJqClM •  Opera>on Get Rich or Die Trying (43:21) h3p://www.hulu.com/watch/420138 YouTube & Hulu – Must Watch
  • 21. •  IT Free Training, h3p://www.youtube.com/user/irreetraining •  itTaster, h3p://www.youtube.com/user/i3aster •  Professor Messer, h3ps://www.youtube.com/user/professormesser •  StormWindLive, h3ps://www.youtube.com/user/StormWindLive •  Eli the Computer Guy, h3ps://www.youtube.com/user/elithecomputerguy •  Microsox Support Videos, h3ps://www.youtube.com/user/MicrosoxCSSVideo •  DansCourses, h3p://www.youtube.com/user/danscourses •  InfoSec Ins>tute Training, h3ps://www.youtube.com/user/InfoSecIns>tute •  Soxware Engineering Ins>tute, h3ps://www.youtube.com/user/TheSEICMU •  Hak5 (h3ps://hak5.org), h3ps://www.youtube.com/user/Hak5Darren YouTube Learning Channels
  • 22. •  Cyber Aggregator, @cybfor •  The Hacker News, @TheHackersNews •  Team Cymru, @teamcymru •  WhiteHat Security, @whitehatsec •  Threatpost, @threatpost •  Briankrebs, @briankrebs Twitter