Download to read offline
Map camp2020
- 1. CYBERSECURITY: WHY CONTEXT ISYOUR CROWN JEWELS GET TO KNOW THE SHARKS BY DR PETRA VUKMIROVIC CEH MAP CAMP BY @SWARDLEY
- 2. WHO AM I? • An Emergency Medicine Doctor – COVID Frontline Doctor March 2020 • Cyber Security Engineer in Glasswall • Wait – what?? • How? • With a little help from my friends – Wardley Maps • And a lot of hard work and determination
- 5. THE ROAD TOSUCCESS DISSERTATION – MACHINE LEARNING APPLICATION IN CYBER SECURITY SELF LEARNING UDEMY IMMERSIVE LABS HOME VM LAB PYTHON •Ladies of London Hacking Society Meetups Petra SKILLS LEARNED / IN PROGRESS OWASP TOP 10 CIA TRIAD RISK MANAGEMENT KALI LINUX VULNERABILITY SCANNING (NESSUS) WIRESHARK NETWORK SCANNING (NMAP) METASPLOIT SQLmap PYTHON FTK AUTOPSY March 2020
- 6. WHY DO INEED TO KNOW THE CONTEXT? • Know the waters that you are swimming in! • Are you swimming with sharks or dolphins? • Its also worth knowing the position of land on the horizon to swim towards to • Then you can figure out what you NEED to get there!
- 7. WHY CONTEXT? • Context awarenessis embedded in many professions and trained extensively with simulations (aviation and medicine – CPR) • Its even easier to do simulations in cyber security and Wardley Maps are just that - a theoretical simulation of the context and climate your business is in
- 8. MY MAP • Vulnerableor not vulnerable – the eternal question! • The strategy that we apply to vulnerability management depends on the context of the vulnerable software! • Can we apply a reverse Wardley Map methodology? • Think like an attacker! • Figure out their needs • And make sure they stay unfulfilled!
- 9. Black Hat Hacker VulnerableSoftware 0-day Exploit Internet Access Open Ports & Publicly facing IPs Hacking Framework Known Exploits a smart and skilled one!
- 11. THANK YOU FORYOU ATTENTION QUESTIONS / DISCUSSION TIME
Editor's Notes
- #8 Knowing the context enhances situational awareness The picture presents a major trauma team dealing with a patient. Individually they are all doing the right thing but there is something very wrong with this picture – in the context of a major trauma assessment there needs to be a trauma team lead at the end of the patient bed – directing the team while most importantly not being hands on to maintain situational awareness Similar in business, IT and cyber security – we focus on individual challenges, bug or vulnerabilities without being aware of the context they present in
- #10 We have our user – a hacker, and a smart and skilled one indeed What does the attacker need to work on? What is his strategy? Lets see… What are his/her needs? What are the capabilities needed to fulfil the needs? Hacking framework – Metasploit Framework (most common) or storm (powershell attacks – more custom) What does the attacker need to do? Where does he/she have to invest most time and money? Lets take away the capabilities on the right! – Internet access (hide our vulnerable MySQL server behind a DMZ), Open Ports and IP (hide behind a firewall – use access control on the open open ports), patch vulnerable software Then think about 0-day exploits (CDR) Context is everything – if our server is not connected to the internet we might not use our resources to patch it! If we have all our systems patched and tight access control systems in place and we are still concerned – we can think about 0-day vulnerability mitigation tactics