Google to pwn4ge in 60 minutes pt2
Download as PPT, PDF0 likes255 views
The document outlines 5 phases of a cyber attack and corresponding defenses: 1) Recon/Defense: Detect reconnaissance by doing it first through Google alerts and examining your own website vulnerabilities. 2) Scan/Defense: Slow scanning to avoid detection and monitor firewall logs to detect rivals. 3) Explore/Defense: Prevent drive-by browsing through good web development and human oversight. 4) Exploit/Defense: Prevent exploits like Netcat by not giving attackers system access and using strong admin passwords. 5) Expunge/Defense: Use Group Policy to prevent registry edits and log servers to detect removed events like patches. The overall message is that technology cannot solve security alone and defenses require understanding adversaries'
Google to pwn4ge in 60 minutes pt2
- 1. Google to Pwnag3 pt.II Preventing the Pwnag3 Jayson E. Street, CISSP, GSEC, GCIH, GCFA IEM, IAM, CCSE, CCSA, Security+, etc…
- 2. Let go of my EGO Lets start out with a little about yours truly. http://stratagem-one.com
- 3. Know yourself know your enemy Sun Wu (Tzu) “Ping-fa”(The Art of War) “ Thus it is said that one who knows the enemy and knows himself will not be endangered in a hundred engagements. One who does not know the enemy but knows himself will sometimes be victorious, sometimes meet with defeat. One who knows neither the enemy nor himself will invariably be defeated in every engagement!”
- 4. Contents INTRO Phase 1 Recon / Defense Phase 2 Scan / Defense Phase 3 Explore / Defense Phase 4 Exploit / Defense Phase 5 Expunge / Defense THE POINT! Resources Discussion
- 5. Phase 1 Recon / Defense The hardest one to detect so how do you defend against it? Easy you do it first! Google alerts Look at your website like you want to hack it. Go undercover (cyber-style) BEWARE!
- 6. Phase 2 Scan / Defense Stealth Scanning not always that stealthy. Nmap is NOISY!!!!11one11!!! Slow and steady steals the race (but watching your firewall logs can DQ most of your rivals).
- 7. Phase 3 Explore / Defense “ Some things aren't and never will be under your control.” Drive by browsing.= means your web developer is your bullet proof vest. The human touch. Is no match for a web head who takes pride in his work.
- 8. Phase 4 Exploit / Defense Netcat (wait a minute you let them get netcat on your system?????) Hashing it out. A good time to mention “If they have physical access to your system it is no longer your system.” Got R00T? Not if the admin password is 15 characters long and why shouldn’t it be?
- 9. Phase 5 Expunge / Defense Regedit no match for GPO which beats the NWO every time. Events what events? The ones on your remote log server right? Patch and clean (there are some bad people out there)
- 10. THE POINT! “ If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.” Bruce Schneier
- 11. Resources Without understanding where the opponent's weaknesses are you cannot borrow their strength to use against them. (Cheng Man Ching) http://www.infragard.net/chapters/oklahoma/ http://OSVDB.org http://isc.sans.org http://forums.stratagem-one.com (shameless plug) This presentation is located @ http://f0rb1dd3n.com/s1s/ WP /
- 12. Now let’s learn from others Discussion and Questions???? Or several minutes of uncomfortable silence it is your choice.
- 13. Once again those links http://www.infragard.net/chapters/oklahoma/ http://OSVDB.org http://isc.sans.org http://forums.stratagem-one.com (shameless plug) This presentation is located @ http://f0rb1dd3n.com/s1s/ WP /