wuerthphoenix neteye presentation

1

2… more than software© Würth Phoenix – December 2020

OUR PORTFOLIO

ERPIT System &

Service MGMTCRM

Business intelligence

CyberSECURITY

BUSINESSCONSULTING

SYSTEMINTEGRATION

PROJECTMANAGEMENT

SOFTWAREDEVELOPMENT

TRAINING SUPPORT

2

3

DATA & FACTS

3© Würth Phoenix

10.467.311.280 pwned accounts

2020

90% malware

comes from email

Over 43 billion yearly spent

Threatsconstantly evolving

75% of violations

are caused by human error

… more than software

Cybercrime will never end because it is profitable and low risk

4

CYBER SECURITY

4© Würth Phoenix

OFFENSIVE

PENETRATION TEST

SOCIAL ENGINEERING

RED TEAMING

DEFENSIVE

PASSWORD AUDIT

EXPOSURE ASSESSMENT

VULNERABILITY ASSESSMENT

GAP ANALYSIS

SECURITY TRAINING

OneTime | SaaS | SaaS&Managed

OneTime | On-Prem

… more than software

55© Würth Phoenix

EXPOSURE ASSESSMENTOne Time | SaaS | SaaS & Managed

DEFENSIVE

6

Verification of exposed resources

Reproduction of the attacker's point of view

Reconnaissance phase simulation

Mitigation and remediation actions

WHAT

EXPOSURE ASSESSMENT | One Time

6© Würth Phoenix D E F E N S I V E

OSINT

7

EXPOSURE ASSESSMENT | One Time

7© Würth Phoenix D E F E N S I V E

HOW

Company inputs collection

Objects collection

Research of weaknesses

Research of correlations

Creation of a detailed report

Report presentation

Domain(s) | Keywords

Hostnames | IP addresses | Account e-mail

Remotely

8

EXPOSURE ASSESSMENT | One Time

8© Würth Phoenix D E F E N S I V E

WHERE

Surface Web

Deep Web

Dark Web

Paste Site Search |Open Bug Bounty | Brand ReputationSocial Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums

Data Breach Databases | TOR Network |Cyber Attacker Group Sites

Google Dorks | Organization website

9

Verification of exposed resources

Reproduction of the attacker's point of view

Reconnaissance phase simulation

Mitigation and remediation actions

WHAT

EXPOSURE ASSESSMENT | SaaS

9© Würth Phoenix D E F E N S I V E

OSINT

10

EXPOSURE ASSESSMENT | SaaS

10© Würth Phoenix D E F E N S I V E

HOW

Domain(s) | keywords

Hostnames | IP address | E-mail account

Graphs | Reports | Stats | Notifications

Company inputs collection

Continuous objects collection

Research of weaknesses

Research of correlations

Autonomous use of SATAYO Portal

API for Monitoring platforms

Notification via Telegram and e-mail

Daily report generation

NetEye

11

EXPOSURE ASSESSMENT | SaaS

11© Würth Phoenix D E F E N S I V E

WHERE

Surface Web

Deep Web

Dark Web

Paste Site Search |Open Bug Bounty | Brand ReputationSocial Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums

Data Breach Databases | TOR Network |Cyber Attacker Group Sites

Google Dorks | Organization website

12

Verification of exposed resources

Reproduction of the attacker's point of view

Reconnaissance phase simulation

Mitigation and remediation actions

WHAT

EXPOSURE ASSESSMENT | SaaS & Managed

12© Würth Phoenix D E F E N S I V E

OSINT

13

EXPOSURE ASSESSMENT | SaaS & Managed

13© Würth Phoenix D E F E N S I V E

HOW

Domain(s) | keywords

Hostnames | IP address | E-mail account

Graphs | Reports | Stats | Notifications

Company inputs collection

Continuous objects collection

Research of weaknesses

Research of correlations

Joinly use of SATAYO Web Portal

API for Monitoring platform

Analysis and solution proposal

Daily report generation

Ticket | Phone call | E-mail

NetEye

14

EXPOSURE ASSESSMENT | SaaS & Managed

14© Würth Phoenix D E F E N S I V E

WHERE

Surface Web

Deep Web

Dark Web

Paste Site Search |Open Bug Bounty | Brand ReputationSocial Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums

Data Breach Databases | TOR Network |Cyber Attacker Group Sites

Google Dorks | Organization website

15

SATAYO provides detected evidences (per

domain) appropriately filtered on the basis of

sources and keywords selected by cyber

security analysts team1.

EXPOSURE ASSESSMENT SaaS |

15© Würth Phoenix D E F E N S I V E

DEEP & DARK WEB

Ursula von derLeyenPresidente della Commissione europea

Ursula Gertrud von der Leyen, nata Albrecht, è una politica tedesca,

membro della CDU e Presidente della Commissione europea dal 1°

Dicembre 2019. Wikipedia

1 All members of our team are CEH (Certified Ethical Hacker) certified and are required to observe a specific code of ethics.

Source: https://doxbin.org/

16

SATAYO is able to provide extracts of passwordsand accounts used to register on services that havesuffered data breaches; these are constantlyupdated by our cyber security analysts team.

DATA BREACH

EXPOSURE ASSESSMENT SaaS |

16© Würth Phoenix D E F E N S I V E

No metric can be used with certainty toindicate how costly the data breach ofa single access credential might be. Thepotential actions stemming from thatdata breach are wide-ranging and thevalues are calculated on the basis ofthe risk assessment specific to eachorganization.

Some examples

Unicredit (600k)

Università Campus Bio-medico di Roma (20k)

1717© Würth Phoenix D E F E N S I V E

SIMILAR DOMAINS

EXPOSURE ASSESSMENT SaaS |

xn--teslamtors-dx3e.com teslamọtors.com

SATAYO is able to detect registered

domains that are similar to the one used by

your organization. In fact they could be

potentially used to generate targeted phishing

attacks (spear phishing).

18

SATAYO shows an extraction of the

evidences (example: logs, config. files,

passwords, etc...) detected within the

repositories used by the developers of the

organization.

18© Würth Phoenix D E F E N S I V E

REPOSITORY

EXPOSURE ASSESSMENT SaaS |

19

SATAYO shows the weaknesses detected on

the organization's resources:

unmanaged social pages poorly configured mail servers SSL misconfigurations management ports insecure protocols

WEAKNESSES

19© Würth Phoenix D E F E N S I V E

EXPOSURE ASSESSMENT SaaS |

20

VULNERABILITY ASSESSMENTOne Time | On-Prem

20© Würth Phoenix

DEFENSIVE

21

WHAT

VULNERABILITY ASSESSMENT | One Time

21© Würth Phoenix D E F E N S I V E

Vulnerabilities identifications

Vulnerabilities quantification

Vulnerabilities prioritization

22

VULNERABILITY ASSESSMENT | One Time

22© Würth Phoenix D E F E N S I V E

HOW

Private IP addresses | Public IP addressesScope of engagement definition

Cataloging of assets & resources

Identification of vulnerabilities for each resource

Vulnerability analysis and solution proposal

Creation of a detailed report

Report presentation Remotely

23

VULNERABILITY ASSESSMENT | One Time

23© Würth Phoenix D E F E N S I V E

WHERE

Networking equipments

WiFi

Server & clients

IoT & IIoT

24

WHAT

VULNERABILITY ASSESSMENT | On-Prem

24© Würth Phoenix D E F E N S I V E

Vulnerabilities identifications

Vulnerabilities quantification

Vulnerabilities prioritization

25

VULNERABILITY ASSESSMENT | On-Prem

25© Würth Phoenix D E F E N S I V E

HOW

Private IP addresses | Public IP addressesScope of engagement definition

Cataloging assets & resources

Continuous identification of vulnerabilities

Integration of 3rd party system Monitoring | SIEM

For each resource

26

VULNERABILITY ASSESSMENT | On-Prem

26© Würth Phoenix D E F E N S I V E

WHERE

Networking equipments

Server & clients

IoT & IIoT

27

GAP ANALYSIS

27© Würth Phoenix

DEFENSIVE

28

WHAT

GAP ANALYSIS

28© Würth Phoenix D E F E N S I V E

Identification of current risk controls

Identification of residual risks

2929© Würth Phoenix D E F E N S I V E

HOW

Interview to organization key people

Use of CIS Controls

Analysis of «AS IS»

Identification of «TO BE» set of cyber actions

Creation of a detailed report

Report presentation

GAP ANALYSIS

TM

Remotely

3030© Würth Phoenix D E F E N S I V E

WHERE

GAP ANALYSIS

Physical interview

Remote interview

3131© Würth Phoenix

SECURITY TRAINING

DEFENSIVE

32

WHAT

32© Würth Phoenix D E F E N S I V E

SECURITY TRAINING

Cyber Security Essential

Cyber Security Intermediate

Cyber Security Advanced

Exposure Analysis with OSINT

Social Engineering + ETEL game

Industrial Control System Security

Tailored to the needs of the organization

3333© Würth Phoenix D E F E N S I V E

HOW

SECURITY TRAINING

Class room

Training on the job

3434© Würth Phoenix D E F E N S I V E

WHERE

SECURITY TRAINING

Customer site

Würth Phoenix

Microsoft Teams

35

PENETRATION TEST

35© Würth Phoenix

OFFENSIVE

36

WHAT

O F F E N S I V E 36© Würth Phoenix

Exploits detected vulnerabilities

Performed according to standard methodology

PENETRATION TEST

37

HOW

Vulnerability Assessment

Research on vulnerabilities exploitation

Exploit

Creation of a detailed report

Report Presentation

PENETRATION TEST

O F F E N S I V E 37© Würth Phoenix

NIST Methodology

38

WHERE

PENETRATION TEST

O F F E N S I V E 38© Würth Phoenix

Networking equipments

WiFi

Server & clients

IoT & IIoT

Web services

Web applications

Mobile applications

39

PASSWORD AUDIT

39© Würth Phoenix

OFFENSIVE

40

WHAT

O F F E N S I V E 40© Würth Phoenix

Dictionary attack

Rainbow Table attack

Brute Force attack

Hybrid attack

PASSWORD AUDIT

41

HOW

Company inputs collection

Cracking execution

Creation of a detailed report

Report presentation

PASSWORD AUDIT

O F F E N S I V E 41© Würth Phoenix

Password hashes

One method | Multi method

Remotely

42

WHERE

PASSWORD AUDIT

O F F E N S I V E 42© Würth Phoenix

Active Directory

Database

WiFi

4343© Würth Phoenix

SOCIAL ENGINEERING

OFFENSIVE

44

WHAT

O F F E N S I V E 44© Würth Phoenix

Exploits of human factor

SOCIAL ENGINEERING

45

HOW

SOCIAL ENGINEERING

O F F E N S I V E 45© Würth Phoenix

Phishing | Dumpster diving | Evil TwinImpersonation | Baiting | Vishing | Lockpicking

Choice of Attack Vector(s)

Info gathering

Attack simulation

Creation of a detailed report

Report presentation

OSINT

46

WHERE

SOCIAL ENGINEERING

O F F E N S I V E 46© Würth Phoenix

Employees

Top management

Key people

4747© Würth Phoenix

RED TEAMING

OFFENSIVE

48

WHAT

O F F E N S I V E 48© Würth Phoenix

RED TEAMING

Multi-layered attack simulation

Organization's detection and response capabilities test

Focuses on the objectives rather than on used methods

49

HOW

RED TEAMING

O F F E N S I V E 49© Würth Phoenix

Info gathering

Identification of weaknesses

Attack simulation

Creation of a detailed report

Report presentation

OSINT

Remotely

50

WHERE

RED TEAMING

O F F E N S I V E 50© Würth Phoenix

All organizational resources

51

THE RIGHT SERVICE

… more than software© Würth Phoenix 51

PEOPLE

PROCESS

IT SERVICES

ORGANIZATION

INCREASING AWARENESS

POSTURE COMPLIANCY

SECURITY IMPROVEMENT

INCIDENT DETECTION

RESPONSE CAPABILITY

SECURITY TRAINING

SOCIAL ENGINEERING

PASSWORDAUDIT

GAP ANALYSIS

PENETRATION TEST

EXPOSURE ASSESSMENT

RED TEAMING

VULNERABILITYASSESSMENT

52© Würth Phoenix 52… more than software