are you vulnerable - j thompson

7/27/2019 Are You Vulnerable - J Thompson

1/25

Are You Vulnerable?The Tiger Team Approach


2/25

Purpose and Scope

To present a best practice approach tosecuring your company

To present real life examples of

vulnerability assessment successes

2


3/25

Legal Disclaimer

Dont try this at home Get written permission before trying any of

these techniques

The main difference between a tiger team anda burglar is permission

3


4/25

Juggling Tasks

Physical

Privacy

Cyber

RegularWork

Not Secure Too Secure


5/25

Adversary Theft Path

5Design and Evaluation of Physical Security Systems Published by Butterworth-

Heinemann


6/25

Deter Detect - Delay

Lock, Light & Limit Access

View from bad guys perspective

6


7/25

What needs to be protected?

Laptop = $1000 SSN numbers - $2 each

Breach notification - $18 - $209 per identity

Bot herders can make $50k per month Copper - $3.20 /lb

7


8/25

Who are the bad guys?

Insiders Former or disgruntled employees

Click happy employees

Outsiders Thieves

Extremists / Terrorists

Hackers

Meth Heads

8


9/25

Discovery Google hacking

Password site:yoursite.com Filetype:doc site:yoursite.com classified

Google Street View

9


10/25

Physical Security

10

Locks keep honest people honest

Lock videos on the Internet

http://www.youtube.com/whitehat1969

Video
http://localhost/var/www/apps/conversion/tmp/scratch_3/Locks%20on%20the%20Internet.avihttp://www.youtube.com/whitehat1969http://www.youtube.com/whitehat1969http://localhost/var/www/apps/conversion/tmp/scratch_3/Locks%20on%20the%20Internet.avihttp://localhost/var/www/apps/conversion/tmp/scratch_3/Locks%20on%20the%20Internet.avihttp://www.youtube.com/whitehat1969http://www.youtube.com/whitehat1969http://localhost/var/www/apps/conversion/tmp/scratch_3/Locks%20on%20the%20Internet.avi


11/25

Tools of the Trade


12/25

Dumpster Diving

12


13/25

Techniques

Social engineering Social networking

Lock by-passing

Thumb drive sprinkle Dumpster diving

Tailgating

Out of office message

Black box

13


14/25

Once Im In

Unlocked PCs & cabinets Unused network jacks

Keyloggers

14


15/2515

Step 0: Attacker Places Content onTrusted Site

Client-Side Exploitation Example


16/2516

Step 1: Client-Side Exploitation



17/2517

Step 2: Establish Reverse Shell BackdoorUsing HTTPS



18/25

18

Step 3 & 4: Dump Hashes and Use Pass-the-Hash Attack to Pivot



19/25

19

Step 5: Pass the Hash to CompromiseDomain Controller


www.sans.org/top-cyber-security-risks/#summary


20/25

An Ounce of Prevention


21/25

21

Passwords

Password Cracking Identify weak or default passwords

Verify the use of complex passwords

Characters(complex) Estimatedtime to crack

7 6 minutes

8 2.34 hours14 9 hours

15 209 days


22/25

22

Pick The Best Password

password

Summer13

P@swordCompl3xjuggle13 google


23/25

Q&A

23

JT
http://whitehat1969.googlepages.com/videos


24/25

24

Insider Threat

60 percent of ex-employees leave with insiderinformation

Enforce termination procedures

Limit access to those who need it

View your network from an insiders perspective Video: Lock your PC

How many of your employees will click on an

email I send them?

http://www.thetechherald.com/article.php/200909/3019/Almost-sixty-percent-of-ex-employees-leave-jobs-with-insider-information
http://localhost/var/www/apps/conversion/tmp/scratch_3/Lock-Your-PC.avihttp://localhost/var/www/apps/conversion/tmp/scratch_3/Lock-Your-PC.avi


25/25

Tiger Team

25

www.youtube.com/whitehat1969

Video
http://www.youtube.com/whitehat1969http://www.youtube.com/whitehat1969http://localhost/var/www/apps/conversion/tmp/scratch_3/Tiger_Team.avihttp://localhost/var/www/apps/conversion/tmp/scratch_3/Tiger_Team.avihttp://www.youtube.com/whitehat1969http://www.youtube.com/whitehat1969

are you vulnerable - j thompson

Documents