Hackanalytics

What's

hotWhat's not

Cyberpunk Fairytale with Tips and Tricks

ByAlexey Kachalin

Advanced Monitoring

advancedmonitoring.ru @kchln

CreditsAdvanced Monitoring as The Team

Alexey Kachalin as Narrator

Shiny IT as High Tech

Security Struggle as Low Life

[AK@DeepSec 2013 Nov 21]$ story begin_

advancedmonitoring.ru @kchln

advancedmonitoring.ru @kchln

Security Struggle

advancedmonitoring.ru @kchln

Why Struggle? More Secure Less Secure

Insecurity

Incidents

ResponseIntroduce

Controls

System

Complexity

System

Evolution

Positive link

Negative link

Enforcing loop

???

Tool: System Diagrams

advancedmonitoring.ru @kchln

Wanna skip to Ninjas part?

1. Choose methodologyTechnology specific OWASPTask specific PTESDomain specific OSSTMMResult-oriented CSC

2. Scoping…n. Rock’n’Roll!

advancedmonitoring.ru @kchln

1 Security Ninja wasted. Continue [ y/N] _

Tool: Mindmap, brainstorm. Don’t read it all now – I made it for lols

advancedmonitoring.ru @kchln

Some Hack-o-sophy then?Creating stuff

Engineering view User view

Analytical thinkingCritical thinkingOut-of-box thinking

*Technical expertise is required anyway

advancedmonitoring.ru @kchln

When are you? Understand Their protocolsEnterprise runs hundreds of projects

and processes when you happen’… not going to stop

Plan – Identify & AnalyzeDo- Develop SolutionCheck- …and Improve SolutionAct – Implement Solution

You better know Their context

Tool: Deming cycle and whatever follows PMBOK, TIL, ISO9000

advancedmonitoring.ru @kchln

Pareto-zation. The benefit of hindsight

Proves to be correct over and over

Rarely used in planning

80%

$$$

20%

effort

Log don’t memorize

Work out logs and use in planning

Why?

No Data

Tool: Pareto, Knapsack problem

advancedmonitoring.ru @kchln

Suggest Project/Teamwork Strategy

Waterfall – stages, WBS

Agile conceptTime-limited iterationsTeam work on componentTasks not assigned – takenScope change toleranceCustomer awareness

Tool: WBS, T-Shirt estimate, Burndown

advancedmonitoring.ru @kchln

Broken communication – any project’s issue

Phone call – I’ll call you backE-mail – ignored, maybe in spam?Checklist – too big – please e-mailInterview –please send checklistDiscussion – I will do my way

AaaRghh!!!

advancedmonitoring.ru @kchln

Communicating in and out tricks

Fight fears Appreciative Inquiry (5Ds)

Too sweet? Criticize!Constructive Controversy

Explore causes5 Whys

Overcome egosSix Hats

Tool: Communications scenarios. It’s not always the same

advancedmonitoring.ru @kchln

“Fairytale” Editor’s cut includes section

Other Extremely Effective Communication tips

advancedmonitoring.ru @kchln

Skimming documentation

Don’t read or rewrite or annotate

Review and analyze

Structure - what’s there, not thereAny logic in bundle?Check consistency

How up-to-date documents are?

Authors available for comments?Tool: Structure schemes, Sequence Diagrams

advancedmonitoring.ru @kchln

Organize Chaos

Track and Log *List *

List of received documentsList of created documents for the project

UID * – use ID’s across artifactsID’s used by customer are inconsistent… oftenTranslation tablesID!=UID IP is not UID, MAC -?

Don’t stop hallway through: Brainstorm Mindmap? Actions!

Tool: Affinity Diagram & workflow

advancedmonitoring.ru @kchln

Almost there? Report.Create

Outline first – don’t generate texts

List items and give Definitions

Structure and facts

Width/Depth Switching prototypingGet approval/correctionsGet clarification

Tool: Outline & Example first, WDS Prototype (am)

advancedmonitoring.ru @kchln

Avoid extremes

Data and trends Visualization

Obvious Preconceived

Simple Complicated

Boring Fancy

Report Texts

Full description Screenshots/logs only

Boasting vulns Hug problems

Hack Slang Baby talk

Demonstrate. Communicate. Avoid counterintuitive forms

ex.#1

ex.#2

advancedmonitoring.ru @kchln

Don’t

restrict

ideas by

sticking to

standard

forms

but

do not

neglect

them ?

Tool: Standard vis tools in excel/calc etc. RTFM please!

advancedmonitoring.ru @kchln

Simple standard things. Use them right!

ex.#1ex.#2

Tool: Piecharts

advancedmonitoring.ru @kchln

Tool: No idea. shrooms??

Even if You can explain it – it’s too much

advancedmonitoring.ru @kchln

Tool: Visualization Taxonomy (give it a look here)

advancedmonitoring.ru @kchln

Powerful complex general tools for fast

analysis and check ideas. Don’t over engineer

Tool: Grid analysis (services up/vulns found excel by am)

advancedmonitoring.ru @kchln

Got idea? Prototype. Don’t over engineer

Tool: treemap (for services vis by am)

advancedmonitoring.ru @kchln

Report.Automate – Build your System

Store Data (received/generated)Human readable Machine readableItemized (lists)Well named

ActionableEdit, Snippets takingsFilters, Sorting

Manage and service

advancedmonitoring.ru @kchln

Report.Repeat – They think they are all the same?

No!

Look!!

Theyaresooodifferent

Rep q2

Rep q1

Rep q3

Rep q4

advancedmonitoring.ru @kchln

Hurling results to “Them”Pitches that should’ve made it but could as well fail

SQLi up to RCE for any registered userAny scary words like XSSDatabase vulnerability leads to full compromise Critical vulnerability in AAA config

Doh! You’re gonna get hacked soon

advancedmonitoring.ru @kchln

Master “Their” language

SWOTValue chain

7S, McKinsey’sDecision Trees

Comparison analysisImpact (Organization) analysis

CurrentState

Desired new

State

Bridge

Tool: MindTools.com for reference

That’s all, folks!Summary

Philosophy and high-level concepts

Planning and management

Report crafting

Communication tweaks

Visualization demystified

Organize chaos and keep tracking

Craft tools and build Your own System

Interpret results for presentation

advancedmonitoring.ru @kchln

Advanced Monitoring

OpSec/R&D/Forensics/Trainings

IT Security R&D Cooperation WorldwideRussia – Europe - Americas – Asia

Alexey Kachalin, COOkachalin@advancedmonitoring.ru

@kchln