Soumettre la recherche
Mettre en ligne
Lessons from a Red Team Exercise
•
Télécharger en tant que PPTX, PDF
•
3 j'aime
•
793 vues
Peter Wood
Suivre
Lessons from a Red Team Exercise - A Simulated Criminal Attack
Lire moins
Lire la suite
Internet
Signaler
Partager
Signaler
Partager
1 sur 22
Télécharger maintenant
Recommandé
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
Jorge Orchilles
Threat Hunting with Splunk
Threat Hunting with Splunk
Splunk
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
BGA Cyber Security
Red Team Framework
Red Team Framework
👀 Joe Gray
Info Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
Marcelo Silva
Threat Hunting
Threat Hunting
Splunk
MITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
Recommandé
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
Jorge Orchilles
Threat Hunting with Splunk
Threat Hunting with Splunk
Splunk
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
BGA Cyber Security
Red Team Framework
Red Team Framework
👀 Joe Gray
Info Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
Marcelo Silva
Threat Hunting
Threat Hunting
Splunk
MITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
Introduction to red team operations
Introduction to red team operations
Sunny Neo
Threat Hunting Report
Threat Hunting Report
Morane Decriem
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Joe Vest
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
Gurvinder Singh, CISSP, CISA, ITIL v3
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
MITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
IBM Qradar & resilient
IBM Qradar & resilient
Prime Infoserv
Fortinet sandboxing
Fortinet sandboxing
Nick Straughan
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
Cyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]
RootedCON
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)
Eduardo Arriols Nuñez
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
clevernetsystemsgeneva
Oscp preparation
Oscp preparation
Manich Koomsusi
Final Report Presentation Team Red O
Final Report Presentation Team Red O
Xu Bim
Code Red Security
Code Red Security
Amr Ali
Contenu connexe
Tendances
Introduction to red team operations
Introduction to red team operations
Sunny Neo
Threat Hunting Report
Threat Hunting Report
Morane Decriem
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Joe Vest
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
Gurvinder Singh, CISSP, CISA, ITIL v3
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
MITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
IBM Qradar & resilient
IBM Qradar & resilient
Prime Infoserv
Fortinet sandboxing
Fortinet sandboxing
Nick Straughan
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
Cyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]
RootedCON
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)
Eduardo Arriols Nuñez
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
clevernetsystemsgeneva
Oscp preparation
Oscp preparation
Manich Koomsusi
Tendances
(20)
Introduction to red team operations
Introduction to red team operations
Threat Hunting Report
Threat Hunting Report
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
MITRE ATT&CK Framework
MITRE ATT&CK Framework
IBM Qradar & resilient
IBM Qradar & resilient
Fortinet sandboxing
Fortinet sandboxing
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Cyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Carlos García - Pentesting Active Directory Forests [rooted2019]
Carlos García - Pentesting Active Directory Forests [rooted2019]
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
Oscp preparation
Oscp preparation
En vedette
Final Report Presentation Team Red O
Final Report Presentation Team Red O
Xu Bim
Code Red Security
Code Red Security
Amr Ali
DKapellmann_Security Compliance Models
DKapellmann_Security Compliance Models
Daniel Kapellmann Zafra
Risk Management Frameworks
Risk Management Frameworks
Daniel Kapellmann Zafra
Red teaming in the cloud
Red teaming in the cloud
Peter Wood
All your files now belong to us
All your files now belong to us
Peter Wood
Network security, seriously?
Network security, seriously?
Peter Wood
Fixing the broken Red Team
Fixing the broken Red Team
David Warley
Welcome to Strategic Red Team Consulting
Welcome to Strategic Red Team Consulting
Fred Aubin, CD MCGI
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
Peter Wood
Strategic Red Team Consulting - Company Intro - Jan 2014
Strategic Red Team Consulting - Company Intro - Jan 2014
Fred Aubin, CD MCGI
ISACA UW Handbook 2016
ISACA UW Handbook 2016
Daniel Kapellmann Zafra
Pentesting
Pentesting
Henrik Jacobsen
mimikatz @ asfws
mimikatz @ asfws
Benjamin Delpy
Pentesting with Metasploit
Pentesting with Metasploit
Prakashchand Suthar
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Hykeos
Strategic Red Team Consulting - Introduction to Business Wargaming
Strategic Red Team Consulting - Introduction to Business Wargaming
Fred Aubin, CD MCGI
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Rob Fuller
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at you
Rob Fuller
En vedette
(19)
Final Report Presentation Team Red O
Final Report Presentation Team Red O
Code Red Security
Code Red Security
DKapellmann_Security Compliance Models
DKapellmann_Security Compliance Models
Risk Management Frameworks
Risk Management Frameworks
Red teaming in the cloud
Red teaming in the cloud
All your files now belong to us
All your files now belong to us
Network security, seriously?
Network security, seriously?
Fixing the broken Red Team
Fixing the broken Red Team
Welcome to Strategic Red Team Consulting
Welcome to Strategic Red Team Consulting
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
Strategic Red Team Consulting - Company Intro - Jan 2014
Strategic Red Team Consulting - Company Intro - Jan 2014
ISACA UW Handbook 2016
ISACA UW Handbook 2016
Pentesting
Pentesting
mimikatz @ asfws
mimikatz @ asfws
Pentesting with Metasploit
Pentesting with Metasploit
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Strategic Red Team Consulting - Introduction to Business Wargaming
Strategic Red Team Consulting - Introduction to Business Wargaming
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at you
Similaire à Lessons from a Red Team Exercise
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Peter Wood
Information Security and Corporate Risk
Information Security and Corporate Risk
AgilOne
Teaching Your Staff About Phishing
Teaching Your Staff About Phishing
Legal Services National Technology Assistance Project (LSNTAP)
Sheet1WeaknessViolates a policy or procedureThreatWhat is th.docx
Sheet1WeaknessViolates a policy or procedureThreatWhat is th.docx
bjohn46
Cyber Security Seminar
Cyber Security Seminar
Jeremy Quadri
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
Hokme
Mpho Allen Maluleke
Mpho Allen Maluleke
mpho allen
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
IT Governance Ltd
FreeSBC - Getting Started
FreeSBC - Getting Started
Alan Percy
Danger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not Secure
TechWell
The Bug Sweepers TSCM Guide
The Bug Sweepers TSCM Guide
Charles Carter MBA AIPA
FreeSBC - Getting Started
FreeSBC - Getting Started
TelcoBridges Inc.
Case Study 1 Questions1. What is the allocated budget .docx
Case Study 1 Questions1. What is the allocated budget .docx
TatianaMajor22
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
Net at Work
2014 ota databreach3
2014 ota databreach3
Meg Weber
How to assess your it needs and implement technology at your nonprofit
How to assess your it needs and implement technology at your nonprofit
TechSoup Canada
Jeff bianco
Jeff bianco
Lviv Startup Club
ITE v5.0 - Chapter 11
ITE v5.0 - Chapter 11
Irsandi Hasan
Attacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
Why should you do a pentest?
Why should you do a pentest?
Abraham Aranguren
Similaire à Lessons from a Red Team Exercise
(20)
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Information Security and Corporate Risk
Information Security and Corporate Risk
Teaching Your Staff About Phishing
Teaching Your Staff About Phishing
Sheet1WeaknessViolates a policy or procedureThreatWhat is th.docx
Sheet1WeaknessViolates a policy or procedureThreatWhat is th.docx
Cyber Security Seminar
Cyber Security Seminar
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
Mpho Allen Maluleke
Mpho Allen Maluleke
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
FreeSBC - Getting Started
FreeSBC - Getting Started
Danger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not Secure
The Bug Sweepers TSCM Guide
The Bug Sweepers TSCM Guide
FreeSBC - Getting Started
FreeSBC - Getting Started
Case Study 1 Questions1. What is the allocated budget .docx
Case Study 1 Questions1. What is the allocated budget .docx
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
2014 ota databreach3
2014 ota databreach3
How to assess your it needs and implement technology at your nonprofit
How to assess your it needs and implement technology at your nonprofit
Jeff bianco
Jeff bianco
ITE v5.0 - Chapter 11
ITE v5.0 - Chapter 11
Attacking the cloud with social engineering
Attacking the cloud with social engineering
Why should you do a pentest?
Why should you do a pentest?
Plus de Peter Wood
Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
Peter Wood
The future of cloud security
The future of cloud security
Peter Wood
The 2018 Threatscape
The 2018 Threatscape
Peter Wood
Introduction to Cyber Resilience
Introduction to Cyber Resilience
Peter Wood
Network Security - Real and Present Dangers
Network Security - Real and Present Dangers
Peter Wood
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
Advanced threat protection and big data
Advanced threat protection and big data
Peter Wood
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Peter Wood
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
Peter Wood
Prime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
Peter Wood
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Peter Wood
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
Peter Wood
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
Peter Wood
Top Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
Peter Wood
The Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
Security in a Virtualised Environment
Security in a Virtualised Environment
Peter Wood
The Corporate Web Security Landscape
The Corporate Web Security Landscape
Peter Wood
The Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a Hacker
Peter Wood
Security Testing in an Age of Austerity
Security Testing in an Age of Austerity
Peter Wood
Plus de Peter Wood
(20)
Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
The future of cloud security
The future of cloud security
The 2018 Threatscape
The 2018 Threatscape
Introduction to Cyber Resilience
Introduction to Cyber Resilience
Network Security - Real and Present Dangers
Network Security - Real and Present Dangers
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Advanced threat protection and big data
Advanced threat protection and big data
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
Prime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
Top Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
The Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Security in a Virtualised Environment
Security in a Virtualised Environment
The Corporate Web Security Landscape
The Corporate Web Security Landscape
The Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a Hacker
Security Testing in an Age of Austerity
Security Testing in an Age of Austerity
Dernier
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
sexy call girls service in goa
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
kojalkojal131
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
SofiyaSharma5
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
aditipandeya
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
shivangimorya083
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
dollysharma2066
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
sonatiwari757
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
stephieert
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
soniya singh
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Damian Radcliffe
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Dernier
(20)
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Lessons from a Red Team Exercise
1.
Peter Wood Chief Executive
Officer First Base Technologies LLP A Simulated Criminal Attack Lessons from a Red Team Exercise
2.
Slide 2 ©
First Base Technologies 2015 Founder and CEO - First Base Technologies LLP • Engineer, IT and information security professional since 1969 • Fellow of the BCS, the Chartered Institute for IT • Chartered IT Professional • CISSP • Senior Member of the Information Systems Security Association (ISSA) • 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group • Member of the Institute of Information Security Professionals • Member of the BCS Information Risk Management and Assurance Group • Chair of white-hats.co.uk • UK Programme Chair for the Corporate Executive Programme • Member of ACM, IEEE, First Forensic Forum (F3), Institute of Directors • Member of Mensa Peter Wood
3.
Slide 3 ©
First Base Technologies 2015
4.
Slide 4 ©
First Base Technologies 2015 How an Advanced Attack Works
5.
Slide 5 ©
First Base Technologies 2015 Threat analysis for testing http://csrc.nist.gov/cyberframework/rfi_comments/040813_cba_part2.pdf
6.
Slide 6 ©
First Base Technologies 2015 Lessons from a red team exercise “The story you are about to hear is true; only the names have been changed to protect the innocent vulnerable.”
7.
Slide 7 ©
First Base Technologies 2015 Our attack timeline
8.
Slide 8 ©
First Base Technologies 2015 Remote information gathering • 15 premises in UK, reviewed on Google maps and street view • 4 registered domains • 5 IP address ranges • 72 Internet-facing hosts • Metadata retrieved for Adobe, Office and QuarkExpress • Scan revealed OWA in use • Internet search for relevant email addresses • LinkedIn searches to construct email addresses for employees • 400 email addresses identified • ‘Interesting’ staff names and job titles from LinkedIn • Emails sent to obtain responding email style and layout
9.
Slide 9 ©
First Base Technologies 2015 On-site reconnaissance • Head office: - Perimeter guards and external CCTV - Main reception manned and controlled - Goods entrance well controlled - No other access - Staff ID card design noted - Results used to plan on-site attack 2 • Branch office: - High street premises, no guarding - Small reception, one receptionist - Door intercom - Multi-tenanted building - Results used to plan on-site attack 1
10.
Slide 10 ©
First Base Technologies 2015 Results of info gathering 1. Spear phishing is viable and can be used for theft of credentials 2. Head office will require legitimate appointment to gain physical access 3. Branch office may be vulnerable to ad hoc visitor with remote backup 4. Significant number of other premises available as fallback 5. Windows and Office in use, so typical network vulnerabilities will apply
11.
Slide 11 ©
First Base Technologies 2015 Spear phishing plan 1. Convincing fake domain name available and purchased 2. OWA site cloned onto fake domain for credential theft 3. Large number of email addresses harvested as targets 4. Design of real emails copied to facilitate spear phishing 5. Names and job titles gathered as fake senders 6. Genuine OWA will be used to test stolen credentials (and gather further info) 7. Credentials will be deployed in first on-site attack
12.
Slide 12 ©
First Base Technologies 2015 Spear phishing exercise 1. Email sent from IT manager, using fake domain address 2. OWA cloned on to tester’s laptop, DNS set accordingly 3. Email sent to three groups of 100 recipients 4. Within a few minutes, 41 recipients entered credentials 5. Credentials tested on legitimate OWA site 6. Significant information gathered from each account 7. Further emails can now be sent from legitimate addresses
13.
Slide 13 ©
First Base Technologies 2015 Branch office attack plan 1. Team member “Harry” to pose as a contractor working for a telecomms firm 2. Clothing and ID badge prepared 3. Works order fabricated 4. Engineering toolkit prepared, including laptop 5. Credentials obtained from spear phishing stored on laptop 6. Other team members on landline phones for remote verification
14.
Slide 14 ©
First Base Technologies 2015 Branch office attack exercise (1) 1. Harry arrives and tells receptionist he needs to fix a network fault 2. Receptionist asks for a contact name for verification 3. Harry claims not to know and gives receptionist his works order number and a phone number to get details 4. Receptionist calls and speaks to George who gives the name of an IT employee (who we know is ‘out of office’) 5. Receptionist cannot make contact with absent IT employee, so tells Harry to call their IT Manager to resolve the problem 6. Harry calls Charlie and asks him to impersonate the IT Manager 7. Charlie (impersonating the IT Manager) calls receptionist and tells them to give Harry access
15.
Slide 15 ©
First Base Technologies 2015 Branch office attack exercise (2) 9. Harry is escorted into the office and given a desk and a network point 10.He is left unsupervised and plugs his laptop in to the network 11.He explores the network and identifies several Windows servers 12.He authenticates to a domain controller using credentials obtained during the phishing exercise 13.He explores various servers and identifies many interesting files 14.He plants several files to demonstrate full read-write access 15.He explains that he has run diagnostics and that the network connection seems ok. He is escorted to reception and signs out
16.
Slide 16 ©
First Base Technologies 2015 Head office attack plan (1) A number of scenarios were considered: • Apply for a job vacancy with a suitable fake CV • Courier delivery of a parcel • Research and interview for newspaper or publication • Discussion about a school tour of premises • Tour of premises as a prospective customer Two alternatives were selected and developed: • Tour of premises as a prospective customer for a specific product • Interview for a charity magazine about corporate fund raising
17.
Slide 17 ©
First Base Technologies 2015 Head office attack plan (2) Relevant domain names were obtained, email addresses and web pages created for both fake organisations. 1. Tour of premises as a prospective customer for a specific product: - “Anne” sent an email via the company’s online form - An exchange of emails occurred over the next few days and she obtained permission, as a new customer, to book a tour of the premises 2. Interview for a charity magazine about corporate fund raising: - “Anne” called the company and spoke to head of fund raising team - Press office called Anne and asked for more details - Background research proved convincing and pretext was accepted - Interview booked at head office Option 2 entailed less risk of exposure, so was attempted first.
18.
Slide 18 ©
First Base Technologies 2015 Head office attack exercise 1. Anne and George arrive for the press interview, are given visitor passes and escorted to a meeting room 2. George asks to use the bathroom and is given directions 3. A senior employee joins the meeting and asks further questions to validate their story, which are answered satisfactorily 4. George returns from the bathroom, but quickly exits the meeting again leaving a pack of diarrhoea medicine on the table 5. During his ‘bathroom visit’ George is able to access unattended lab computers, simulate installing keyloggers and remote control software and copying files on to a USB drive 6. When the interview concludes, Anne and George are escorted from the building
19.
Slide 19 ©
First Base Technologies 2015
20.
Slide 20 ©
First Base Technologies 2015 Lessons 1. No checks on social networking using work email addresses 2. No sanitisation of metadata in published documents 3. Insufficient staff training on spear phishing 4. Inadequate visitor validation at branch office 5. Unsupervised visitor at branch office 6. Unsupervised visitor at head office (bathroom break) 7. Unlocked, unattended laboratories and unlocked computers 8. No challenging of unescorted visitors 9. Sensitive information protected only by Windows credentials
21.
Slide 21 ©
First Base Technologies 2015 Red Team Testing • Use your threat analysis to pick a realistic attack scenario • Use your asset register to identify realistic targets • Engage a red team exercise to simulate a real attack • Check your preventative and detective controls! • Learn, improve, repeat!
22.
Slide 22 ©
First Base Technologies 2015 Peter Wood Chief Executive Officer First Base Technologies LLP peter@firstbase.co.uk http://firstbase.co.uk twitter: @peterwoodx Need more information?
Télécharger maintenant