2. net-square INTUIT #Hacktober2015
About Me
@therealsaumil
saumilshah
hacker, trainer, speaker,
author, photographer
educating, entertaining and
exasperating audiences
since 1999
Saumil Shah
CEO, Net-Square
10. net-square INTUIT #Hacktober2015
It was different 12 years ago!
Individual effort.
1 week dev time.
3-6 months shelf life.
Hundreds of public
domain exploits.
"We did it for the
fame. lols."
11. net-square INTUIT #Hacktober2015
Today...
Team effort.
2-12 month dev time.
24h to 10d shelf life.
Public domain
exploits nearly zero.
Cost,value of exploits
has significantly risen.
WEAPONIZATION.
12. net-square INTUIT #Hacktober2015
Haroon Meer
"For a few hundred K,
could you put together
a team that would
break-in just about
anywhere?"
CCDCOE Conference on
Cyber Conflict - 2010
24. net-square INTUIT #Hacktober2015
The more sophisticated the technology,
the more vulnerable it is to primitive attack.
People often overlook the obvious.
Doctor Who, "Pirate Planet"
XKCD 358 "Security"
35. net-square INTUIT #Hacktober2015
UNREALISTIC TESTING SCENARIOS
- Wait for new version release.
- Don't test on production.
- Don't perform intrusive testing.
- X is out of scope.
- Test during off-peak hours.
40. net-square INTUIT #Hacktober2015
"The Universe
tells you
everything you
need to know
about it as long
as you are
prepared to
watch, to listen,
to smell, in short
to OBSERVE."
43. net-square INTUIT #Hacktober2015
Collect EVERYTHING!
Can't Measure? Can't Use.
DevOps Model – AGILE.
Testing independent of releases.
Test like an attacker – RED TEAM.
Know your users.
EDUCATE your users.
Look for anomalies – Booby traps.
Analysis decide Actions.