This presentation was given at the CIISF Conference - "Cyber threat to opportunity: protecting your business in a changing world" held in jersey on 30th May 2014
2. About me
● Co Founder of the CIISF
Practical CyberDefense
● Employed as an Ethical Security
Consultant @ Logicalis Jersey
● Practice Offensive & Defensive Security for
businesses at all verticals
3. Agenda
● Concepts I and II
Practical CyberDefense
● Stages 1-5 of a practical Cyber Defense
with more demo's
● Resources
Questions at the end please
● Reverse & Bind Shells Demo
4. Concepts I
“Attackers have
months to prepare,
defenders have
minutes to react”
Practical CyberDefense
“This is not a security
control !!!!”
vs
5. Concepts II
“Security is a journey”
Practical CyberDefense
“What are the bad guys
trying to achieve?
10. Reconnaisance - Mitigation
Practical CyberDefense
● Undertake reconnaisance to find public
information
● Mitigate risk by takedown and creating contray
information
● Test your defenses and train your users
12. Stage 3 – Understanding AV
Is AV really protecting us - the case for and
against
Practical CyberDefense
13. Stage 3 – AV Bypass
Demo - The case against
Practical CyberDefense
14. Stage 3 – The case for
We still need AV to protect us !
Practical CyberDefense
15. Stage 4 – Think outside the box
● Databases – They are the end game
Practical CyberDefense
● Web applications – Owasp Top 10
● UC Communications – TDos / Toll Fraud
● Data Encryption – Laptops / Desktops / Databases
16. Stage 5 – It's not if but when
SIEM – Security, Information& Event Monitoring
Practical CyberDefense