Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber security is from movies and web series

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige

Hier ansehen

1 von 40 Anzeige

Weitere Verwandte Inhalte

Weitere von AgileNetwork (20)

Aktuellste (20)

Anzeige

Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber security is from movies and web series

  1. 1. Everything there is to know about cyber security is from movies and web series SHYAM SUNDAR RAMASWAMI SR. STAFF CYBER SECURITY ARCHITECT, CYBER LABS – GE HEALTHCARE
  2. 2. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential  Lead Security Researcher  Threat and Malware Hunter  #ambatman Who am I? Sr.Staff Cyber Security Architect Threat and Malware Hunter #ambatman
  3. 3. Can you identify the issues in this unattended desk?
  4. 4. COVID 19 based cyber attacks region wise
  5. 5. COVID OutBreak HeatMaps Dashboards Covid -19 Trackers
  6. 6. Real World Scenes  Threat actors often use the latest world events  COVID 19 was popular
  7. 7. Typo Squatting Domains  wuhan  clinics  lab  tests  selftestkit  purchase kits  helpline
  8. 8. The DNS traffic for Typo Squatted Domain
  9. 9. Command and Control Servers
  10. 10. How does this work ?  Image Source: DNSFilter
  11. 11. Lean Principles
  12. 12. Web Application attacks  OWASP Top 10  Injection Attacks  Permission based attacks  Forms and Fields  Application based attacks
  13. 13. Types of XSS Stored XSS Reflected XSS DOM Based attacks
  14. 14. How it works ?
  15. 15. Preventing XSS  Filters  Encoding  Verify inputs  CORS
  16. 16. Secure coding the AGILE Way ? Establish a norm Failing securely Separation duties Fixing issues Time bound Ownership Mitigations Minimize blast radius
  17. 17. Quantifying Cyber attack risks using Six Sigma?  Cyber Risk Quantification (CRQ)  Technical Nature of product -> Risks - > Impacts  Mitigating Risks  Quantify risks
  18. 18. Threat models
  19. 19. Best practices for Threat model
  20. 20. How can we do this in a week?  Two hours a day  Be an expert of your product  Implement learning on your product  Understand nuts and bolts of a product  Be a security champion
  21. 21. Lean and Research TIMELINES EASIER RISK MITIGATIONS THE 3 OUTCOMES ( IT’S ME, LISTEN TO THIS ! ) DELIVERABLES
  22. 22. AGILE BASED RESEARCH LEADS TO ...  Blog Series or post  Conference talk  Patent or defensive publication  There is nothing called as FAILED RESEARCH !
  23. 23. What is APT ? ATTACK CAMPAIGN IN WHICH INTRUDER OR TEAM SITS LONG TERM IN A NETWORK GETS SENSITIVE DATA TARGETS ARE CAREFULLY CHOSEN
  24. 24. More about APT APT is super covert Nation state actors Financial gain Political espionage
  25. 25. How does it happen ?  1. Scan the target  2. Intelligence gathering  3. Lateral movement by taking down one computer  4. Back door installation or exploiting a flaw
  26. 26. Bronze Mohawk APT Steganography domain typosquatting multi-hop proxies Protocol Tunnelling Archive, encrypt, and stage collected data locally and remotely for exfiltration C2 channel
  27. 27. Infrastructure
  28. 28. Lean Cyber security Cycle
  29. 29. What can you do to become the ultimate cyber security guy ?  Don’t learn cyber security to apply to any product  Acquire product knowledge and then apply cyber security kills  Build Threat models  Spend 2 hrs a day to try out the skills learnt  5-8 learning hours a week will get you there
  30. 30. Thank you

×