SlideShare a Scribd company logo

Cybersecurity200

Download as PPTX, PDF
B
Brent Harrell

This presentation was developed for a non-technical audience based on dinner-table conversations. It is designed to cover personal cybersecurity topics that don't typically get addressed in annual corporate training and some of the technical details behind those topics. Note: Because of the audience, some of the topics require additional technical discussions and/or caveats to be fully understood. These have been abstracted to keep it at a manageable level.

Technology
1 of 27
This presentation is meant to be viewed in Powerpoint Slide Show mode for full effect of animation. It was designed for a non-technical audience to provide personal security measures that don’t always get covered in corporate training and an introduction to the technical components behind the advice. Some of the concepts are presented at a high and/or abstracted level and would require additional technical information/caveats to most accurately explain. © Brent Harrell, 2020
Cybersecurity 200 Beyond the Cyber Awareness Challenge No, Tina, I don’t want to download your pirated music © Brent Harrell, 2020
root@localhost:~$ pwd Introduction root@localhost:~$ [+] Brent Harrell OSCP | CISSP [-] System Security Engineer #################################################################################################### whoami root@localhost:~$ [+] Technology is crucial but has its dangers [-] How do we avoid getting pwned when we need or want to use the technology? [-] What the heck is a cookie and can hackers eat them? why are we here [+] More than your typical Cyber Awareness Challenge (hopefully) [-] We are going to nerd out a bit on technical details [-] Spot bogus advertisements capitalizing on fear © Brent Harrell, 2020
root@localhost:~$ pwd Objectives root@localhost:~$ [+] Core Topics [-] What is hacking really, encryption, definitions ... ls [+] Passwords [+] Web Attacks [+] Social Media [+] Final Tips #################################################################################################### [+] Questions © Brent Harrell, 2020
root@localhost:~$ pwd Core Topics/Definitions root@localhost:~$ what is hacking && are movies real [+] Some movies get a few things right [-] Recommendations: War Games, The Imitation Game [+] Seeking to compromise digital services and components [-] Using systems/processes in unintended ways: Misconfigurations, logic flaws [+] In personal life: like surviving a bear attack [-] Just be [smarter] than the people around you [-] Typically not the target of advanced attacks unless you make yourself an easy target #################################################################################################### root@localhost:~$ clear [-] Attack vectors not limited to just technical realm © Brent Harrell, 2020
root@localhost:~$ [+] Confidentiality [-] Ensuring data is only accessed by those with need to know [!] How it applies to you: whatever you don’t want to be public cat CIA.txt root@localhost:~$ pwd Core Topics/Definitions #################################################################################################### [+] Integrity [-] Ensuring data is not modified by unauthorized users [!] How it applies to you: emails, file downloads, etc. [+] Availability [-] Ensuring data is accessible when needed [!] How it applies to you: avoiding ransomware, failed hard drives root@localhost:~$ clear © Brent Harrell, 2020
root@localhost:~$ [+] 0-Day: a new, unpatched vulnerability cat badness.txt root@localhost:~$ pwd Core Topics/Definitions #################################################################################################### [+] Malware [+] For more easy-to-digest definitions: [-] https://www.malwarebyes.com/cybersecurity Virus Inserts itself into other programs, user interaction to spread Type Definition Worm Self-propagating Trojan Harmful software disguised as legitimate software Ransomware Blocks access/discloses data unless paid to remove ------ --------------- © Brent Harrell, 2020
root@localhost:~$ show Cryptography root@localhost:~$ clear root@localhost:~$ pwd Core Topics/Cryptography #################################################################################################### © Brent Harrell, 2020
root@localhost:~$ [+] Obscuring data in a reversible way [Confidentiality] [-] Like a Rubik’s cube – If you jumble it up, you can repeat your steps in reverse to get it back to normal cat Encryption_Definition.txt root@localhost:~$ pwd Core Topics/Cryptography #################################################################################################### root@localhost:~$ [+] Symmetric: a shared secret between parties [-] Fast. Predominant type for encryption of data on a disk, in transit cat Encryption_Types.txt [-] HTTPS, File Encryption [+] Asymmetric: related, but separate, keys [-] Very slow, used for proving identities, integrity verification, and establishing a shared secret. Very important to keep private key private. [-] HTTPS, CAC root@localhost:~$ clear © Brent Harrell, 2020
root@localhost:~$ [+] A unidirectional algorithm (i.e. not reversible) that creates a unique value [digest] for each set of data put through it [Integrity] [-] Think of a meat grinder – you can’t get the cow back cat Hashing_Definitions.txt root@localhost:~$ pwd Core Topics/Cryptography #################################################################################################### [+] Salt: A value added to the data before hashing root@localhost:~$ cat Examples.txt [+] Passwords & Rainbow Tables [-] password  5f4dcc3b5aa765d61d8327deb882cf99 [+] Digital Signatures [-] passwordSALT  74836d1ccf6bfc3e7e625ba7438e85c3 [-] First hashes the data, then encrypts the message digest with the user’s private key. Proves integrity and authenticity © Brent Harrell, 2020
root@localhost:~$ [!] Use a different password for every site (min: email, financial) [-] This can be difficult, so use a password manager like KeePass or LastPass cat Advice.txt [!] Do not use words that have a connection to you (e.g. kid’s name) [-] Change your passwords (especially if you still use the one they have) [-] DO NOT engage with them, pay them, or click links [!] If a site allows it, use multi-factor authentication [-] “Factors” are something you … KNOW | HAVE | ARE | CAN DO [-] Authentication apps (e.g. Google Authenticator) are better than SMS or email if available root@localhost:~$ clear root@localhost:~$ pwd Passwords #################################################################################################### [!] If someone emails you and proves they know your password: © Brent Harrell, 2020
root@localhost:~$ [+] Which of these is most secure? [-] A) P@s$w0rd! B) fishfleetrealspider C) ZAQ!1qazXSW@2wsx D) Az9f!9 passwd test root@localhost:~$ pwd Passwords #################################################################################################### root@localhost:~$ clear root@localhost:~$ [+] Cracking is usually based on word lists, not random brute force [-] Programs can easily substitute @ for A, etc. and append numbers/symbols cat Why.txt [-] Patterns are easily guessable [!] Length is much more important than getting every character class [!] This does not mean don’t mix it up, just don’t mix it up predictably © Brent Harrell, 2020
root@localhost:~$ show Stats root@localhost:~$ pwd Passwords #################################################################################################### https://www.hivesystems.io/blog/are-your-passwords-in-the-green Big Asterisk  [+] remember from the prior slide: this does not tell the whole story. [+] “Password123!!” should take 2M years according to this, but it will be instant © Brent Harrell, 2020
root@localhost:~$ If you are receiving a service online for no monetary cost, you are not the customer You are the product cat WARNING.txt root@localhost:~$ clear root@localhost:~$ pwd Internet Browsing #################################################################################################### © Brent Harrell, 2020
root@localhost:~$ [!] Know that you’re the product [-] If it’s still worth it, then enjoy cat Social-Media_Advice.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### [!] Limit sharing and lock down who sees your stuff [-] Don’t fill in the fields they want you to [-] Wherever possible, limit access to only friends/connections [!] Lie on security questions [-] Stay consistent so you don’t confuse yourself [-] Be careful: some people have had the lies show up on credit-related questions. Limit to things like ‘first pet’ or ‘high school mascot’ root@localhost:~$ clear [-] Social media is a great way to get answers to security questions [-] If given the option, always write your own security question © Brent Harrell, 2020
root@localhost:~$ [!] Be careful when using smaller/off-brand sites cat General_Advice.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### [!] Close out of sensitive sessions (tabs) when done [-] Test: If you can return to the page and are logged in after closing the tab, you need to log out manually [!] Use security-related browser extensions [-] Firefox/Chrome: NoScript, uBlock Origin/Adblock Plus root@localhost:~$ clear [!] Resist the urge to find out which Disney princess you are (quizzes) [!] Use a VPN on public WiFi [!] Pay attention to warnings – don’t just click through them © Brent Harrell, 2020
root@localhost:~$ [+] What are they? [-] Delicious baked goods. Also, small files that contain information [-] Can store almost anything: a session ID, settings, how you got to the page cat Cookies.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### [+] Good and Bad [-] Good: Helps manage sessions so that you don’t need to log in every time you change pages on the website (e.g. going from the home page to your profile) [-] Good: Remembers settings and other configurations to make experiences smoother [-] Bad: Can be used to track your activity across sites (think custom ads) [-] Bad: Can end up taking up a lot of storage root@localhost:~$ clear © Brent Harrell, 2020
root@localhost:~$ show Cookie root@localhost:~$ pwd Internet Browsing #################################################################################################### root@localhost:~$ clear © Brent Harrell, 2020
root@localhost:~$ [+] Cross-Site Scripting (XSS) [-] When a site does not ‘sanitize’ the contents of user-controlled input, malicious users can insert scripts that users’ browsers will execute cat XSS.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### root@localhost:~$ show Stored_Example root@localhost:~$ clear BeEF © Brent Harrell, 2020
root@localhost:~$ [+] Cross Site Request Forgery (CSRF) [-] Scripts on a page only have access to the contents of cookies for that page [-] CSRF takes advantage of the browser storing other cookies to try to execute authenticated actions. NOTE: Requires security lapse on both sides cat CSRF.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### [+] Example: [-] You use Bank of Money for your banking. You log in to the site and it sets a session cookie so that you can navigate the website while logged in [-] You then open a new tab and navigate to http://iloveallthefurrypuppies.com which has a comment section [-] While great at loving puppies, they don’t filter the comments. A malicious user inserts a script that causes all visitors to try to execute a financial transaction at BoM. Because you’re still logged in, BoM sees the session cookie from your browser, thinks it’s a valid request, and executes it root@localhost:~$ clear © Brent Harrell, 2020
root@localhost:~$ [+] Most sites use encryption now, but it isn’t always needed [-] If you do not plan to enter/receive any sensitive data, not too worrisome [!] If you DO plan to enter/receive any sensitive data, always ensure it’s on an encrypted connection (HTTPS) and the certificate is valid cat Site_Encryption.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### root@localhost:~$ clear © Brent Harrell, 2020
root@localhost:~$ [+] Virtual Private Network [-] Cryptographic tunnel between two locations – a virtual means of creating a point to point link [-] Can allow remote computers access to internal networks (mainly corporate) What is a VPN root@localhost:~$ pwd Internet Browsing #################################################################################################### [-] Can be used to appear as a different IP and prevent Man-in-the-Middle attacks root@localhost:~$ ./Man-in-the-Middle root@localhost:~$ clear [+] When someone controls an element of the link, they can view and/or modify all traffic flowing through it [-] Examples: Airport or Hotel WiFi © Brent Harrell, 2020
root@localhost:~$ show Tunnel_Simplified root@localhost:~$ pwd Internet Browsing #################################################################################################### Request to Google Request to Google from MITM MITM Intercepts Client establishes tunnel with VPN provider, client sends request to Google (red), MITM only sees encrypted data (blue) VPN provider forwards original request to Google (red) Google establishes HTTPS tunnel with client (green) Tunnel from MITM Data exposed to MITM Tunnel to Google from MITM © Brent Harrell, 2020
root@localhost:~$ [!] Keep software and firmware up to date [-] Particularly: antivirus, browsers, router firmware, operating system more Tips.txt [!] Windows Defender has come a long way [-] Other free options: Avast, AVG, MalwareBytes, BitDefender [!] Don’t use Kaspersky [!] Avoid downloading anything cosmetic that you do not need [-] Themes (mobile or computer), browser add-ons, apps, etc. [-] Often user-generated and not vetted, perfect access vector for attacks root@localhost:~$ pwd Final Tips #################################################################################################### [?] Example: Windows theme caused the OS to divulge NTLM hashes - -More- -(33%) [Press space to continue, 'q' to quit.] © Brent Harrell, 2020
[!] Verify links in emails before clicking by hovering over them [!] If you know the URL (e.g. your bank), go directly instead of with the link root@localhost:~$ Final Tips #################################################################################################### [!] Use WPA2 (Personal/PSK/AES depending on device) for home wireless [!] WEP, WPA, and TKIP for WPA2 are deprecated and should not be used [!] Do not use WPS (WiFi Protected Setup) on devices like printers [!] Periodically back up your information to an external drive [!] Disabling SSID is not actually helpful [!] If you want to go deeper, separate IoT devices into a different VLAN - -More- -(66%) [Press space to continue, 'q' to quit.] © Brent Harrell, 2020
root@localhost:~$ Final Tips #################################################################################################### - -More- -(100%) [Press space to continue, 'q' to quit.] [!] Be diligent, but don’t be terrified [-] Basic ‘cyber hygiene’ is generally enough to keep you protected. Individuals typically aren’t targets until they make themselves one [!] Limit trust in external parties – all it takes is one mistake by a company (who are targets) for your data to go out the door [!] Question everything, especially things rooted in fear-based tactics [?] Example: APT31 McAfee phishing attack – ask “Why am I not getting this straight from McAfee’s site?” © Brent Harrell, 2020
root@localhost:~$ pwd What Am I About to Get Into #################################################################################################### Questions? © Brent Harrell, 2020

Recommended

Isd 1420
Isd 1420Isd 1420
Isd 1420Denny Hadiwibowo
 
On the Value of User Preferences in Search-Based Software Engineering:
On the Value of User Preferences in Search-Based Software Engineering: On the Value of User Preferences in Search-Based Software Engineering:
On the Value of User Preferences in Search-Based Software Engineering: CS, NcState
 
0097 introduccion-a-redes-y-a-tcpip-sobre-tecnologia-ethernet
0097 introduccion-a-redes-y-a-tcpip-sobre-tecnologia-ethernet0097 introduccion-a-redes-y-a-tcpip-sobre-tecnologia-ethernet
0097 introduccion-a-redes-y-a-tcpip-sobre-tecnologia-ethernetEdgar lamar
 
Andela.php
Andela.phpAndela.php
Andela.phpwahdan131213
 
1 copie
1 copie1 copie
1 copieHamza Kun
 
Five ten presentation
Five ten presentationFive ten presentation
Five ten presentationPedro Dinkhuysen
 
Manual practico ac_ls
Manual practico ac_lsManual practico ac_ls
Manual practico ac_lsGonzalo Aguayo Velez
 
Driver whiz serial_key_download
Driver whiz serial_key_downloadDriver whiz serial_key_download
Driver whiz serial_key_downloadDANIELFIVE
 

Recommended

Isd 1420
Isd 1420Isd 1420
Isd 1420Denny Hadiwibowo
 
On the Value of User Preferences in Search-Based Software Engineering:
On the Value of User Preferences in Search-Based Software Engineering: On the Value of User Preferences in Search-Based Software Engineering:
On the Value of User Preferences in Search-Based Software Engineering: CS, NcState
 
0097 introduccion-a-redes-y-a-tcpip-sobre-tecnologia-ethernet
0097 introduccion-a-redes-y-a-tcpip-sobre-tecnologia-ethernet0097 introduccion-a-redes-y-a-tcpip-sobre-tecnologia-ethernet
0097 introduccion-a-redes-y-a-tcpip-sobre-tecnologia-ethernetEdgar lamar
 
Andela.php
Andela.phpAndela.php
Andela.phpwahdan131213
 
1 copie
1 copie1 copie
1 copieHamza Kun
 
Five ten presentation
Five ten presentationFive ten presentation
Five ten presentationPedro Dinkhuysen
 
Manual practico ac_ls
Manual practico ac_lsManual practico ac_ls
Manual practico ac_lsGonzalo Aguayo Velez
 
Driver whiz serial_key_download
Driver whiz serial_key_downloadDriver whiz serial_key_download
Driver whiz serial_key_downloadDANIELFIVE
 
MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...
MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...
MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...grosser
 
EFT Quickstart
EFT QuickstartEFT Quickstart
EFT Quickstartgailmae11
 
Sysinfo
SysinfoSysinfo
SysinfoNadia Elise
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force toolszeus7856
 
Soft Dive Into GrimoireLab. Twitter OSS workshop
Soft Dive Into GrimoireLab. Twitter OSS workshopSoft Dive Into GrimoireLab. Twitter OSS workshop
Soft Dive Into GrimoireLab. Twitter OSS workshopManrique Lopez
 
python_assignmentHanoi (1).py################################.docx
python_assignmentHanoi (1).py################################.docxpython_assignmentHanoi (1).py################################.docx
python_assignmentHanoi (1).py################################.docxamrit47
 
GDG DART Event at Karachi
GDG DART Event at KarachiGDG DART Event at Karachi
GDG DART Event at KarachiImam Raza
 
Getfilestruct zbksh
Getfilestruct zbkshGetfilestruct zbksh
Getfilestruct zbkshBen Pope
 
Getfilestruct zbksh(1)
Getfilestruct zbksh(1)Getfilestruct zbksh(1)
Getfilestruct zbksh(1)Ben Pope
 
The Mythology of Big Data
The Mythology of Big DataThe Mythology of Big Data
The Mythology of Big Datamark madsen
 
We-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooWe-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooChristiaan Beek
 
2012 03 The Death of Passwords
2012 03 The Death of Passwords2012 03 The Death of Passwords
2012 03 The Death of PasswordsRaleigh ISSA
 
Play claw
Play clawPlay claw
Play clawNikolas Aguilera
 
Prototyping w/HTML5 and CSS3
Prototyping w/HTML5 and CSS3Prototyping w/HTML5 and CSS3
Prototyping w/HTML5 and CSS3Todd Zaki Warfel
 
Dealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter ScottDealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter ScottO'Reilly Media
 
Python slide
Python slidePython slide
Python slideKiattisak Anoochitarom
 
March 2012-Marketing Roundtable- Dee Davey
March 2012-Marketing Roundtable- Dee DaveyMarch 2012-Marketing Roundtable- Dee Davey
March 2012-Marketing Roundtable- Dee DaveyAnnArborSPARK
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve LambInformation Security Awareness Group
 
Variations on a Theme
Variations on a ThemeVariations on a Theme
Variations on a ThemeCommercial Progression
 
Employing Custom Fonts
Employing Custom FontsEmploying Custom Fonts
Employing Custom FontsPaul Irish
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

More Related Content

Similar to Cybersecurity200

MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...
MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...
MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...grosser
 
EFT Quickstart
EFT QuickstartEFT Quickstart
EFT Quickstartgailmae11
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force toolszeus7856
 
Soft Dive Into GrimoireLab. Twitter OSS workshop
Soft Dive Into GrimoireLab. Twitter OSS workshopSoft Dive Into GrimoireLab. Twitter OSS workshop
Soft Dive Into GrimoireLab. Twitter OSS workshopManrique Lopez
 
python_assignmentHanoi (1).py################################.docx
python_assignmentHanoi (1).py################################.docxpython_assignmentHanoi (1).py################################.docx
python_assignmentHanoi (1).py################################.docxamrit47
 
GDG DART Event at Karachi
GDG DART Event at KarachiGDG DART Event at Karachi
GDG DART Event at KarachiImam Raza
 
Getfilestruct zbksh
Getfilestruct zbkshGetfilestruct zbksh
Getfilestruct zbkshBen Pope
 
Getfilestruct zbksh(1)
Getfilestruct zbksh(1)Getfilestruct zbksh(1)
Getfilestruct zbksh(1)Ben Pope
 
The Mythology of Big Data
The Mythology of Big DataThe Mythology of Big Data
The Mythology of Big Datamark madsen
 
We-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooWe-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooChristiaan Beek
 
2012 03 The Death of Passwords
2012 03 The Death of Passwords2012 03 The Death of Passwords
2012 03 The Death of PasswordsRaleigh ISSA
 
Prototyping w/HTML5 and CSS3
Prototyping w/HTML5 and CSS3Prototyping w/HTML5 and CSS3
Prototyping w/HTML5 and CSS3Todd Zaki Warfel
 
Dealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter ScottDealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter ScottO'Reilly Media
 
March 2012-Marketing Roundtable- Dee Davey
March 2012-Marketing Roundtable- Dee DaveyMarch 2012-Marketing Roundtable- Dee Davey
March 2012-Marketing Roundtable- Dee DaveyAnnArborSPARK
 
Employing Custom Fonts
Employing Custom FontsEmploying Custom Fonts
Employing Custom FontsPaul Irish
 

Similar to Cybersecurity200 (20)

MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...
MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...
MISC TOPICS #2: I18n Data Programming Pearls Random Records Rpx Now Susher St...
 
EFT Quickstart
EFT QuickstartEFT Quickstart
EFT Quickstart
 
Sysinfo
SysinfoSysinfo
Sysinfo
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
 
Soft Dive Into GrimoireLab. Twitter OSS workshop
Soft Dive Into GrimoireLab. Twitter OSS workshopSoft Dive Into GrimoireLab. Twitter OSS workshop
Soft Dive Into GrimoireLab. Twitter OSS workshop
 
python_assignmentHanoi (1).py################################.docx
python_assignmentHanoi (1).py################################.docxpython_assignmentHanoi (1).py################################.docx
python_assignmentHanoi (1).py################################.docx
 
GDG DART Event at Karachi
GDG DART Event at KarachiGDG DART Event at Karachi
GDG DART Event at Karachi
 
Getfilestruct zbksh
Getfilestruct zbkshGetfilestruct zbksh
Getfilestruct zbksh
 
Getfilestruct zbksh(1)
Getfilestruct zbksh(1)Getfilestruct zbksh(1)
Getfilestruct zbksh(1)
 
The Mythology of Big Data
The Mythology of Big DataThe Mythology of Big Data
The Mythology of Big Data
 
We-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-tooWe-built-a-honeypot-and-p4wned-ransomware-developers-too
We-built-a-honeypot-and-p4wned-ransomware-developers-too
 
2012 03 The Death of Passwords
2012 03 The Death of Passwords2012 03 The Death of Passwords
2012 03 The Death of Passwords
 
Play claw
Play clawPlay claw
Play claw
 
Prototyping w/HTML5 and CSS3
Prototyping w/HTML5 and CSS3Prototyping w/HTML5 and CSS3
Prototyping w/HTML5 and CSS3
 
Dealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter ScottDealing with Legacy Perl Code - Peter Scott
Dealing with Legacy Perl Code - Peter Scott
 
Python slide
Python slidePython slide
Python slide
 
March 2012-Marketing Roundtable- Dee Davey
March 2012-Marketing Roundtable- Dee DaveyMarch 2012-Marketing Roundtable- Dee Davey
March 2012-Marketing Roundtable- Dee Davey
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
Variations on a Theme
Variations on a ThemeVariations on a Theme
Variations on a Theme
 
Employing Custom Fonts
Employing Custom FontsEmploying Custom Fonts
Employing Custom Fonts
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Cybersecurity200

  • 1. This presentation is meant to be viewed in Powerpoint Slide Show mode for full effect of animation. It was designed for a non-technical audience to provide personal security measures that don’t always get covered in corporate training and an introduction to the technical components behind the advice. Some of the concepts are presented at a high and/or abstracted level and would require additional technical information/caveats to most accurately explain. © Brent Harrell, 2020
  • 2. Cybersecurity 200 Beyond the Cyber Awareness Challenge No, Tina, I don’t want to download your pirated music © Brent Harrell, 2020
  • 3. root@localhost:~$ pwd Introduction root@localhost:~$ [+] Brent Harrell OSCP | CISSP [-] System Security Engineer #################################################################################################### whoami root@localhost:~$ [+] Technology is crucial but has its dangers [-] How do we avoid getting pwned when we need or want to use the technology? [-] What the heck is a cookie and can hackers eat them? why are we here [+] More than your typical Cyber Awareness Challenge (hopefully) [-] We are going to nerd out a bit on technical details [-] Spot bogus advertisements capitalizing on fear © Brent Harrell, 2020
  • 4. root@localhost:~$ pwd Objectives root@localhost:~$ [+] Core Topics [-] What is hacking really, encryption, definitions ... ls [+] Passwords [+] Web Attacks [+] Social Media [+] Final Tips #################################################################################################### [+] Questions © Brent Harrell, 2020
  • 5. root@localhost:~$ pwd Core Topics/Definitions root@localhost:~$ what is hacking && are movies real [+] Some movies get a few things right [-] Recommendations: War Games, The Imitation Game [+] Seeking to compromise digital services and components [-] Using systems/processes in unintended ways: Misconfigurations, logic flaws [+] In personal life: like surviving a bear attack [-] Just be [smarter] than the people around you [-] Typically not the target of advanced attacks unless you make yourself an easy target #################################################################################################### root@localhost:~$ clear [-] Attack vectors not limited to just technical realm © Brent Harrell, 2020
  • 6. root@localhost:~$ [+] Confidentiality [-] Ensuring data is only accessed by those with need to know [!] How it applies to you: whatever you don’t want to be public cat CIA.txt root@localhost:~$ pwd Core Topics/Definitions #################################################################################################### [+] Integrity [-] Ensuring data is not modified by unauthorized users [!] How it applies to you: emails, file downloads, etc. [+] Availability [-] Ensuring data is accessible when needed [!] How it applies to you: avoiding ransomware, failed hard drives root@localhost:~$ clear © Brent Harrell, 2020
  • 7. root@localhost:~$ [+] 0-Day: a new, unpatched vulnerability cat badness.txt root@localhost:~$ pwd Core Topics/Definitions #################################################################################################### [+] Malware [+] For more easy-to-digest definitions: [-] https://www.malwarebyes.com/cybersecurity Virus Inserts itself into other programs, user interaction to spread Type Definition Worm Self-propagating Trojan Harmful software disguised as legitimate software Ransomware Blocks access/discloses data unless paid to remove ------ --------------- © Brent Harrell, 2020
  • 8. root@localhost:~$ show Cryptography root@localhost:~$ clear root@localhost:~$ pwd Core Topics/Cryptography #################################################################################################### © Brent Harrell, 2020
  • 9. root@localhost:~$ [+] Obscuring data in a reversible way [Confidentiality] [-] Like a Rubik’s cube – If you jumble it up, you can repeat your steps in reverse to get it back to normal cat Encryption_Definition.txt root@localhost:~$ pwd Core Topics/Cryptography #################################################################################################### root@localhost:~$ [+] Symmetric: a shared secret between parties [-] Fast. Predominant type for encryption of data on a disk, in transit cat Encryption_Types.txt [-] HTTPS, File Encryption [+] Asymmetric: related, but separate, keys [-] Very slow, used for proving identities, integrity verification, and establishing a shared secret. Very important to keep private key private. [-] HTTPS, CAC root@localhost:~$ clear © Brent Harrell, 2020
  • 10. root@localhost:~$ [+] A unidirectional algorithm (i.e. not reversible) that creates a unique value [digest] for each set of data put through it [Integrity] [-] Think of a meat grinder – you can’t get the cow back cat Hashing_Definitions.txt root@localhost:~$ pwd Core Topics/Cryptography #################################################################################################### [+] Salt: A value added to the data before hashing root@localhost:~$ cat Examples.txt [+] Passwords & Rainbow Tables [-] password  5f4dcc3b5aa765d61d8327deb882cf99 [+] Digital Signatures [-] passwordSALT  74836d1ccf6bfc3e7e625ba7438e85c3 [-] First hashes the data, then encrypts the message digest with the user’s private key. Proves integrity and authenticity © Brent Harrell, 2020
  • 11. root@localhost:~$ [!] Use a different password for every site (min: email, financial) [-] This can be difficult, so use a password manager like KeePass or LastPass cat Advice.txt [!] Do not use words that have a connection to you (e.g. kid’s name) [-] Change your passwords (especially if you still use the one they have) [-] DO NOT engage with them, pay them, or click links [!] If a site allows it, use multi-factor authentication [-] “Factors” are something you … KNOW | HAVE | ARE | CAN DO [-] Authentication apps (e.g. Google Authenticator) are better than SMS or email if available root@localhost:~$ clear root@localhost:~$ pwd Passwords #################################################################################################### [!] If someone emails you and proves they know your password: © Brent Harrell, 2020
  • 12. root@localhost:~$ [+] Which of these is most secure? [-] A) P@s$w0rd! B) fishfleetrealspider C) ZAQ!1qazXSW@2wsx D) Az9f!9 passwd test root@localhost:~$ pwd Passwords #################################################################################################### root@localhost:~$ clear root@localhost:~$ [+] Cracking is usually based on word lists, not random brute force [-] Programs can easily substitute @ for A, etc. and append numbers/symbols cat Why.txt [-] Patterns are easily guessable [!] Length is much more important than getting every character class [!] This does not mean don’t mix it up, just don’t mix it up predictably © Brent Harrell, 2020
  • 13. root@localhost:~$ show Stats root@localhost:~$ pwd Passwords #################################################################################################### https://www.hivesystems.io/blog/are-your-passwords-in-the-green Big Asterisk  [+] remember from the prior slide: this does not tell the whole story. [+] “Password123!!” should take 2M years according to this, but it will be instant © Brent Harrell, 2020
  • 14. root@localhost:~$ If you are receiving a service online for no monetary cost, you are not the customer You are the product cat WARNING.txt root@localhost:~$ clear root@localhost:~$ pwd Internet Browsing #################################################################################################### © Brent Harrell, 2020
  • 15. root@localhost:~$ [!] Know that you’re the product [-] If it’s still worth it, then enjoy cat Social-Media_Advice.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### [!] Limit sharing and lock down who sees your stuff [-] Don’t fill in the fields they want you to [-] Wherever possible, limit access to only friends/connections [!] Lie on security questions [-] Stay consistent so you don’t confuse yourself [-] Be careful: some people have had the lies show up on credit-related questions. Limit to things like ‘first pet’ or ‘high school mascot’ root@localhost:~$ clear [-] Social media is a great way to get answers to security questions [-] If given the option, always write your own security question © Brent Harrell, 2020
  • 16. root@localhost:~$ [!] Be careful when using smaller/off-brand sites cat General_Advice.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### [!] Close out of sensitive sessions (tabs) when done [-] Test: If you can return to the page and are logged in after closing the tab, you need to log out manually [!] Use security-related browser extensions [-] Firefox/Chrome: NoScript, uBlock Origin/Adblock Plus root@localhost:~$ clear [!] Resist the urge to find out which Disney princess you are (quizzes) [!] Use a VPN on public WiFi [!] Pay attention to warnings – don’t just click through them © Brent Harrell, 2020
  • 17. root@localhost:~$ [+] What are they? [-] Delicious baked goods. Also, small files that contain information [-] Can store almost anything: a session ID, settings, how you got to the page cat Cookies.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### [+] Good and Bad [-] Good: Helps manage sessions so that you don’t need to log in every time you change pages on the website (e.g. going from the home page to your profile) [-] Good: Remembers settings and other configurations to make experiences smoother [-] Bad: Can be used to track your activity across sites (think custom ads) [-] Bad: Can end up taking up a lot of storage root@localhost:~$ clear © Brent Harrell, 2020
  • 18. root@localhost:~$ show Cookie root@localhost:~$ pwd Internet Browsing #################################################################################################### root@localhost:~$ clear © Brent Harrell, 2020
  • 19. root@localhost:~$ [+] Cross-Site Scripting (XSS) [-] When a site does not ‘sanitize’ the contents of user-controlled input, malicious users can insert scripts that users’ browsers will execute cat XSS.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### root@localhost:~$ show Stored_Example root@localhost:~$ clear BeEF © Brent Harrell, 2020
  • 20. root@localhost:~$ [+] Cross Site Request Forgery (CSRF) [-] Scripts on a page only have access to the contents of cookies for that page [-] CSRF takes advantage of the browser storing other cookies to try to execute authenticated actions. NOTE: Requires security lapse on both sides cat CSRF.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### [+] Example: [-] You use Bank of Money for your banking. You log in to the site and it sets a session cookie so that you can navigate the website while logged in [-] You then open a new tab and navigate to http://iloveallthefurrypuppies.com which has a comment section [-] While great at loving puppies, they don’t filter the comments. A malicious user inserts a script that causes all visitors to try to execute a financial transaction at BoM. Because you’re still logged in, BoM sees the session cookie from your browser, thinks it’s a valid request, and executes it root@localhost:~$ clear © Brent Harrell, 2020
  • 21. root@localhost:~$ [+] Most sites use encryption now, but it isn’t always needed [-] If you do not plan to enter/receive any sensitive data, not too worrisome [!] If you DO plan to enter/receive any sensitive data, always ensure it’s on an encrypted connection (HTTPS) and the certificate is valid cat Site_Encryption.txt root@localhost:~$ pwd Internet Browsing #################################################################################################### root@localhost:~$ clear © Brent Harrell, 2020
  • 22. root@localhost:~$ [+] Virtual Private Network [-] Cryptographic tunnel between two locations – a virtual means of creating a point to point link [-] Can allow remote computers access to internal networks (mainly corporate) What is a VPN root@localhost:~$ pwd Internet Browsing #################################################################################################### [-] Can be used to appear as a different IP and prevent Man-in-the-Middle attacks root@localhost:~$ ./Man-in-the-Middle root@localhost:~$ clear [+] When someone controls an element of the link, they can view and/or modify all traffic flowing through it [-] Examples: Airport or Hotel WiFi © Brent Harrell, 2020
  • 23. root@localhost:~$ show Tunnel_Simplified root@localhost:~$ pwd Internet Browsing #################################################################################################### Request to Google Request to Google from MITM MITM Intercepts Client establishes tunnel with VPN provider, client sends request to Google (red), MITM only sees encrypted data (blue) VPN provider forwards original request to Google (red) Google establishes HTTPS tunnel with client (green) Tunnel from MITM Data exposed to MITM Tunnel to Google from MITM © Brent Harrell, 2020
  • 24. root@localhost:~$ [!] Keep software and firmware up to date [-] Particularly: antivirus, browsers, router firmware, operating system more Tips.txt [!] Windows Defender has come a long way [-] Other free options: Avast, AVG, MalwareBytes, BitDefender [!] Don’t use Kaspersky [!] Avoid downloading anything cosmetic that you do not need [-] Themes (mobile or computer), browser add-ons, apps, etc. [-] Often user-generated and not vetted, perfect access vector for attacks root@localhost:~$ pwd Final Tips #################################################################################################### [?] Example: Windows theme caused the OS to divulge NTLM hashes - -More- -(33%) [Press space to continue, 'q' to quit.] © Brent Harrell, 2020
  • 25. [!] Verify links in emails before clicking by hovering over them [!] If you know the URL (e.g. your bank), go directly instead of with the link root@localhost:~$ Final Tips #################################################################################################### [!] Use WPA2 (Personal/PSK/AES depending on device) for home wireless [!] WEP, WPA, and TKIP for WPA2 are deprecated and should not be used [!] Do not use WPS (WiFi Protected Setup) on devices like printers [!] Periodically back up your information to an external drive [!] Disabling SSID is not actually helpful [!] If you want to go deeper, separate IoT devices into a different VLAN - -More- -(66%) [Press space to continue, 'q' to quit.] © Brent Harrell, 2020
  • 26. root@localhost:~$ Final Tips #################################################################################################### - -More- -(100%) [Press space to continue, 'q' to quit.] [!] Be diligent, but don’t be terrified [-] Basic ‘cyber hygiene’ is generally enough to keep you protected. Individuals typically aren’t targets until they make themselves one [!] Limit trust in external parties – all it takes is one mistake by a company (who are targets) for your data to go out the door [!] Question everything, especially things rooted in fear-based tactics [?] Example: APT31 McAfee phishing attack – ask “Why am I not getting this straight from McAfee’s site?” © Brent Harrell, 2020
  • 27. root@localhost:~$ pwd What Am I About to Get Into #################################################################################################### Questions? © Brent Harrell, 2020