4. Introduction
• Presidio Chief Information Security Officer
• Over 11 years at Presidio
• 39 Years in Security
• Organizations
– US Army (Electronic Warfare)
– EDS (Cellular Communications)
– BBN Planet/GTE Internetworking (ISP)
– Digex (Network/Web Hosting)
– Northrop Grumman (Consulting)
– Presidio (Consulting)
• Certifications
– CISM, CISA, CRISC, CISSP, CEH, CCSK
5. Todays’ Goal
• Pass along knowledge from many engagements
• Pass along some ideas that can help you
• Pass long some best practices
• Pass along some common mistakes and pitfalls
• Promise no sales pitch
• No FUD to discuss security
• Open discussion about security
6. Today’s Cyber Challenges
Methodology to Secure Your Business
• Today’s cybersecurity landscape has many challenges. There are many
attack vectors and the frequency of the attacks are increasing. How do
we protect our organizations from these attacks? Do we have the
resources, the budget or the knowledge to defend against these
attacks?
• During this session we will talk about a methodology for protecting your
organization’s critical data which includes security strategy, compliance
requirements, continuous testing, architecture challenges, incident
response and monitoring. This session will discuss today’s
cybersecurity challenges and how this methodology will help you protect
your organization.
10. Security in the News
Security and Exchange Commission
Exploited Vulnerability - Electronic
Data Gathering, Analysis, and
Retrieval (EDGAR)
Data can be used for insider trading
Exploited Apache Struts Flaw
Impact – 145 million people
33. Scanning Tools
• Tenable Nessus
• Burp Suite Pro
• LUCY (Social
Engineering)
• Nmap
• Metasploit
• Mimikatz
• Responder
• BloodHound
Direct Action Kit RFID Harvester
• When victim is within a
few feet, their RFID
badge information is
grabbed.
• System can then clone
the badge for use by
security consultant.
Physical Security
• Lack of door plates on
critical ingress doors can
allow access with kit
tools
• Improperly installed locks
can lead to easy bypass
Wireless Testing
• Wi-Fi Pineapple
• Evil Twin Attacks on
open wireless networks
• Cracking pre-shared
keys with high-power
Amazon GPU cluster
Commercial /
Open Source tools
• Shrum Tool
• Shove Knife Tool
• Plastic shims
• Lock pick tools
• USB Key logger
• Video Cable Display
Mirror
• Hinge-mount door catch
Security Tools
36. Story 1 Impersonate Support Team
36
1 2
• I’m here to help with a problem on
the computer.
• Coincidence - another business
system is down.
• Receptionist provides the outage
information, branch manager and
direct number.
• Information sent to attacker 2.
• A remote attacker 2 calls the
branch manager from a spoofed
number for the real support team.
• Wanted to let you know we’re
coming to look at the system.
1
• Receptionist is notified to escort
the support team to the system.
• Attacker 1 is escorted to the
business system.
• Gathered photos of alarm
systems/wiring diagrams. Had
access to financial servers and
15,000 loan applications.
37. Story 2 Impersonate Executive
37
• Complete IT Survey
• Success 75-80% credentials
• Admins responded
• Employees are afraid to
question authority
38. Story 3 – Multi-tier Attacks
• < 20 minutes on-site
– 1 inserted USB
– Server room compromised
– 7 sets of credentials compromised
– 12 sets of spear phishing
– Full VPN Access
– Full email access
• Attacks
– Reconnaissance (badge)
– Phishing
– Tailgate
– USB
– Human Error
39. Story 4 Red Team
• GOAL – Gain access to pharmaceutical price
list
– 1st night – dumpster diving – price lists found
– 2nd night – building reconnaissance – door locks vulnerable
– Gained access – knitting hook picked door lock (loiding)
– Badge ID System left out in open – guessed easy password
– Created admin account and badges
– Deleted forced entry alerts from camera and door security
system
– Used newly created badges to access environment
– Installed keystroke loggers on keyboards
– Gained domain admin privileges
– Gained full admin access to pharmaceutical server