SlideShare a Scribd company logo

Security awareness for information security team

Kirill Ermakov
Kirill Ermakov

Let's talk about gathering information, staying aware and new generation threats.

Internet
1 of 20
Download to read offline
Security awareness for the security and don’tCry any more Kir Ermakov Jet Security Conference, 2017
2 #:whoami - Known as ‘isox’ - vulners.com founder - QIWI Group CTO ( prev. – CISO) - Web penetration tester - Member of “hall-of-fames” (Yandex, Mail.ru, Apple and so on) - JBFC community participant - Security skeptic
3 Information security awareness is an evolving part of information security that focuses on raising consciousness regarding potential risks of the rapidly evolving forms of information and the rapidly evolving threats to that information which target human behavior. © Wiki
4 Service for the regular employees - All kind of trainings for non-security guys - Speeches of security preachers - Mandatory part of many standards and laws (PCI, SOX, ISO27k, US) - The challenge of measurement in pentest practice
5 You are a human too! - Lack of information is unforgivable - But who will support you?! - How not to skip the threat? - Unawareness is also a human error!
6 Threats drag race - Modern threat is like a race car - The one who slows will die - Information is the main treasure - The reaction rate will determine the winner
7 Hurricane Sandy - Disaster as we know it - Immediate news resources reaction - High-speed information dissemination - Remediation and recovery plans
8 Heartbleed 11 days delay vs the most popular Russian infosec news resource
9 wannaCry 12 hours delay vs Lenta.ru, a major news portal
10 Dirty COW 1 day delay vs xakep.ru, a Russian security magazine and news resource
11 Threats are new disasters - React them as if it is an earthquake - Be informed! - Keep your eyes on the security news - This is the dark side of the security awareness
12 Gathering information - Vendor critical advisories subscriptions - Sec Lists [http://seclists.org/] - The Hacker News [http://thehackernews.com/] - Netsec Reddit [https://www.reddit.com/r/netsec/] - …
13 Automate it with Vulners database!
14 Security awareness for security guys - Be the first to know about - Inspired by Google Search subscriptions - Get only content that you need - Query based subscription - Any delivery method: - RSS - Email - Telegram - API
15 Advanced queries - Any complex query - title:httpd type:centos order:published last 15 days - Sortable by any field (type, CVSS, dates, reporter, etc) - Apache Lucene syntax (AND, OR and so on) - Exploit search by sources and CVE’s - cvelist:CVE-2014-0160 type:exploitdb - sourceData:.bash_profile - sourceData:"magic bytes”
16 RSS - Fully customizable news feed in RSS format - Powered by Apache Lucene query - https://vulners.com/rss.xml?query=type:debian - Updates-on-demand. No cache, it builds right when you ask it to. - Atom, Webfeeds, mrss compatible
17 Email subscriptions - Awareness service - Absolutely customizable
18 Telegram - @vulnersBot - Unlimited subscriptions for a user - Rapid news and digests - In-app search - Broadcasts for emergency news
19 QIWI Emergency News - Security disaster broadcast - Choice of analysts - Prepared for you by QIWI team
20 Thanks - isox@vulners.com - https://github.com/videns/vulners-scanner/ - We are really trying to make this world better - Stop paying for features, that are available for free

Recommended

Vulners report: comparing vulnerability world 2016 to 2017
Vulners report: comparing vulnerability world 2016 to 2017Vulners report: comparing vulnerability world 2016 to 2017
Vulners report: comparing vulnerability world 2016 to 2017
Kirill Ermakov
 
Why vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheelWhy vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheel
Kirill Ermakov
 
Vulnerability Funalitics with vulners.com
Vulnerability Funalitics with vulners.comVulnerability Funalitics with vulners.com
Vulnerability Funalitics with vulners.com
Kirill Ermakov
 
Vulners: Google for hackers
Vulners: Google for hackersVulners: Google for hackers
Vulners: Google for hackers
Kirill Ermakov
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application security
James Crowley
 
MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPress
FFRI, Inc.
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows Environments
Oddvar Moe
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
Trivadis
 

Recommended

Vulners report: comparing vulnerability world 2016 to 2017
Vulners report: comparing vulnerability world 2016 to 2017Vulners report: comparing vulnerability world 2016 to 2017
Vulners report: comparing vulnerability world 2016 to 2017
Kirill Ermakov
 
Why vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheelWhy vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheel
Kirill Ermakov
 
Vulnerability Funalitics with vulners.com
Vulnerability Funalitics with vulners.comVulnerability Funalitics with vulners.com
Vulnerability Funalitics with vulners.com
Kirill Ermakov
 
Vulners: Google for hackers
Vulners: Google for hackersVulners: Google for hackers
Vulners: Google for hackers
Kirill Ermakov
 
10 things I’ve learnt about web application security
10 things I’ve learnt about web application security10 things I’ve learnt about web application security
10 things I’ve learnt about web application security
James Crowley
 
MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPress
FFRI, Inc.
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows Environments
Oddvar Moe
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
Trivadis
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
Nikola Milosevic
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
Muhammad Khizer Javed
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFish
Markus Eisele
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
Abdulrahman Bassam
 
Hacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrepHacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrep
Oddvar Moe
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
Nikola Milosevic
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
Nico Penaredondo
 
Security Protection for WordPress
Security Protection for WordPressSecurity Protection for WordPress
Security Protection for WordPress
Samuel Soon
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
Maximiliano Soler
 
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
OWASP Ottawa
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
Ammar WK
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
Seminar1
Seminar1Seminar1
Seminar1
Satish Padnani
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
Noppadol Songsakaew
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
Siddharth Phatarphod
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website Owners
Tony Perez
 
Shields up - improving web application security
Shields up - improving web application securityShields up - improving web application security
Shields up - improving web application security
Konstantin Mirin
 
Security testing for web developers
Security testing for web developersSecurity testing for web developers
Security testing for web developers
matthewhughes
 
Vulnerability intelligence with vulners.com
Vulnerability intelligence with vulners.comVulnerability intelligence with vulners.com
Vulnerability intelligence with vulners.com
Igor Bulatenko
 
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
Ontico
 

More Related Content

What's hot

OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
Nikola Milosevic
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
Abdulrahman Bassam
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
Nikola Milosevic
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
Maximiliano Soler
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website Owners
Tony Perez
 

What's hot (20)

OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFish
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
 
Hacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrepHacke windows med windows - avanserte angrep
Hacke windows med windows - avanserte angrep
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
 
Security Protection for WordPress
Security Protection for WordPressSecurity Protection for WordPress
Security Protection for WordPress
 
Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)Information Gathering with Google (c0c0n - India)
Information Gathering with Google (c0c0n - India)
 
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
Security Code Review for .NET - Sherif Koussa (OWASP Ottawa)
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Seminar1
Seminar1Seminar1
Seminar1
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website Owners
 
Shields up - improving web application security
Shields up - improving web application securityShields up - improving web application security
Shields up - improving web application security
 
Security testing for web developers
Security testing for web developersSecurity testing for web developers
Security testing for web developers
 

Similar to Security awareness for information security team

Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
Ontico
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 

Similar to Security awareness for information security team (20)

Vulnerability intelligence with vulners.com
Vulnerability intelligence with vulners.comVulnerability intelligence with vulners.com
Vulnerability intelligence with vulners.com
 
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad Cravens
 
Vulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.comVulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.com
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
OpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptxOpenSourceIntelligence-OSINT.pptx
OpenSourceIntelligence-OSINT.pptx
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
 
SoftwareSecurity.ppt
SoftwareSecurity.pptSoftwareSecurity.ppt
SoftwareSecurity.ppt
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdf
 
Securing your web apps before they hurt the organization
Securing your web apps before they hurt the organizationSecuring your web apps before they hurt the organization
Securing your web apps before they hurt the organization
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
 
Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms Detection of webshells in compromised perimeter assets using ML algorithms
Detection of webshells in compromised perimeter assets using ML algorithms
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 

More from Kirill Ermakov

More from Kirill Ermakov (7)

How to get a well done penetration test
How to get a well done penetration testHow to get a well done penetration test
How to get a well done penetration test
 
Под капотом Vulners
Под капотом VulnersПод капотом Vulners
Под капотом Vulners
 
SOC training
SOC trainingSOC training
SOC training
 
Почему вам не нужен SOC
Почему вам не нужен SOCПочему вам не нужен SOC
Почему вам не нужен SOC
 
Подход QIWI к проведению тестирования на проникновение
Подход QIWI к проведению тестирования на проникновениеПодход QIWI к проведению тестирования на проникновение
Подход QIWI к проведению тестирования на проникновение
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...
 
Lets talk about bug hunting
Lets talk about bug huntingLets talk about bug hunting
Lets talk about bug hunting
 

Recently uploaded

2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
gragchanchal546
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
F
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 

Recently uploaded (20)

2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理一比一原版帝国理工学院毕业证如何办理
一比一原版帝国理工学院毕业证如何办理
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 

Security awareness for information security team

  • 1. Security awareness for the security and don’tCry any more Kir Ermakov Jet Security Conference, 2017
  • 2. 2 #:whoami - Known as ‘isox’ - vulners.com founder - QIWI Group CTO ( prev. – CISO) - Web penetration tester - Member of “hall-of-fames” (Yandex, Mail.ru, Apple and so on) - JBFC community participant - Security skeptic
  • 3. 3 Information security awareness is an evolving part of information security that focuses on raising consciousness regarding potential risks of the rapidly evolving forms of information and the rapidly evolving threats to that information which target human behavior. © Wiki
  • 4. 4 Service for the regular employees - All kind of trainings for non-security guys - Speeches of security preachers - Mandatory part of many standards and laws (PCI, SOX, ISO27k, US) - The challenge of measurement in pentest practice
  • 5. 5 You are a human too! - Lack of information is unforgivable - But who will support you?! - How not to skip the threat? - Unawareness is also a human error!
  • 6. 6 Threats drag race - Modern threat is like a race car - The one who slows will die - Information is the main treasure - The reaction rate will determine the winner
  • 7. 7 Hurricane Sandy - Disaster as we know it - Immediate news resources reaction - High-speed information dissemination - Remediation and recovery plans
  • 8. 8 Heartbleed 11 days delay vs the most popular Russian infosec news resource
  • 9. 9 wannaCry 12 hours delay vs Lenta.ru, a major news portal
  • 10. 10 Dirty COW 1 day delay vs xakep.ru, a Russian security magazine and news resource
  • 11. 11 Threats are new disasters - React them as if it is an earthquake - Be informed! - Keep your eyes on the security news - This is the dark side of the security awareness
  • 12. 12 Gathering information - Vendor critical advisories subscriptions - Sec Lists [http://seclists.org/] - The Hacker News [http://thehackernews.com/] - Netsec Reddit [https://www.reddit.com/r/netsec/] - …
  • 13. 13 Automate it with Vulners database!
  • 14. 14 Security awareness for security guys - Be the first to know about - Inspired by Google Search subscriptions - Get only content that you need - Query based subscription - Any delivery method: - RSS - Email - Telegram - API
  • 15. 15 Advanced queries - Any complex query - title:httpd type:centos order:published last 15 days - Sortable by any field (type, CVSS, dates, reporter, etc) - Apache Lucene syntax (AND, OR and so on) - Exploit search by sources and CVE’s - cvelist:CVE-2014-0160 type:exploitdb - sourceData:.bash_profile - sourceData:"magic bytes”
  • 16. 16 RSS - Fully customizable news feed in RSS format - Powered by Apache Lucene query - https://vulners.com/rss.xml?query=type:debian - Updates-on-demand. No cache, it builds right when you ask it to. - Atom, Webfeeds, mrss compatible
  • 17. 17 Email subscriptions - Awareness service - Absolutely customizable
  • 18. 18 Telegram - @vulnersBot - Unlimited subscriptions for a user - Rapid news and digests - In-app search - Broadcasts for emergency news
  • 19. 19 QIWI Emergency News - Security disaster broadcast - Choice of analysts - Prepared for you by QIWI team
  • 20. 20 Thanks - isox@vulners.com - https://github.com/videns/vulners-scanner/ - We are really trying to make this world better - Stop paying for features, that are available for free