Submit Search
Upload
Network security, seriously?
•
Download as PPTX, PDF
•
0 likes
•
366 views
Peter Wood
Follow
2016 Network Penetration Tests: Results and Solutions
Read less
Read more
Internet
Report
Share
Report
Share
1 of 32
Download now
Recommended
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
Outpost24
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security Simulation
Symantec
Cybersecurity on Business Resilience
Cybersecurity on Business Resilience
PECB
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
Charles Lim
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24
Recommended
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Michael Noel
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
Outpost24
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security Simulation
Symantec
Cybersecurity on Business Resilience
Cybersecurity on Business Resilience
PECB
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
Charles Lim
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24 Webinar - Common wireless security threats and how to avoid them
Outpost24
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
An introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz Asia Pte Ltd
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker Vision
PECB
It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
Setting up CSIRT
Setting up CSIRT
APNIC
The State of Threat Detection 2019
The State of Threat Detection 2019
Fidelis Cybersecurity
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
Symantec
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
Securing your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenches
Infosec
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
CSIRT_16_Jun
CSIRT_16_Jun
Candan BOLUKBAS
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
Topic11
Topic11
Anne Starr
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
Red teaming in the cloud
Red teaming in the cloud
Peter Wood
All your files now belong to us
All your files now belong to us
Peter Wood
More Related Content
What's hot
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
An introduction to Cyber Essentials
An introduction to Cyber Essentials
Jisc
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz Asia Pte Ltd
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker Vision
PECB
It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
Setting up CSIRT
Setting up CSIRT
APNIC
The State of Threat Detection 2019
The State of Threat Detection 2019
Fidelis Cybersecurity
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
Symantec
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
Securing your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenches
Infosec
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
CSIRT_16_Jun
CSIRT_16_Jun
Candan BOLUKBAS
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
Topic11
Topic11
Anne Starr
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
What's hot
(20)
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
An introduction to Cyber Essentials
An introduction to Cyber Essentials
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker Vision
It and-cyber-module-2
It and-cyber-module-2
Setting up CSIRT
Setting up CSIRT
The State of Threat Detection 2019
The State of Threat Detection 2019
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
Securing your presence at the perimeter
Securing your presence at the perimeter
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenches
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
CSIRT_16_Jun
CSIRT_16_Jun
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
Topic11
Topic11
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Viewers also liked
Red teaming in the cloud
Red teaming in the cloud
Peter Wood
All your files now belong to us
All your files now belong to us
Peter Wood
Welcome to Strategic Red Team Consulting
Welcome to Strategic Red Team Consulting
Fred Aubin, CD MCGI
Fixing the broken Red Team
Fixing the broken Red Team
David Warley
Strategic Red Team Consulting - Company Intro - Jan 2014
Strategic Red Team Consulting - Company Intro - Jan 2014
Fred Aubin, CD MCGI
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
Peter Wood
Lessons from a Red Team Exercise
Lessons from a Red Team Exercise
Peter Wood
Pentesting
Pentesting
Henrik Jacobsen
Final Report Presentation Team Red O
Final Report Presentation Team Red O
Xu Bim
mimikatz @ asfws
mimikatz @ asfws
Benjamin Delpy
Pentesting with Metasploit
Pentesting with Metasploit
Prakashchand Suthar
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Hykeos
Strategic Red Team Consulting - Introduction to Business Wargaming
Strategic Red Team Consulting - Introduction to Business Wargaming
Fred Aubin, CD MCGI
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Rob Fuller
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at you
Rob Fuller
Viewers also liked
(15)
Red teaming in the cloud
Red teaming in the cloud
All your files now belong to us
All your files now belong to us
Welcome to Strategic Red Team Consulting
Welcome to Strategic Red Team Consulting
Fixing the broken Red Team
Fixing the broken Red Team
Strategic Red Team Consulting - Company Intro - Jan 2014
Strategic Red Team Consulting - Company Intro - Jan 2014
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
Lessons from a Red Team Exercise
Lessons from a Red Team Exercise
Pentesting
Pentesting
Final Report Presentation Team Red O
Final Report Presentation Team Red O
mimikatz @ asfws
mimikatz @ asfws
Pentesting with Metasploit
Pentesting with Metasploit
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Strategic Red Team Consulting - Introduction to Business Wargaming
Strategic Red Team Consulting - Introduction to Business Wargaming
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at you
Similar to Network security, seriously?
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
Secure coding guidelines
Secure coding guidelines
Zakaria SMAHI
Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
Security Testing
Security Testing
ISsoft
Web and Mobile Application Security
Web and Mobile Application Security
Prateek Jain
Network Security - Real and Present Dangers
Network Security - Real and Present Dangers
Peter Wood
Owasp top 10
Owasp top 10
YasserElsnbary
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
Infosectrain3
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
Cognizant
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
MiteshVyas16
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
AW-Infs201101067.pptx
AW-Infs201101067.pptx
AnonymousDevil2
Web application vulnerability assessment
Web application vulnerability assessment
Ravikumar Paghdal
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
Sebastien Deleersnyder
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
Karla Sasser, CPA CITP, CIA, CGMA
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
How Does a Data Breach Happen?
How Does a Data Breach Happen?
Claranet UK
Application Security Guide for Beginners
Application Security Guide for Beginners
Checkmarx
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
Wail Hassan
Security Testing Training With Examples
Security Testing Training With Examples
Alwin Thayyil
Similar to Network security, seriously?
(20)
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Secure coding guidelines
Secure coding guidelines
Cybersecurity update 12
Cybersecurity update 12
Security Testing
Security Testing
Web and Mobile Application Security
Web and Mobile Application Security
Network Security - Real and Present Dangers
Network Security - Real and Present Dangers
Owasp top 10
Owasp top 10
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
AW-Infs201101067.pptx
AW-Infs201101067.pptx
Web application vulnerability assessment
Web application vulnerability assessment
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
How Does a Data Breach Happen?
How Does a Data Breach Happen?
Application Security Guide for Beginners
Application Security Guide for Beginners
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
Security Testing Training With Examples
Security Testing Training With Examples
More from Peter Wood
Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
Peter Wood
The future of cloud security
The future of cloud security
Peter Wood
The 2018 Threatscape
The 2018 Threatscape
Peter Wood
Introduction to Cyber Resilience
Introduction to Cyber Resilience
Peter Wood
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Peter Wood
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Peter Wood
Attacking the cloud with social engineering
Attacking the cloud with social engineering
Peter Wood
Advanced threat protection and big data
Advanced threat protection and big data
Peter Wood
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Peter Wood
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
Peter Wood
Prime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
Peter Wood
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Peter Wood
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
Peter Wood
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
Peter Wood
Top Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
Peter Wood
The Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
Security in a Virtualised Environment
Security in a Virtualised Environment
Peter Wood
The Corporate Web Security Landscape
The Corporate Web Security Landscape
Peter Wood
The Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a Hacker
Peter Wood
More from Peter Wood
(20)
Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
The future of cloud security
The future of cloud security
The 2018 Threatscape
The 2018 Threatscape
Introduction to Cyber Resilience
Introduction to Cyber Resilience
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Attacking the cloud with social engineering
Attacking the cloud with social engineering
Advanced threat protection and big data
Advanced threat protection and big data
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
Prime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Emerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
Top Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
The Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Security in a Virtualised Environment
Security in a Virtualised Environment
The Corporate Web Security Landscape
The Corporate Web Security Landscape
The Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a Hacker
Recently uploaded
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Damian Radcliffe
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
SofiyaSharma5
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Diya Sharma
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Delhi Call girls
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Seo
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
soniya singh
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
soniya singh
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
kumarajju5765
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
shivangimorya083
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Damian Radcliffe
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
CarlotaBedoya1
Recently uploaded
(20)
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
Network security, seriously?
1.
Peter Wood Chief Executive
Officer First Base Technologies LLP A CREST Member Company Network security, seriously? 2016 Network Penetration Tests: Results and Solutions
2.
Slide 2 ©
First Base Technologies 2016 Founder and CEO - First Base Technologies LLP • Engineer, IT and information security professional since 1969 • Fellow of the BCS • Chartered IT Professional • CISSP • Member of the Institute of Information Security Professionals • 15 Year+ Member of ISACA, Member of the ISACA Security Advisory Group • Senior Member of the Information Systems Security Association (ISSA) • Member of the BCS Information Risk Management and Assurance Group • Chair of white-hats.co.uk • Chair of OTIS (Operational Technology and IoT Security) • Member of ACM, IEEE, First Forensic Forum, Institute of Directors • Member of Mensa Peter Wood
3.
Slide 3 ©
First Base Technologies 2016
4.
Slide 4 ©
First Base Technologies 2016 Background • Penetration testing since 1994 (22 years) • Some problems just won’t go away • Too little time, money and people? • Ignorance?
5.
Slide 5 ©
First Base Technologies 2016 Seriously? Our analysis of 376 penetration tests over the past year, across all sectors: banking, insurance, retail … • 244 web application tests • 100 external infrastructure tests • 32 internal network penetration tests
6.
Slide 6 ©
First Base Technologies 2016 External vulnerabilities
7.
Slide 7 ©
First Base Technologies 2016 External (244 web / 100 infra)
8.
Slide 8 ©
First Base Technologies 2016 Absence of 2FA (68%) Impact: An attacker who has compromised a user’s credentials via another attack vector (such as email phishing) can re-use SSL VPN or Citrix credentials and gain access to the account. A brute-force attack against weak passwords would also yield unauthorised access. Threat Assessment: The attacker will have the same privileges as the compromised account and can operate as a trusted user on the network. Links to: phishing attacks, weak passwords, poor Citrix configuration, SSL VPNs, OWA Fix: Implement two-factor authentication!
9.
Slide 9 ©
First Base Technologies 2016 File upload facility (33%) Impact: This may provide an opportunity for an attacker to compromise the security of the web application by uploading malicious files containing scripts, macro viruses or Trojans Threat Assessment: An attacker requires minimal technical knowledge to exploit this vulnerability. If an attacker is able to upload and execute malicious files, this would give access to the underlying web server. Links to: missing patches, weak passwords, phishing Fix: Uploaded files should be checked for malicious content and sanitised. Anti-virus should be deployed on the file store.
10.
Slide 10 ©
First Base Technologies 2016 Cross-site scripting (23%) Impact: Keystroke logging, redirection to attacker-controlled websites and spoofing of login forms to steal credentials. Threat Assessment: Users of the application can be tricked into clicking a link via a phishing attack. Code will execute immediately in most cases (this is known as reflected cross-site scripting). Links to: phishing, weak passwords, missing patches Fix: Input validation checks should be made to ensure that only expected data is processed by the application. All user-supplied data should be encoded before transmission to the client. These checks should be applied to every field in the application that can possibly accept user input, including those hidden from an ordinary user.
11.
Slide 11 ©
First Base Technologies 2016 Poor Citrix Configuration (21%) Impact: The attacker can escape from the Citrix application and access the underlying server via a hyperlink to C: and perform actions unauthorised as the original user. Threat Assessment: A common goal is to gain a command prompt (via cmd.exe), which can then be used to launch attacks against other targets on the network, or install additional malicious tools for further penetration. Links to: weak passwords, missing patches, insecure SMB service, obsolete Windows OS, excessive Domain Administrators Fix: Harden Citrix and underlying OS; implement role-based access controls
12.
Slide 12 ©
First Base Technologies 2016 Excessive services (20%) Impact: The underlying server is offering a variety of services, some of which would only be expected on an internal network. The impact of this vulnerability is wide ranging, with a number of instances of outdated software vulnerable to exploitation. Threat Assessment: Services include plain text FTP and mail services, which are vulnerable to credential capture and brute- force logon attacks; Microsoft Directory Services which permit a variety of Windows attacks; and database services that can be compromised by password guessing. Where outdated software is use, the server is at an even higher risk of compromise using published exploits. Fix: Audit firewall rules regularly; ensure change control includes technical justification; scan and penetration test regularly
13.
Slide 13 ©
First Base Technologies 2016 SQL Injection (17%) Impact: An SQL injection exploit can read or modify the database. It may also be possible to issue commands to the operating system and gain complete control of the host. Threat Assessment: Tools exist to aid in conducting SQL injection attacks. Fix: Input validation checks should be made on every field in the application that can possibly accept user input, including those hidden from an ordinary user. All user-supplied data should be encoded before transmission to the client. Database hardening techniques should be used, including parameterised stored procedures and parameterised queries with bound parameters to ensure that the database query is kept separate from the data.
14.
Slide 14 ©
First Base Technologies 2016 Cross-site request forgery (15%) Impact: An attacker can plant stored cross-site scripting code within a user's profile, as well as change the user's username and password. New users can also be added to the application. Threat Assessment: The victim is tricked into visiting a malicious page and/or into clicking a malicious link whilst authenticated to the application. A script running on the page will send a request to the application, without any input from the user. Fix: The web application should generate a unique token whenever a request is made to access a form, and should include the token in the URL or within Hidden form fields. The web application should check for the presence and validity of this token once it receives the response back from the client. If the token is not present and valid, the request should be terminated immediately.
15.
Slide 15 ©
First Base Technologies 2016 Plain text passwords (3%) Impact: An attacker successfully exploiting a SQL injection vulnerability or having hijacked a user's session, can extract users’ credentials and use them to get full access to the accounts. Threat Assessment: An attacker will browse through the databases in order to find tables containing valid credentials. They can also hijack an administrator's session to view the passwords in plain text within individual users' profiles and run brute-force attacks against a variety of user names. Links to: SQL injection Fix: Passwords should be stored in a salted hashed format, for example using SHA-256.
16.
Slide 16 ©
First Base Technologies 2016 Internal vulnerabilities
17.
Slide 17 ©
First Base Technologies 2016 Internal networks (32 tests)
18.
Slide 18 ©
First Base Technologies 2016 Weak passwords (66%) Impact: Once connected to an internal network, an attacker without an account will attempt to guess passwords for valid users. The use of weak passwords makes this process much quicker and easier. Threat Assessment: Insecure password selection significantly shortens the amount of time required to crack a password. The majority of users pick passwords in very predicable ways; usually common words, places and names. Most policies enforce a number to be included, and users will usually place this at the end of the word and increment the number when a password change is forced. This practice makes it simple for hackers to compromise passwords, especially on a large network. Fix: Utilise passphrases; educate users on the risks and benefits
19.
Slide 19 ©
First Base Technologies 2016 Missing patches (56%) Impact: An attacker could exploit these vulnerabilities to gain access to the vulnerable servers, or prevent legitimate users from accessing the services provided. Threat Assessment: Missing patches provide attackers with a wide range of exploits, including SYSTEM level access and ultimately complete control of the system and the network. Fix: Regular patching cycle; test and audit regularly; ensure patching is applied to all third-party systems and devices as well as Windows systems.
20.
Slide 20 ©
First Base Technologies 2016 Default credentials (47%) Impact: An attacker on the internal network will use default credentials to attempt to authenticate to management interfaces and open services. Threat Assessment: Vulnerable devices included Dell Remote Access Controllers, SQL databases, Apache Tomcat servers, Cisco routers, Polycom video conferencing, HP switch managers. Unauthorised access to these services can result in sensitive data exfiltration and control of the entire network, often without detection. Fix: Replace all default credentials with strong passwords or passphrases; audit and test regularly.
21.
Slide 21 ©
First Base Technologies 2016 Default SNMP strings (44%) Impact: The information obtained via SNMP can assist an attack by identifying vulnerabilities and configuration problems. An attacker intercepting or brute-forcing valid read-write community strings will be able to change the configuration of any affected devices. Threat Assessment: An attacker requires a minimal level of technical knowledge in order to carry out this attack. Tools can be used to attempt interception of community strings on the network, or to brute-force valid strings since SNMP does not offer any lockout policies. Fix: Upgrade to the more secure SNMP version 3, or use complex, difficult-to-guess community strings; audit and test regularly
22.
Slide 22 ©
First Base Technologies 2016 Obsolete Windows OS (25%) Impact: The absence of Microsoft support implies that no new security patches for the products will be released. As a result, these operating systems are likely to contain security vulnerabilities. Furthermore, Microsoft is unlikely to investigate or acknowledge reports of vulnerabilities. Threat Assessment: This would be an attractive vector for opportunistic attackers and could result in exploitation of the underlying server and potentially the internal network. Fix: Update the OS, or firewall the vulnerable hosts; audit and test regularly.
23.
Slide 23 ©
First Base Technologies 2016 SMH vulnerabilities (16%) Info: HP System Management Homepage (SMH) is a web-based interface that manages servers running Microsoft Windows, Linux and HP-UX. SMH can also be used to access the HP Lights-Out Management processor on ProLiant and Integrity servers. Impact: Out-of-date versions of HP System Management Homepage are potentially affected by multiple vulnerabilities, including remote code execution, privilege escalation and web- based attacks. Threat Assessment: An attacker can perform actions on the application with the privilege level of the logged-on user, and potentially escalate these privileges. Fix: Update to the latest version of the software; audit and test regularly
24.
Slide 24 ©
First Base Technologies 2016 Insecure SMB Service (13%) Impact: Insecurely configured or unpatched SMB services can be exploited to gain full SYSTEM access to the underlying host. An attacker can exploit this vulnerability to escalate Windows privileges on the target and execute arbitrary commands as SYSTEM. Threat Assessment: These vulnerabilities, although technical in nature, have robust exploit code in the wild and are relatively easy to exploit. SMB is often the first service to attack within a Windows environment, as unpatched services can easily lead to not only system, but domain-wide, compromise. Fix: Apply up-to-date patches; ensure the 'Everyone' group does not have ChangeConf (DC), WDac, or WOwn permissions; audit and test regularly.
25.
Slide 25 ©
First Base Technologies 2016 Key attack vectors
26.
Slide 26 ©
First Base Technologies 2016 Phishing attacks Finding 1: 3,066 employees clicked on a link in a phishing email, and 2,398 users entered their username and password. Finding 2: An analysis of the compromised passwords from email phishing campaigns revealed single word-based passwords and 72% of passwords being 10 characters or less in length. Impact: Email phishing is the most prevalent cyber security threat to organisations. Passwords harvested grant the attacker access to external services, such as VPNs and OWA. Threat Assessment: Gaining access to these services can provide an attacker with full remote access into the network. Fix: Test, educate … test, educate … test, educate …
27.
Slide 27 ©
First Base Technologies 2016 Weak passwords Finding: Domain Admin accounts with a password of ‘password’ (and many similar poor passwords). Impact: An attacker can exploit this issue to gain privileged access to the domain and servers, which can be used to launch further, more damaging attacks. Threat Assessment: A brute-force attack is a common method of discovering valid credentials. To minimise the risk of detection by locking out accounts, an attacker would be likely to try one or two select passwords against a large number of accounts and it is likely that ‘password’ would be the first attempt. Fix: Utilise passphrases; implement password safes; educate IT staff and users on the risks and benefits; audit passwords regularly.
28.
Slide 28 ©
First Base Technologies 2016 Example external scenario 1 Service: SSL VPN, Citrix Vuln 1: No two-factor authentication Vuln 2: Weak passwords Method: Password guessing, social engineering Result: Persistent hostile access to internal network using legitimate credentials. Theft of sensitive information, massive financial or reputational damage.
29.
Slide 29 ©
First Base Technologies 2016 Example external scenario 2 Service: Web application Vuln 1: SQL injection Vuln 2: Plain-text passwords Method: SQL injection attack Result: Public exposure of all customer details and passwords, leading to major reputational damage
30.
Slide 30 ©
First Base Technologies 2016 Example insider scenario 1 Service: Windows Vuln: Weak passwords Method: Password guessing Result: Theft of sensitive information, fraud, data destruction or modification, massive financial or reputational damage.
31.
Slide 31 ©
First Base Technologies 2016 Example insider scenario 2 Service: Network devices / services Vuln: Default passwords Method: Google Result: Theft of sensitive information, fraud, data destruction or modification, massive financial or reputational damage.
32.
peter@firstbase.co.uk http://firstbase.co.uk twitter: @FBTechies Need more
information? Peter Wood Chief Executive Officer First Base Technologies LLP A CREST Member Company
Download now