SlideShare ist ein Scribd-Unternehmen logo

Red teaming in the cloud

Als PPTX, PDF herunterladen
Peter Wood
Peter Wood

Red Teaming in the Cloud

Internet
1 von 19
Peter Wood Chief Executive Officer First Base Technologies LLP Red Teaming in the Cloud
Slide 2 © First Base Technologies 2016 Founder and CEO - First Base Technologies LLP • Engineer, IT and information security professional since 1969 • Fellow of the BCS, Chartered IT Professional, CISSP • Senior Member of the Information Systems Security Association • 15 Year+ Member of ISACA, ISACA Security Advisory Group • Member of the Institute of Information Security Professionals • Chair of white-hats.co.uk • Chair of OTIS (Operational Technology and IoT Security) • Member of ACM, IEEE, First Forensic Forum, Institute of Directors, Mensa
Slide 3 © First Base Technologies 2016
Slide 4 © First Base Technologies 2016 What was advanced is now average • Well planned, strategic approach • Automation assisted manual attacks • Social engineering, especially phishing • Sophisticated malware • Clear objectives • Lots of resources The enemy
Slide 5 © First Base Technologies 2016 To counter these attacks, we need threat-based thinking • Who is attacking what and how? • Where do we know we are vulnerable? • What can we fix right now? • Conduct a red team exercise • Fix the problems we found • Check our fixes work • Wash, rinse, repeat The defence
Slide 6 © First Base Technologies 2016 http://csrc.nist.gov/cyberframework/rfi_comments/040813_cba_part2.pdf • Understand each attacker’s capability, motivation and methodologies • Analyse the likely impact to help prioritise • Design relevant scenarios • Execute red team exercises • Assess protective controls • Evaluate detective controls The method
Slide 7 © First Base Technologies 2016 The strategy
Slide 8 © First Base Technologies 2016 Cloud computing metaphor: For a user, the network elements representing the provider-rendered services are invisible, as if obscured by a cloud https://en.wikipedia.org/wiki/Cloud_computing Image by Sam Johnston (includes Computer.svg by Sasa Stefanovic)
Slide 9 © First Base Technologies 2016 What assets will threat actors be interested in? • Money • Intellectual property • Identities • Databases • Intercepts • Network access • Control systems
Slide 10 © First Base Technologies 2016 What is the most attractive approach? (Needs to be: easiest, cheapest, lowest risk, best success rate …) • Break into the cloud • Infiltrate the provider • Infiltrate the customer • Intercept traffic • Trick the user
Slide 11 © First Base Technologies 2016 What is the most attractive approach? (Needs to be: easiest, cheapest, lowest risk, best success rate …) • Break into the cloud • Infiltrate the provider • Infiltrate the customer • Intercept traffic • Trick the user
Slide 12 © First Base Technologies 2016 Why is it the most attractive approach? • Login from anywhere • Browser access • Single factor authentication • No intruder detection • No physical security • Legitimate credentials • Good chance of privilege escalation
Slide 13 © First Base Technologies 2016 Example methodologies • Spear phishing • Social networking • Watering hole attacks • Telephone social engineering • Theft of device • USB device • Charging points • Public computers • WiFi intercepts How they think
Slide 14 © First Base Technologies 2016 • 4 registered domains • 5 IP address ranges • 72 Internet-facing hosts • Scan revealed OWA in use • LinkedIn search for relevant email addresses • 400 email addresses identified • Staff names and job titles analysed • Emails sent to obtain responding email style and layout Reconnaissance
Slide 15 © First Base Technologies 2016 • Convincing fake domain name available and purchased • OWA site cloned onto fake domain for credential theft • Large number of email addresses harvested as targets • Design of real emails copied to facilitate spear phishing • Names and job titles gathered as fake senders • Genuine OWA will be used to test stolen credentials (and gather further info) Planning
Slide 16 © First Base Technologies 2016 • Email sent from IT manager, using fake domain address • OWA cloned on to tester’s laptop, DNS set accordingly • Email sent to three groups of 100 recipients • Within a few minutes, 41 recipients entered credentials • Credentials tested on legitimate OWA site • Significant information gathered from each account • Further emails can now be sent from legitimate addresses Execution
Slide 17 © First Base Technologies 2016 Single-factor authentication may not be your best choice • We cracked 48% of 9,569 passwords • 98% of these passwords were cracked within two hours • The remaining 2% were cracked over the course of one week Passwords – really?
Slide 18 © First Base Technologies 2016 Invest in your human firewall • Train your staff to recognise social engineering attacks • Explain the why and how of passphrases • Invest in continual awareness campaigns • Use every medium available to spread the word Enable your best defence
Peter Wood Chief Executive Officer First Base Technologies LLP peter@firstbase.co.uk www.firstbase.co.uk twitter: @FBTechies +44 (0)1273 454525 Need more information?

Empfohlen

Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
Peter Wood
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
Peter Wood
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
Peter Wood
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
Sophos Benelux
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
centralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
Advanced Technology Consulting (ATC)
 

Empfohlen

Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
Peter Wood
 
All your files now belong to us
All your files now belong to usAll your files now belong to us
All your files now belong to us
Peter Wood
 
The future of cloud security
The future of cloud securityThe future of cloud security
The future of cloud security
Peter Wood
 
The EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organizationThe EU Data Protection Regulation and what it means for your organization
The EU Data Protection Regulation and what it means for your organization
Sophos Benelux
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
centralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
Advanced Technology Consulting (ATC)
 
Readying your IT Infrastructure for Cloud
Readying your IT Infrastructure for CloudReadying your IT Infrastructure for Cloud
Readying your IT Infrastructure for Cloud
RH
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
Jason Bloomberg
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa
 
Checkpoint ccsa r76
Checkpoint ccsa r76Checkpoint ccsa r76
Checkpoint ccsa r76
Vaibhav Agrawal
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
centralohioissa
 
Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby
 
Login cat tekmonks - v3
Login cat tekmonks - v3Login cat tekmonks - v3
Login cat tekmonks - v3
TEKMONKS
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
michaelbasoah
 
The Cloud Security Rules
The Cloud Security RulesThe Cloud Security Rules
The Cloud Security Rules
Kai Roer
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
centralohioissa
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecurity
nathan-axonius
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
Zscaler
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
UthsoNandy
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
How can you deliver a secure product
How can you deliver a secure productHow can you deliver a secure product
How can you deliver a secure product
Michael Furman
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
Peter Wood
 
Fixing the broken Red Team
Fixing the broken Red TeamFixing the broken Red Team
Fixing the broken Red Team
David Warley
 

Weitere ähnliche Inhalte

Was ist angesagt?

The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
Jason Bloomberg
 
Checkpoint ccsa r76
Checkpoint ccsa r76Checkpoint ccsa r76
Checkpoint ccsa r76
Vaibhav Agrawal
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
michaelbasoah
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
Zscaler
 

Was ist angesagt? (20)

Readying your IT Infrastructure for Cloud
Readying your IT Infrastructure for CloudReadying your IT Infrastructure for Cloud
Readying your IT Infrastructure for Cloud
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Checkpoint ccsa r76
Checkpoint ccsa r76Checkpoint ccsa r76
Checkpoint ccsa r76
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016Tim Willoughby presentation to cloud workshop 2016
Tim Willoughby presentation to cloud workshop 2016
 
Login cat tekmonks - v3
Login cat tekmonks - v3Login cat tekmonks - v3
Login cat tekmonks - v3
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
 
The Cloud Security Rules
The Cloud Security RulesThe Cloud Security Rules
The Cloud Security Rules
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for CybersecurityThe 1st Step to Zero Trust: Asset Management for Cybersecurity
The 1st Step to Zero Trust: Asset Management for Cybersecurity
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
How can you deliver a secure product
How can you deliver a secure productHow can you deliver a secure product
How can you deliver a secure product
 

Andere mochten auch

Welcome to Strategic Red Team Consulting
Welcome to Strategic Red Team ConsultingWelcome to Strategic Red Team Consulting
Welcome to Strategic Red Team Consulting
Fred Aubin, CD MCGI
 
Final Report Presentation Team Red O
Final Report Presentation Team Red OFinal Report Presentation Team Red O
Final Report Presentation Team Red O
Xu Bim
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Hykeos
 

Andere mochten auch (13)

Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
 
Fixing the broken Red Team
Fixing the broken Red TeamFixing the broken Red Team
Fixing the broken Red Team
 
Welcome to Strategic Red Team Consulting
Welcome to Strategic Red Team ConsultingWelcome to Strategic Red Team Consulting
Welcome to Strategic Red Team Consulting
 
Advanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team ExerciseAdvanced Threat Protection: Lessons from a Red Team Exercise
Advanced Threat Protection: Lessons from a Red Team Exercise
 
Strategic Red Team Consulting - Company Intro - Jan 2014
Strategic Red Team Consulting - Company Intro - Jan 2014Strategic Red Team Consulting - Company Intro - Jan 2014
Strategic Red Team Consulting - Company Intro - Jan 2014
 
Pentesting
PentestingPentesting
Pentesting
 
Final Report Presentation Team Red O
Final Report Presentation Team Red OFinal Report Presentation Team Red O
Final Report Presentation Team Red O
 
mimikatz @ asfws
mimikatz @ asfwsmimikatz @ asfws
mimikatz @ asfws
 
Pentesting with Metasploit
Pentesting with MetasploitPentesting with Metasploit
Pentesting with Metasploit
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
 
Strategic Red Team Consulting - Introduction to Business Wargaming
Strategic Red Team Consulting - Introduction to Business WargamingStrategic Red Team Consulting - Introduction to Business Wargaming
Strategic Red Team Consulting - Introduction to Business Wargaming
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at you
 

Ähnlich wie Red teaming in the cloud

Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
TechWell
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 

Ähnlich wie Red teaming in the cloud (20)

Attacking the cloud with social engineering
Attacking the cloud with social engineeringAttacking the cloud with social engineering
Attacking the cloud with social engineering
 
Cogeco Peer1
Cogeco Peer1Cogeco Peer1
Cogeco Peer1
 
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World VulnerabilitiesPragmatic Network Security - Avoiding Real-World Vulnerabilities
Pragmatic Network Security - Avoiding Real-World Vulnerabilities
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skill
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
Practical Defense
Practical DefensePractical Defense
Practical Defense
 
EasyStack True Private Cloud | Quek Keng Oei
EasyStack True Private Cloud | Quek Keng OeiEasyStack True Private Cloud | Quek Keng Oei
EasyStack True Private Cloud | Quek Keng Oei
 
Network security
Network securityNetwork security
Network security
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs UtrechtDavid Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
David Burg, Infosecurity.nl, 3 november, Jaarbeurs Utrecht
 
ch07-Security.pptx
ch07-Security.pptxch07-Security.pptx
ch07-Security.pptx
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber Security
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
C days2015
C days2015C days2015
C days2015
 

Mehr von Peter Wood

The Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a HackerThe Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a Hacker
Peter Wood
 

Mehr von Peter Wood (20)

Hacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilitiesHacking is easy: understanding your vulnerabilities
Hacking is easy: understanding your vulnerabilities
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!Cloud, social networking and BYOD collide!
Cloud, social networking and BYOD collide!
 
Unpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's ViewUnpatched Systems: An Ethical Hacker's View
Unpatched Systems: An Ethical Hacker's View
 
Prime Targets in Network Infrastructure
Prime Targets in Network InfrastructurePrime Targets in Network Infrastructure
Prime Targets in Network Infrastructure
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
 
Out of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day ThreatsOut of the Blue: Responding to New Zero-Day Threats
Out of the Blue: Responding to New Zero-Day Threats
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised Environment
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security Landscape
 
The Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a HackerThe Ultimate Defence - Think Like a Hacker
The Ultimate Defence - Think Like a Hacker
 
Security Testing in an Age of Austerity
Security Testing in an Age of AusteritySecurity Testing in an Age of Austerity
Security Testing in an Age of Austerity
 
Use of Personal Email for Business
Use of Personal Email for BusinessUse of Personal Email for Business
Use of Personal Email for Business
 

Kürzlich hochgeladen

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
gragchanchal546
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
kumargunjan9515
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 

Kürzlich hochgeladen (20)

Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirtsDown bad crying at the gym t shirts
Down bad crying at the gym t shirtsDown bad crying at the gym t shirts
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptxResearch Assignment - NIST SP800 [172 A] - Presentation.pptx
Research Assignment - NIST SP800 [172 A] - Presentation.pptx
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
South Bopal [ (Call Girls) in Ahmedabad ₹7.5k Pick Up & Drop With Cash Paymen...
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 

Red teaming in the cloud

  • 1. Peter Wood Chief Executive Officer First Base Technologies LLP Red Teaming in the Cloud
  • 2. Slide 2 © First Base Technologies 2016 Founder and CEO - First Base Technologies LLP • Engineer, IT and information security professional since 1969 • Fellow of the BCS, Chartered IT Professional, CISSP • Senior Member of the Information Systems Security Association • 15 Year+ Member of ISACA, ISACA Security Advisory Group • Member of the Institute of Information Security Professionals • Chair of white-hats.co.uk • Chair of OTIS (Operational Technology and IoT Security) • Member of ACM, IEEE, First Forensic Forum, Institute of Directors, Mensa
  • 3. Slide 3 © First Base Technologies 2016
  • 4. Slide 4 © First Base Technologies 2016 What was advanced is now average • Well planned, strategic approach • Automation assisted manual attacks • Social engineering, especially phishing • Sophisticated malware • Clear objectives • Lots of resources The enemy
  • 5. Slide 5 © First Base Technologies 2016 To counter these attacks, we need threat-based thinking • Who is attacking what and how? • Where do we know we are vulnerable? • What can we fix right now? • Conduct a red team exercise • Fix the problems we found • Check our fixes work • Wash, rinse, repeat The defence
  • 6. Slide 6 © First Base Technologies 2016 http://csrc.nist.gov/cyberframework/rfi_comments/040813_cba_part2.pdf • Understand each attacker’s capability, motivation and methodologies • Analyse the likely impact to help prioritise • Design relevant scenarios • Execute red team exercises • Assess protective controls • Evaluate detective controls The method
  • 7. Slide 7 © First Base Technologies 2016 The strategy
  • 8. Slide 8 © First Base Technologies 2016 Cloud computing metaphor: For a user, the network elements representing the provider-rendered services are invisible, as if obscured by a cloud https://en.wikipedia.org/wiki/Cloud_computing Image by Sam Johnston (includes Computer.svg by Sasa Stefanovic)
  • 9. Slide 9 © First Base Technologies 2016 What assets will threat actors be interested in? • Money • Intellectual property • Identities • Databases • Intercepts • Network access • Control systems
  • 10. Slide 10 © First Base Technologies 2016 What is the most attractive approach? (Needs to be: easiest, cheapest, lowest risk, best success rate …) • Break into the cloud • Infiltrate the provider • Infiltrate the customer • Intercept traffic • Trick the user
  • 11. Slide 11 © First Base Technologies 2016 What is the most attractive approach? (Needs to be: easiest, cheapest, lowest risk, best success rate …) • Break into the cloud • Infiltrate the provider • Infiltrate the customer • Intercept traffic • Trick the user
  • 12. Slide 12 © First Base Technologies 2016 Why is it the most attractive approach? • Login from anywhere • Browser access • Single factor authentication • No intruder detection • No physical security • Legitimate credentials • Good chance of privilege escalation
  • 13. Slide 13 © First Base Technologies 2016 Example methodologies • Spear phishing • Social networking • Watering hole attacks • Telephone social engineering • Theft of device • USB device • Charging points • Public computers • WiFi intercepts How they think
  • 14. Slide 14 © First Base Technologies 2016 • 4 registered domains • 5 IP address ranges • 72 Internet-facing hosts • Scan revealed OWA in use • LinkedIn search for relevant email addresses • 400 email addresses identified • Staff names and job titles analysed • Emails sent to obtain responding email style and layout Reconnaissance
  • 15. Slide 15 © First Base Technologies 2016 • Convincing fake domain name available and purchased • OWA site cloned onto fake domain for credential theft • Large number of email addresses harvested as targets • Design of real emails copied to facilitate spear phishing • Names and job titles gathered as fake senders • Genuine OWA will be used to test stolen credentials (and gather further info) Planning
  • 16. Slide 16 © First Base Technologies 2016 • Email sent from IT manager, using fake domain address • OWA cloned on to tester’s laptop, DNS set accordingly • Email sent to three groups of 100 recipients • Within a few minutes, 41 recipients entered credentials • Credentials tested on legitimate OWA site • Significant information gathered from each account • Further emails can now be sent from legitimate addresses Execution
  • 17. Slide 17 © First Base Technologies 2016 Single-factor authentication may not be your best choice • We cracked 48% of 9,569 passwords • 98% of these passwords were cracked within two hours • The remaining 2% were cracked over the course of one week Passwords – really?
  • 18. Slide 18 © First Base Technologies 2016 Invest in your human firewall • Train your staff to recognise social engineering attacks • Explain the why and how of passphrases • Invest in continual awareness campaigns • Use every medium available to spread the word Enable your best defence
  • 19. Peter Wood Chief Executive Officer First Base Technologies LLP peter@firstbase.co.uk www.firstbase.co.uk twitter: @FBTechies +44 (0)1273 454525 Need more information?