The presentation will be about real examples of redteam attacks targeted at Polish customers. We will show the advantages and disadvantages of certain type of attacks and our failures and successes. We will summarize the most important best practices to protect against a redteam and good advices on how to attack effectively and be more stealthly.

1. Borys Łącki
Red teaming in Poland
28.04.2017

2. > 10 years of penetration tests
We test security and protect Customers resources.
Borys Łącki

4. Red teaming

5. ●Goals
●Principles
●Communication
●People
●Hours
●IP addresses
●Emergency plans
Red teaming - rules

6. ●Plan
●Reconnasaince
●Attack
Red teaming - actions

7. Phishing
30% within 15 minutes
65%, 90%, 40% - test your company!

8.  password: I w**l f***i** k**l y*u
 DDoS
 CC vc BCC - reconnaissance! #fail
 Firewall – global!
 „Running employee”
Phishing - incident management

9. Malicious software

10. Malicious software

11. ●IT launches the attachment
●2 x AV
●HR Department → source codes
Malicious software

12. Internet - Quake 1

13. Corporate network
● CMS – demo account
● SSH: tomcat7/tomcat7
● Redundant resource: test image - VM
● The same password applies to Windows server
● Error WWW -> local admin
● Schema of password creation
● Admin account AD
● VMware – admin console

14. Physical security

15. Well-prepared story

16. Access control systems x 2

17. Office space

18. Meeting room

19. Server room

20. Summary
Effective attack is a matter
of time and money
Increase costs of the attackers!
Security is a process. :)

21. Summary
● Report
● Education platform
https://SecurityInside.pl/en
● Presentation for the employees
● Discussion

22. Defense - Communication
● Problems detecting
– SIEM, IDS, IPS, Correlation of data, CallCenter
● Training of the employees
– Education based on practice and case studies
● Incident management (communication)
– Technology, people, risk analysis

23. Defense - Processes
● Computer forensics
– Evidences, analysis of malicious software
● Changes implementation
– Critical updates, vulnerability life span
● Hardening environments, slowing down
the attackers
– Reconfiguration, reaction on the incident

24. Defense
● WWW, FTP, E-mail, SMTP – Proxy (Hardening)
● Configuration of workstations (Application Whitelisting, GPO,
password manager)
● USB WhiteListing
● Authentication – 2FA
● Documentation
● Physical security
● Servers hardening (redundant resources and permissions)
● Confidential data encryption

25. Additional materials in polish
Videos:
APT x 3 - wybrane studium przypadków
Darmowe narzędzia wspomagające proces zabezpieczania Twojej firmy
Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy zaproszenie dla cyberprzestępców?
Narzędzia do zautomatyzowanego testowania bezpieczeństwa
OWASP Top10 Najpopularniejsze błędy bezpieczeństwa aplikacji WWW
Podstawowy arsenał testera bezpieczeństwa aplikacji WWW
Free education:
https://quiz.securityinside.pl
https://quiz2.securityinside.pl
http://sprawdzpesel.pl
http://sprawdzkontobankowe.pl
https://pixabay.com/en/ - Photos
https://www.iconfinder.com/Vecteezy - Icons

26. https://z3s.pl/szkolenia/
https://securityinside.pl
Attack and defense:
● Security of web applications
● Security of mobile applications
-20%
Expires after 31.337 days
Password: xioM6yah
Trainings – discount

27. Thank you
for your attention
Borys Łącki
b.lacki@logicaltrust.net
Questions?