|
Jarrod Frates Inguardians @jarrodfrates “Skittering Through Networks” Ms. Berlin in Germany - How’d it go? TinkerSec’s story: https://threadreaderapp.com/thread/1063423110513418240.html Takeaways Blue Team: - Least Privilege Model - Least Access Model “limited remote access to only a small number of IT personnel” “This user didn't need Citrix, so her Citrix linked to NOTHING” “They limited access EVEN TO LOCAL ADMINS!” - Multi-Factor Authentication - Simple Anomaly Rule Fires “Finance doesn’t use Powershell” - Defense in Depth “moving from passwords to pass phrases…” “Improper disposal of information assets” Red Team: - Keep Trying - Never Assume - Bring In Help - Luck Favors the Prepared - Adapt and Overcome Before the Test - Talk it over with stakeholders: Reasons, goals, schedules
- Report is the product: Get samples
- Who, what, when, where, why, how
- Talk to testers (and clients, if you can find them)
-
- Ask questions
- Look for past defensive experience and understanding of your needs
-
- Bonus points if they interview you as a client
- Red flags: Pwning is all they talk about, they set no-crash guarantees, send info in the clear
- Define the scope: Test type(s), inclusions, exclusions, permissions, accounts
- Test in ‘test/dev’, NOT PROD
- Social Engineering: DO THIS. Yes, you’re vulnerable. DO IT ANYWAY.
During the Test - Comms: Keep in contact with the testers
-
- Status reports (if the engagement is long enough)
- Have an established method for escalation
- Have an open communication style --brbr (WeBrBrs)
- Ask questions, but let the testers do their jobs
- Be available and ready to address critical events
- Keep critical stakeholders informed
- Watch your network: things break, someone else may be getting in, capture packets(?)
After the Test - Getting Results:
-
- Report delivered securely
- Initial summary: How far did they get?
- Actual report
-
- Written for multiple levels
- No obvious copy/paste
- Read, understand, provide feedback, and get revised version
- Next steps:
-
- Don’t blame anyone unnecessarily
- Start planning with stakeholders on fixes
- Contact vendors, educate staff
- Reacting to report
- Sabotaging your test
- Future testing
Ms. Berlin’s Legit business - Mental Health Hackers CFP for Bsides Seattle (Deadline: 26 November 2018) http://www.securitybsides.com/w/page/129078930/BsidesSeattle2019 CFP for BsidesNash https://twitter.com/bsidesnash/status/1063084215749787649 Closes Dec 31 Teaching a class in Seattle for SANS (SEC504) - need some students! Reach out to me for more information. Looking to do this at the end of February through March heck out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec |
.png)
More
Religion & Spirituality
Education
Arts and Design
Health
Fashion & Beauty
Government & Organizations
Kids & family
Music
News & Politics
Science & Medicine
Society & Culture
Sports & Recreation
TV & Film
Technology
Philosophy
Storytelling
Horror and Paranomal
True Crime
Leisure
Travel
Fiction
Crypto
Marketing
History
Comedy
Arts
Games & Hobbies
Business
Motivation