Etichal Hacking in the TDL environment
Etichal Hacking in the TDL environment
June 27th 2017…
Some stats…
…In 2017 there were more than 5200 reported securitybreaches
…more than 7.8 Billion records stolenSource: RiskBased Security (www.riskbasedsecurity.com)
The average cost of a malware attack on a company is $2,4 Million
50 days is the average time to resolve a malicious insider attack
23 days to resolve a ransomware attack
Online devices are hacked every day
• Webcams• Databases• ICS (Industrial Control Systems)• SCADA (Supervisory Control and Data Acquisition)• Network devices
Two types of hackers…+1
White Hat Black Hat
The importance of White Hat Hacking
Something to think about during development
TDL and C2 Systems
COTS hardware and software
Flaws and Vulnerabilities
Misconfigurations
No Hardening
Supply chain
Ethical hacking and pentests
1. Planning & Preparation
2. Reconnaissance
3. Discovery
4. Analyzing information and risks
5. Active intrusion attempts
6. Final analysis
7. Report Preparation
Fuzzing!
Definition: Fuzzing is the usually automatedprocess of entering random data into a
program and analyzing the results to findpotentially exploitable bugs.
Security by Design!
”Security by design means that a system is constructed from start to finish with security in mind. With the base in a hardened platform.”
The chain is not stronger than it´sweakest link…
Bad actors are still winning…
Weak enterprise cyber security…
…mistakes by inserting USB
Patrik SolstenCombitech ABEmail: [email protected]: +46 73 446 02 53