Hacking vs. Cyber Hacking is a single battle, Cyber attack is part of warfare Iftach Ian Amit | Director of Services, IOActive inc.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Hacking vs. Cyber
Hacking is a single battle, Cyber attack is part of warfare
Iftach Ian Amit | Director of Services, IOActive inc.
About
Hacking
Hacking
Hacking• How it looks like in the industry:
– Vulnerability Assessments– Penetration Testing– Code Reviews
– Other marketing terminology (that may involve the term “cyber” by mistake)
Hacking• Features:
– Usually a single target– Surface of attack – shallow (opportunistic)– Tools/Techniques: common, or simple development effort
• Motivation:– Financial– Political– Challenge
• Defenses:– Anti-Virus, Firewalls, WAF, IDS, IPS, etc…– Really ???
Cyber Attack
Warfare
Cyber Attack
Warfare• So… how does your “cyber” work out so far?• Confused yet?
• Good.
Warfare
This isn’t about computers anymore!
Hint – it never was.
Cyber Warfare• As the name suggests – it’s part of a bigger picture. Warfare.
• Warfare is never fought in a single domain (unless you want to lose…)
• Physical• Social• Intelligence• Electronic
These are the domains that cyberwar is engaged in
Hack into the server farm?
Or just take the server (hack into the server room…)
Bypass the firewall?
Nope. I’ll just walk into the network…
Or let you install my backdoor for me:
Social
Social-Electronic convergence
Intelligence
Check outGuy’s talkRight after this!
Final convergence – Electronic/Digital• Here’s your “cyber”…
• Profiling, intel gathering, reconnaissance• Vulnerability research (not just software!)• Exploitation• Establishing control, opening comm channels,
broadening foothold• Targeting assets• Exfiltration
The new language: Campaign
In ALL domains!
Cyber Warfare• Features:
– Multiple strategic targets– Surface of attack – full– Tools/Techniques: all, including all domains, and often with custom built tools
• Motivation:– Financial– Political
• Defenses:– Strategic Defense in Depth (not vendor products)– Awareness and Education (the human factor)– Coverage of all domains at the defense strategy
Practicing “cyber” – Red Team Testing
Writing
Hands-on
HomeworkPre-
engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis Exploitation Post
Exploitation
Reporting
Hacking vs. Cyber
China always had it right
Related Documents
