It's Okay To Touch Yourself! DerbyCon 2013 Ben Ten (@Ben0xA)
Oct 31, 2014
It's Okay To Touch Yourself!
DerbyCon 2013
Ben Ten(@Ben0xA)
About Me
●12+ years experience in Health CareInformation Systems
●Vice President & Security Officer●Developer (Builder)●Security Consultant, Trainer
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
About Me
●Federal Regulation Compliance Oversight (HIPAA, HITECH, PCI, Meaningful Use, Red Flag)
●Manager●Gamer●Love Science Fiction
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Overview
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
This talk is SFW!
Overview
●State of Breach Detection●What is a Self Assessment●Performing Fire Drills●Pitfalls to Avoid●Tools●Acknowledgments●Q&A
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#10
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#9
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#8
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#7
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#6
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#5
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#4
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#3
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#2
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#1
Why This Talk? Why Me?
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
A @dave_rel1k story...
Why This Talk? Why Me?
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
64% of businesses did not detect they had a breach
until after 90 days!
Source: 2013 Global Security Report ~ Trustwavehttps://www2.trustwave.com/2013GSR.html
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Approximately 70% of breaches were discovered
by external parties who then notified the victim.
Source: 2013 Data Breach Investigations Report ~ Verizonhttp://www.verizonenterprise.com/DBIR/2013/
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Source: 2013 Data Breach Investigations Report ~ Verizonhttp://www.verizonenterprise.com/DBIR/2013/
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
But we have these tools!!!11!!!two
●SIEM●DLP●IDS/IPS●Logs
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
So, what's the problem?
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●Poorly implemented tools
●Lack of implemented tools
●Or maybe it's a perception issue...
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Security by Obscurity
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Security by Vicinity
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Security by Divinity
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
It's time to get intimate with your...network!
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
At the very least, the critical parts of your network!
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
PTES – An Intro
● Pre-engagement Interactions● Intelligence Gathering● Threat Modeling● Vulnerability Analysis● Exploitation● Post Exploitation● Reporting
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
● Pre-engagement Interactions● Intelligence Gathering● Threat Modeling● Vulnerability Analysis● Exploitation● Post Exploitation● Reporting
PTES – An Intro
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability_Analysis
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability_Analysis
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability_Analysis
DISCLAIMER
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●I am not a professional penetration tester. But, I am staying at the Hyatt.
●Do not attempt anything on any network unless you have written permission!
●Do not do this on production first. Use a test environment!
DISCLAIMER
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
DISCLAIMER
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Getting Intimate
Know your Ports!
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Getting Intimate
Know your Logs!
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Getting Intimate
Know your Software!
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
https://www2.trustwave.com/cpn-hackers-playbook-2013-sm.html
Self Assessment
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Tools● NeXpose (Rapid7)
● Nessus (Tenable)
● BurpSuite
● Health Monitor
● nmap/zenmap
● ninite
Fire Drills
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Why?
Fire Drills
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
● Are your tools working?
● Does your team react appropriately?
● What is happening during that nmap,nexpose, nessus, scan?
● What's the Incident Response plan and is itworking?
Pitfalls to Avoid
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
● Verify Scope!
● Start Small / Focused
● Be wary of untested tools!
● Secure your results
● Don't DoS yourself
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
“[T]he ultimate goal should be to develop an environment in which
security events are discovered innately—by both responsible
security professionals or others in the organization.”
Source: 2013 Global Security Report ~ Trustwavehttps://www2.trustwave.com/2013GSR.html
New Tool
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
My Big Security Idea!
New Tool
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
New Tool
Will Steele @pen_test
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
New Tool
Conclusion
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
In Conclusion
Acknowledgments
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●@securitymoey●@jwgoerlich●@jaysonstreet●@elizmmartin●@rogueclown●@dualcoremusic●@derbycon
Conclusion
PoshSec Developers
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●@mwjohnson●@jwgoerlich●@securitymoey●@mortprime●@rjcassara●@PoshSec
Conclusion
PoshSec Framework - Beta
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
http://github.com/poshsec/poshsecframework
Conclusion
View the ReadMe!
Contact Information
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●@Ben0xA●Ben0xA on Freenode (IRC)●[email protected]●http://ben0xa.com●http://github.com/Ben0xA●http://github.com/PoshSec
Questions?
Conclusion
Thank You!
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Conclusion