Etichal Hacking in the TDL environment

June 27th 2017…

Some stats…

…In 2017 there were more than 5200 reported securitybreaches

…more than 7.8 Billion records stolenSource: RiskBased Security (www.riskbasedsecurity.com)

The average cost of a malware attack on a company is $2,4 Million

50 days is the average time to resolve a malicious insider attack

23 days to resolve a ransomware attack

Online devices are hacked every day

• Webcams• Databases• ICS (Industrial Control Systems)• SCADA (Supervisory Control and Data Acquisition)• Network devices

Two types of hackers…+1

White Hat Black Hat

The importance of White Hat Hacking

Something to think about during development

TDL and C2 Systems

COTS hardware and software

Flaws and Vulnerabilities

Misconfigurations

No Hardening

Supply chain

Ethical hacking and pentests

1. Planning & Preparation

2. Reconnaissance

3. Discovery

4. Analyzing information and risks

5. Active intrusion attempts

6. Final analysis

7. Report Preparation

Fuzzing!

Definition: Fuzzing is the usually automatedprocess of entering random data into a

program and analyzing the results to findpotentially exploitable bugs.

Security by Design!

”Security by design means that a system is constructed from start to finish with security in mind. With the base in a hardened platform.”

The chain is not stronger than it´sweakest link…

Bad actors are still winning…

Weak enterprise cyber security…

…mistakes by inserting USB

Patrik SolstenCombitech ABEmail: patrik.solsten@combitech.sePhone: +46 73 446 02 53