etichal hacking in the tdl environment - entry point north · ethical hacking and pentests. 1....
TRANSCRIPT
![Page 1: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/1.jpg)
Etichal Hacking in the TDL environment
![Page 2: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/2.jpg)
![Page 3: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/3.jpg)
June 27th 2017…
![Page 4: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/4.jpg)
![Page 5: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/5.jpg)
![Page 6: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/6.jpg)
Some stats…
…In 2017 there were more than 5200 reported securitybreaches
…more than 7.8 Billion records stolenSource: RiskBased Security (www.riskbasedsecurity.com)
![Page 7: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/7.jpg)
The average cost of a malware attack on a company is $2,4 Million
![Page 8: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/8.jpg)
50 days is the average time to resolve a malicious insider attack
23 days to resolve a ransomware attack
![Page 9: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/9.jpg)
Online devices are hacked every day
• Webcams• Databases• ICS (Industrial Control Systems)• SCADA (Supervisory Control and Data Acquisition)• Network devices
![Page 10: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/10.jpg)
![Page 11: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/11.jpg)
![Page 12: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/12.jpg)
![Page 13: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/13.jpg)
![Page 14: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/14.jpg)
![Page 15: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/15.jpg)
Two types of hackers…+1
White Hat Black Hat
![Page 16: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/16.jpg)
The importance of White Hat Hacking
Something to think about during development
![Page 17: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/17.jpg)
TDL and C2 Systems
COTS hardware and software
Flaws and Vulnerabilities
![Page 18: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/18.jpg)
Misconfigurations
No Hardening
Supply chain
![Page 19: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/19.jpg)
Ethical hacking and pentests
![Page 20: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/20.jpg)
1. Planning & Preparation
2. Reconnaissance
3. Discovery
4. Analyzing information and risks
5. Active intrusion attempts
6. Final analysis
7. Report Preparation
![Page 21: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/21.jpg)
Fuzzing!
Definition: Fuzzing is the usually automatedprocess of entering random data into a
program and analyzing the results to findpotentially exploitable bugs.
![Page 22: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/22.jpg)
Security by Design!
”Security by design means that a system is constructed from start to finish with security in mind. With the base in a hardened platform.”
![Page 23: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/23.jpg)
The chain is not stronger than it´sweakest link…
Bad actors are still winning…
Weak enterprise cyber security…
…mistakes by inserting USB
![Page 24: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/24.jpg)
![Page 25: Etichal Hacking in the TDL environment - Entry Point North · Ethical hacking and pentests. 1. Planning & Preparation 2. Reconnaissance 3. Discovery 4. Analyzing information and risks](https://reader036.vdocuments.net/reader036/viewer/2022071210/602218b8ac9af63d986c0509/html5/thumbnails/25.jpg)
Patrik SolstenCombitech ABEmail: [email protected]: +46 73 446 02 53