Borys Łącki

Red teaming in Poland

28.04.2017

> 10 years of penetration tests

We test security and protect Customers resources.

Borys Łącki

Red teaming

●Goals●Principles●Communication●People●Hours●IP addresses●Emergency plans

Red teaming - rules

●Plan●Reconnasaince●Attack

Red teaming - actions

Phishing

30% within 15 minutes

65%, 90%, 40% - test your company!

password: I w**l f***i** k**l y*u

DDoS

CC vc BCC - reconnaissance! #fail

Firewall – global!

„Running employee”

Phishing - incident management

Malicious software

Malicious software

●IT launches the attachment

●2 x AV

●HR Department → source codes

Malicious software

Internet - Quake 1

Corporate network● CMS – demo account

● SSH: tomcat7/tomcat7

● Redundant resource: test image - VM

● The same password applies to Windows server

● Error WWW -> local admin

● Schema of password creation

● Admin account AD

● VMware – admin console

Physical security

Well-prepared story

Access control systems x 2

Office space

Meeting room

Server room

Summary

Effective attack is a matter of time and money

Increase costs of the attackers!

Security is a process. :)

Summary

● Report● Education platform

https://SecurityInside.pl/en● Presentation for the employees● Discussion

Defense - Communication

● Problems detecting– SIEM, IDS, IPS, Correlation of data, CallCenter

● Training of the employees– Education based on practice and case studies

● Incident management (communication)– Technology, people, risk analysis

Defense - Processes

● Computer forensics – Evidences, analysis of malicious software

● Changes implementation– Critical updates, vulnerability life span

● Hardening environments, slowing down the attackers– Reconfiguration, reaction on the incident

Defense

● WWW, FTP, E-mail, SMTP – Proxy (Hardening)

● Configuration of workstations (Application Whitelisting, GPO, password manager)

● USB WhiteListing

● Authentication – 2FA

● Documentation

● Physical security

● Servers hardening (redundant resources and permissions)

● Confidential data encryption

Additional materials in polishVideos:

APT x 3 - wybrane studium przypadków

Darmowe narzędzia wspomagające proces zabezpieczania Twojej firmy

Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy zaproszenie dla cyberprzestępców?

Narzędzia do zautomatyzowanego testowania bezpieczeństwa

OWASP Top10 Najpopularniejsze błędy bezpieczeństwa aplikacji WWW

Podstawowy arsenał testera bezpieczeństwa aplikacji WWW

Free education:

https://quiz.securityinside.pl

https://quiz2.securityinside.pl

http://sprawdzpesel.pl

http://sprawdzkontobankowe.pl

https://pixabay.com/en/ - Photos

https://www.iconfinder.com/Vecteezy - Icons

https://z3s.pl/szkolenia/https://securityinside.pl

Attack and defense:● Security of web applications● Security of mobile applications

-20%Expires after 31.337 days

Password: xioM6yah

Trainings – discount

Thank you for your attention

Borys Łącki

b.lacki@logicaltrust.net

Questions?