wuerthphoenix neteye presentation
TRANSCRIPT
1
2… more than software© Würth Phoenix – December 2020
OUR PORTFOLIO
ERPIT System &
Service MGMTCRM
Business intelligence
CyberSECURITY
BUSINESSCONSULTING
SYSTEMINTEGRATION
PROJECTMANAGEMENT
SOFTWAREDEVELOPMENT
TRAINING SUPPORT
2
3
DATA & FACTS
3© Würth Phoenix
10.467.311.280 pwned accounts
2020
90% malware
comes from email
Over 43 billion yearly spent
Threatsconstantly evolving
75% of violations
are caused by human error
… more than software
Cybercrime will never end because it is profitable and low risk
4
CYBER SECURITY
4© Würth Phoenix
OFFENSIVE
PENETRATION TEST
SOCIAL ENGINEERING
RED TEAMING
DEFENSIVE
PASSWORD AUDIT
EXPOSURE ASSESSMENT
VULNERABILITY ASSESSMENT
GAP ANALYSIS
SECURITY TRAINING
OneTime | SaaS | SaaS&Managed
OneTime | On-Prem
… more than software
55© Würth Phoenix
EXPOSURE ASSESSMENTOne Time | SaaS | SaaS & Managed
DEFENSIVE
6
Verification of exposed resources
Reproduction of the attacker's point of view
Reconnaissance phase simulation
Mitigation and remediation actions
WHAT
EXPOSURE ASSESSMENT | One Time
6© Würth Phoenix D E F E N S I V E
OSINT
7
EXPOSURE ASSESSMENT | One Time
7© Würth Phoenix D E F E N S I V E
HOW
Company inputs collection
Objects collection
Research of weaknesses
Research of correlations
Creation of a detailed report
Report presentation
Domain(s) | Keywords
Hostnames | IP addresses | Account e-mail
Remotely
8
EXPOSURE ASSESSMENT | One Time
8© Würth Phoenix D E F E N S I V E
WHERE
Surface Web
Deep Web
Dark Web
Paste Site Search |Open Bug Bounty | Brand ReputationSocial Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums
Data Breach Databases | TOR Network |Cyber Attacker Group Sites
Google Dorks | Organization website
9
Verification of exposed resources
Reproduction of the attacker's point of view
Reconnaissance phase simulation
Mitigation and remediation actions
WHAT
EXPOSURE ASSESSMENT | SaaS
9© Würth Phoenix D E F E N S I V E
OSINT
10
EXPOSURE ASSESSMENT | SaaS
10© Würth Phoenix D E F E N S I V E
HOW
Domain(s) | keywords
Hostnames | IP address | E-mail account
Graphs | Reports | Stats | Notifications
Company inputs collection
Continuous objects collection
Research of weaknesses
Research of correlations
Autonomous use of SATAYO Portal
API for Monitoring platforms
Notification via Telegram and e-mail
Daily report generation
NetEye
11
EXPOSURE ASSESSMENT | SaaS
11© Würth Phoenix D E F E N S I V E
WHERE
Surface Web
Deep Web
Dark Web
Paste Site Search |Open Bug Bounty | Brand ReputationSocial Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums
Data Breach Databases | TOR Network |Cyber Attacker Group Sites
Google Dorks | Organization website
12
Verification of exposed resources
Reproduction of the attacker's point of view
Reconnaissance phase simulation
Mitigation and remediation actions
WHAT
EXPOSURE ASSESSMENT | SaaS & Managed
12© Würth Phoenix D E F E N S I V E
OSINT
13
EXPOSURE ASSESSMENT | SaaS & Managed
13© Würth Phoenix D E F E N S I V E
HOW
Domain(s) | keywords
Hostnames | IP address | E-mail account
Graphs | Reports | Stats | Notifications
Company inputs collection
Continuous objects collection
Research of weaknesses
Research of correlations
Joinly use of SATAYO Web Portal
API for Monitoring platform
Analysis and solution proposal
Daily report generation
Ticket | Phone call | E-mail
NetEye
14
EXPOSURE ASSESSMENT | SaaS & Managed
14© Würth Phoenix D E F E N S I V E
WHERE
Surface Web
Deep Web
Dark Web
Paste Site Search |Open Bug Bounty | Brand ReputationSocial Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums
Data Breach Databases | TOR Network |Cyber Attacker Group Sites
Google Dorks | Organization website
15
SATAYO provides detected evidences (per
domain) appropriately filtered on the basis of
sources and keywords selected by cyber
security analysts team1.
EXPOSURE ASSESSMENT SaaS |
15© Würth Phoenix D E F E N S I V E
DEEP & DARK WEB
Ursula von derLeyenPresidente della Commissione europea
Ursula Gertrud von der Leyen, nata Albrecht, è una politica tedesca,
membro della CDU e Presidente della Commissione europea dal 1°
Dicembre 2019. Wikipedia
1 All members of our team are CEH (Certified Ethical Hacker) certified and are required to observe a specific code of ethics.
Source: https://doxbin.org/
16
SATAYO is able to provide extracts of passwordsand accounts used to register on services that havesuffered data breaches; these are constantlyupdated by our cyber security analysts team.
DATA BREACH
EXPOSURE ASSESSMENT SaaS |
16© Würth Phoenix D E F E N S I V E
No metric can be used with certainty toindicate how costly the data breach ofa single access credential might be. Thepotential actions stemming from thatdata breach are wide-ranging and thevalues are calculated on the basis ofthe risk assessment specific to eachorganization.
Some examples
Unicredit (600k)
Università Campus Bio-medico di Roma (20k)
1717© Würth Phoenix D E F E N S I V E
SIMILAR DOMAINS
EXPOSURE ASSESSMENT SaaS |
xn--teslamtors-dx3e.com teslamọtors.com
SATAYO is able to detect registered
domains that are similar to the one used by
your organization. In fact they could be
potentially used to generate targeted phishing
attacks (spear phishing).
18
SATAYO shows an extraction of the
evidences (example: logs, config. files,
passwords, etc...) detected within the
repositories used by the developers of the
organization.
18© Würth Phoenix D E F E N S I V E
REPOSITORY
EXPOSURE ASSESSMENT SaaS |
19
SATAYO shows the weaknesses detected on
the organization's resources:
unmanaged social pages poorly configured mail servers SSL misconfigurations management ports insecure protocols
WEAKNESSES
19© Würth Phoenix D E F E N S I V E
EXPOSURE ASSESSMENT SaaS |
20
VULNERABILITY ASSESSMENTOne Time | On-Prem
20© Würth Phoenix
DEFENSIVE
21
WHAT
VULNERABILITY ASSESSMENT | One Time
21© Würth Phoenix D E F E N S I V E
Vulnerabilities identifications
Vulnerabilities quantification
Vulnerabilities prioritization
22
VULNERABILITY ASSESSMENT | One Time
22© Würth Phoenix D E F E N S I V E
HOW
Private IP addresses | Public IP addressesScope of engagement definition
Cataloging of assets & resources
Identification of vulnerabilities for each resource
Vulnerability analysis and solution proposal
Creation of a detailed report
Report presentation Remotely
23
VULNERABILITY ASSESSMENT | One Time
23© Würth Phoenix D E F E N S I V E
WHERE
Networking equipments
WiFi
Server & clients
IoT & IIoT
24
WHAT
VULNERABILITY ASSESSMENT | On-Prem
24© Würth Phoenix D E F E N S I V E
Vulnerabilities identifications
Vulnerabilities quantification
Vulnerabilities prioritization
25
VULNERABILITY ASSESSMENT | On-Prem
25© Würth Phoenix D E F E N S I V E
HOW
Private IP addresses | Public IP addressesScope of engagement definition
Cataloging assets & resources
Continuous identification of vulnerabilities
Integration of 3rd party system Monitoring | SIEM
For each resource
26
VULNERABILITY ASSESSMENT | On-Prem
26© Würth Phoenix D E F E N S I V E
WHERE
Networking equipments
Server & clients
IoT & IIoT
27
GAP ANALYSIS
27© Würth Phoenix
DEFENSIVE
28
WHAT
GAP ANALYSIS
28© Würth Phoenix D E F E N S I V E
Identification of current risk controls
Identification of residual risks
2929© Würth Phoenix D E F E N S I V E
HOW
Interview to organization key people
Use of CIS Controls
Analysis of «AS IS»
Identification of «TO BE» set of cyber actions
Creation of a detailed report
Report presentation
GAP ANALYSIS
TM
Remotely
3030© Würth Phoenix D E F E N S I V E
WHERE
GAP ANALYSIS
Physical interview
Remote interview
3131© Würth Phoenix
SECURITY TRAINING
DEFENSIVE
32
WHAT
32© Würth Phoenix D E F E N S I V E
SECURITY TRAINING
Cyber Security Essential
Cyber Security Intermediate
Cyber Security Advanced
Exposure Analysis with OSINT
Social Engineering + ETEL game
Industrial Control System Security
Tailored to the needs of the organization
3333© Würth Phoenix D E F E N S I V E
HOW
SECURITY TRAINING
Class room
Training on the job
3434© Würth Phoenix D E F E N S I V E
WHERE
SECURITY TRAINING
Customer site
Würth Phoenix
Microsoft Teams
35
PENETRATION TEST
35© Würth Phoenix
OFFENSIVE
36
WHAT
O F F E N S I V E 36© Würth Phoenix
Exploits detected vulnerabilities
Performed according to standard methodology
PENETRATION TEST
37
HOW
Vulnerability Assessment
Research on vulnerabilities exploitation
Exploit
Creation of a detailed report
Report Presentation
PENETRATION TEST
O F F E N S I V E 37© Würth Phoenix
NIST Methodology
38
WHERE
PENETRATION TEST
O F F E N S I V E 38© Würth Phoenix
Networking equipments
WiFi
Server & clients
IoT & IIoT
Web services
Web applications
Mobile applications
39
PASSWORD AUDIT
39© Würth Phoenix
OFFENSIVE
40
WHAT
O F F E N S I V E 40© Würth Phoenix
Dictionary attack
Rainbow Table attack
Brute Force attack
Hybrid attack
PASSWORD AUDIT
41
HOW
Company inputs collection
Cracking execution
Creation of a detailed report
Report presentation
PASSWORD AUDIT
O F F E N S I V E 41© Würth Phoenix
Password hashes
One method | Multi method
Remotely
42
WHERE
PASSWORD AUDIT
O F F E N S I V E 42© Würth Phoenix
Active Directory
Database
WiFi
4343© Würth Phoenix
SOCIAL ENGINEERING
OFFENSIVE
44
WHAT
O F F E N S I V E 44© Würth Phoenix
Exploits of human factor
SOCIAL ENGINEERING
45
HOW
SOCIAL ENGINEERING
O F F E N S I V E 45© Würth Phoenix
Phishing | Dumpster diving | Evil TwinImpersonation | Baiting | Vishing | Lockpicking
Choice of Attack Vector(s)
Info gathering
Attack simulation
Creation of a detailed report
Report presentation
OSINT
46
WHERE
SOCIAL ENGINEERING
O F F E N S I V E 46© Würth Phoenix
Employees
Top management
Key people
4747© Würth Phoenix
RED TEAMING
OFFENSIVE
48
WHAT
O F F E N S I V E 48© Würth Phoenix
RED TEAMING
Multi-layered attack simulation
Organization's detection and response capabilities test
Focuses on the objectives rather than on used methods
49
HOW
RED TEAMING
O F F E N S I V E 49© Würth Phoenix
Info gathering
Identification of weaknesses
Attack simulation
Creation of a detailed report
Report presentation
OSINT
Remotely
50
WHERE
RED TEAMING
O F F E N S I V E 50© Würth Phoenix
All organizational resources
51
THE RIGHT SERVICE
… more than software© Würth Phoenix 51
PEOPLE
PROCESS
IT SERVICES
ORGANIZATION
INCREASING AWARENESS
POSTURE COMPLIANCY
SECURITY IMPROVEMENT
INCIDENT DETECTION
RESPONSE CAPABILITY
SECURITY TRAINING
SOCIAL ENGINEERING
PASSWORDAUDIT
GAP ANALYSIS
PENETRATION TEST
EXPOSURE ASSESSMENT
RED TEAMING
VULNERABILITYASSESSMENT
52© Würth Phoenix 52… more than software