Think of an attack path (or kill chain) as one of those kids toys where you rotate animals. Heads, bodies, tails. Intrusions, compromises, exfiltrations. Which part is easiest to detect and why?
Watch more videos on my YouTube channel.
Archive for June, 2016
Stuck in Traffic – Drive Encryption, Secure Wipes, and Awareness
Posted byA new study finds 78% of used computers have personal and corporate data from their previous owners. Time to check your endpoint data controls. Time, too, to share the story with your employees so they can secure their personal computers. It’s a teachable moment.
Watch more videos on my YouTube channel.
Food Fight at BSides Cleveland 2016
Posted byFood Fight. From farm to fork, food production in America is a complex and interwoven system of technologies. This session explores a slice of that system and relies upon food production as an example of multifaceted penetration testing. With a combination of stories and lessons learned, we will discuss and learn from the challenges of scaling up penetration testing and adapting it to unique technologies. This provides us an opportunity to sharpen up on the basics while learning advanced techniques. Moreover, given food production’s reliance upon SCADA and ICS systems, the session will describe how these non-traditional systems can be assessed. All in all, for the defenders, what we learn from a good food fight can be directly applied to securing our own complex networks. (Saturday, June 25, 2016. Cleveland, Ohio.)
Watch more videos on my YouTube channel.
Stuck in Traffic – Cowboys and Quick Draw Changes
Posted byNobody likes an IT cowboy. Nobody. Then again, everybody needs a hero sometime. Somebody quick on the trigger. Somebody who knows what’s what. So I ask, who’s your cowboy?
Watch more videos on my YouTube channel.
Stuck in Traffic – Social Engineering with HTML Apps
Posted byThe new version of the Social Engineering Toolkit (SET) can deliver malicious payloads with the Windows HTML Application (HTA) files. Let’s talk defense.
Watch more videos on my YouTube channel.
Stuck in Traffic – Vulnerable Configurations
Posted by154 million voter records were recently exposed. The records included names, addresses, Facebook profiles, gun ownership, and so on. And this highlights the need to check configurations as part of vulnerability management.
Watch more videos on my YouTube channel.
Stuck in Traffic – Remote Access
Posted byRecent attacks on GoToMyPC and Team Viewer shine a spotlight on remote access risks. If someone were compromised by these, would we know? And what subsequent controls would protect our sensitive data?
Watch more videos on my YouTube channel.
Stuck in Traffic – FICO Security Score
Posted byYou know your FICO credit score? Yeah. Now apply that to cyber security. That’s what QuadMetrics has developed for FICO. It’s coming to a cyber insurance policy near you. Is your organization ready?
Watch more videos on my YouTube channel.
Stuck in Traffic – The IKEA Effect
Posted byInvolve people in the creation of security procedures and controls to trigger the IKEA Effect and get buy-in.
Watch more videos on my YouTube channel.
Stuck in Traffic – Dedicated Security Teams
Posted byRebecca Marquis tweeted out that she was doing housework while listening to these videos. And that made me think. IT security is a lot like cleaning. For example, it works better with a dedicated team doing the chores.
Watch more videos on my YouTube channel.