(My) BruCON 2015 notes (5)

Adrian Citu

Here are my quick notes from the BruCON 2015 conference. All the slides can be found here.

This is the last ticket about the BruCOn 2015 so, it contains the presentations for which my notes are not so good 🙂

Creating REAL Threat Intelligence with EvernotebruCon

goal:

  • experiment to generate threat intelligence with Evernote.
  • use Evernote as intelligence repository.

background:

  • before buying new commercial solution
    • try quick and dirty solution in house
    • invest in people &process first, then Products.

Use Evernote as a GTD(Getting Things Done ??)-Based Task Mgmt System.

  • treat  Evernote like  a  Database
    • Notebook  ==  Table
    • Note  ==  Free  Form  Record
    • Nested  Notebooks
    • Hierarchical  Tags

Looking Forward – Finding the right balance for INFOSEC

Some words about the infosec in the past and today:

  • in 1999 the security community was a small community
  • things start to change now BUT
    the ratios security/it people it’s very low

Some words about the security breaches:

  • 99% of the breaches is are due to basic things; BUT the companies are focusing on much complicated
    attacks but are forgetting the easy to fill gaps.
  • end-users are still the weakest link; for fishing only one click it’s enough to get in inside the it infrastructure
  • profiling is difficult BUT targeting the user is muck more easier.

Some words about the security industry:

  • security industry is too technology centric.
  • we just hope that the technology will solve the problems magically.
  • technology it takes over talent.

Some ideas for the defence:

  • Disabling local administrator accounts, or randomizing.
  • Rotating domain admin account passwords.
  • Disallow PowerShell execution for normal users.
  • Disallowing executables to be run through TEMP and other directories.
  • Network segmentation of user workstations.
  • Focus on detection capabilities over anything.

I am the Cavalry

The Cavalry is a organization that is focused on issues where computer security intersect public safety and human life. The areas of focus for The Cavalry are medical devices, automobiles, home electronics and public infrastructure.

How to influence people (a pen test like approach):

  • recon
  • empathizing (replaces finding vulnerabilities)
  • enabling changes (replaces exploitation)

Recon

known the official structure and the non-official one.

unofficial structure

  • who is liked
  • trusted influencers

Empathizing

  • understand the stakeholders
  • studies can give you a hint about the way of thinking
  • motivation, career ambitions
  • how the stakeholders make decisions
  • learn how to speak the stakeholders language – cross domain issues

Enabling changes

  • work the system;
  • be adaptive if it didn’t worked
  • riding waves, news
  • speak their language