Here are my quick notes from the BruCON 2015 conference. All the slides can be found here.
This is the last ticket about the BruCOn 2015 so, it contains the presentations for which my notes are not so good 🙂
Creating REAL Threat Intelligence with Evernote
goal:
- experiment to generate threat intelligence with Evernote.
- use Evernote as intelligence repository.
background:
- before buying new commercial solution
- try quick and dirty solution in house
- invest in people &process first, then Products.
Use Evernote as a GTD(Getting Things Done ??)-Based Task Mgmt System.
-
treat Evernote like  a  Database
-
Notebook  ==  Table
-
Note  ==  Free  Form  Record
-
Nested  Notebooks
-
Hierarchical  Tags
-
Looking Forward – Finding the right balance for INFOSEC
Some words about the infosec in the past and today:
- in 1999 the security community was a small community
- things start to change now BUT
the ratios security/it people it’s very low
Some words about the security breaches:
- 99% of the breaches is are due to basic things; BUT the companies are focusing on much complicated
attacks but are forgetting the easy to fill gaps. - end-users are still the weakest link; for fishing only one click it’s enough to get in inside the it infrastructure
- profiling is difficult BUT targeting the user is muck more easier.
Some words about the security industry:
- security industry is too technology centric.
- we just hope that the technology will solve the problems magically.
- technology it takes over talent.
Some ideas for the defence:
- Disabling local administrator accounts, or randomizing.
- Rotating domain admin account passwords.
- Disallow PowerShell execution for normal users.
- Disallowing executables to be run through TEMP and other directories.
- Network segmentation of user workstations.
- Focus on detection capabilities over anything.
I am the Cavalry
The Cavalry is a organization that is focused on issues where computer security intersect public safety and human life. The areas of focus for The Cavalry are medical devices, automobiles, home electronics and public infrastructure.
How to influence people (a pen test like approach):
- recon
- empathizing (replaces finding vulnerabilities)
- enabling changes (replaces exploitation)
Recon
known the official structure and the non-official one.
unofficial structure
- who is liked
- trusted influencers
Empathizing
- understand the stakeholders
- studies can give you a hint about the way of thinking
- motivation, career ambitions
- how the stakeholders make decisions
- learn how to speak the stakeholders language – cross domain issues
Enabling changes
- work the system;
- be adaptive if it didn’t worked
- riding waves, news
- speak their language
You must be logged in to post a comment.