BEYOND THE SECURITY RAINBOWAndrius Januta, IT Security Analyst & Penetration Tester

2016-06-01

AGENDA

WhoamiLegacyWarningWe’ll start with something darkand end up with a light touch

:~ $ WHOAMI?

Andrius JanutaSecurity UnitIT Security Analyst & Penetration Tester

WARNING*TO PEOPLE WITH FEAR OF COLORS OR WITH PARANOIA*

rainbow

RAINBOW-HAT-O-METER

$cr1pt K1dd13s

Cyber Terrorists

State Sponsored Hackers

Suicide Hackers

Blue HatHacktivist

DARK SIDE

Lets take a walk…

WHERE SHALL I SHOP TODAY?

/r/darknetmarkets/Google, bing, Yandex etc.

Grams – the Deepwebs search engine for drugsCloudnine - Doxing siteWeBuyBitcoins – Exchanging Bitcoin for cash or electronic payments…

À LA CARTE

Source:http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-chinese-underground-in-2013.pdfhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-chinese-underground-in-2013.pdf

I LIKE 3.14’S

The Internet

Deep Web

Dark Web

FRESH OR EXPIRED?

PLEASE BUYA

I HEARD YOU’RE LOOKING FOR A JOB

DELICIOUS MENU

ILLICIT CONTENT ON THE TOR DARKNET

Source: http://www.tandfonline.com/doi/full/10.1080/00396338.2016.1142085

The Undergroundfor the Underground

Source: http://fossbytes.com/welcome-to-the-darknet-the-underground-for-the-underground/

SEE IT IN ACTION

http://www.digitalattackmap.com/#

anim=1&color=3&country=SA&list=0&time=16866&view=

map

https://cybermap.kaspersky.com/

http://map.norsecorp.com/#/

LIGHT SIDE*SORT OF…*

LET ME REWIND A BIT

Project Strongbox https://projects.newyorker.com/strongbox/The Associated Whistleblowing Press (AWP) https://awp.is/DuckDuckGo https://duckduckgo.com/Sci-Hub http://sci-hub.ac/

And Let’s start with this

https://youtu.be/bjYhmX_OUQQ?t=4m45s

LET THAT SINK IN…

do you worry about trained martial artists

(OR angry guy wearing tracksuit) beating you up on the street?

While people can—and should—take basic steps to protect their digital security, most people probably

shouldn’t worry about being subjected to certain hacks

WHITE HAT HACKER

Who is the white hat hacker?

White Hat Hackers are those that are legal?

Sometimes, the law is wrong & must be broken

LEGENDARY QUOTE

the only thing that can stop a bad hacker with a script is a good hacker with a script.

Cyber attacks are listed first among global threatssuch as terrorism and weapons of mass destruction

““

Source: https://www.dni.gov/files/documents/Unclassified_2015_ATA_SFR_-_SASC_FINAL.pdf

PHASES OF HACKING

Phase 1 – ReconnaissancePhase 2 – ScanningPhase 3 – Gaining AccessPhase 4 – Marinating AccessPhase 5 – Covering Tracks

ATTACK SURFACE

Source: https://twitter.com/JohnLaTwC/status/701530986564046848

SECURITY LAYERS

Good, we are secure now

BE SAFE!

@adforminsider

andrius.janutasecurity @adform.com