Upload
andrius-januta
View
126
Download
0
Embed Size (px)
Citation preview
BEYOND THE SECURITY RAINBOWAndrius Januta, IT Security Analyst & Penetration Tester
2016-06-01
AGENDA
WhoamiLegacyWarningWe’ll start with something darkand end up with a light touch
:~ $ WHOAMI?
Andrius JanutaSecurity UnitIT Security Analyst & Penetration Tester
WARNING*TO PEOPLE WITH FEAR OF COLORS OR WITH PARANOIA*
rainbow
RAINBOW-HAT-O-METER
$cr1pt K1dd13s
Cyber Terrorists
State Sponsored Hackers
Suicide Hackers
Blue HatHacktivist
DARK SIDE
Lets take a walk…
WHERE SHALL I SHOP TODAY?
/r/darknetmarkets/Google, bing, Yandex etc.
Grams – the Deepwebs search engine for drugsCloudnine - Doxing siteWeBuyBitcoins – Exchanging Bitcoin for cash or electronic payments…
À LA CARTE
Source:http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-chinese-underground-in-2013.pdfhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-chinese-underground-in-2013.pdf
I LIKE 3.14’S
The Internet
Deep Web
Dark Web
FRESH OR EXPIRED?
PLEASE BUYA
I HEARD YOU’RE LOOKING FOR A JOB
DELICIOUS MENU
ILLICIT CONTENT ON THE TOR DARKNET
Source: http://www.tandfonline.com/doi/full/10.1080/00396338.2016.1142085
The Undergroundfor the Underground
Source: http://fossbytes.com/welcome-to-the-darknet-the-underground-for-the-underground/
SEE IT IN ACTION
http://www.digitalattackmap.com/#
anim=1&color=3&country=SA&list=0&time=16866&view=
map
https://cybermap.kaspersky.com/
http://map.norsecorp.com/#/
LIGHT SIDE*SORT OF…*
LET ME REWIND A BIT
Project Strongbox https://projects.newyorker.com/strongbox/The Associated Whistleblowing Press (AWP) https://awp.is/DuckDuckGo https://duckduckgo.com/Sci-Hub http://sci-hub.ac/
And Let’s start with this
https://youtu.be/bjYhmX_OUQQ?t=4m45s
LET THAT SINK IN…
do you worry about trained martial artists
(OR angry guy wearing tracksuit) beating you up on the street?
While people can—and should—take basic steps to protect their digital security, most people probably
shouldn’t worry about being subjected to certain hacks
WHITE HAT HACKER
Who is the white hat hacker?
White Hat Hackers are those that are legal?
Sometimes, the law is wrong & must be broken
LEGENDARY QUOTE
the only thing that can stop a bad hacker with a script is a good hacker with a script.
Cyber attacks are listed first among global threatssuch as terrorism and weapons of mass destruction
““
Source: https://www.dni.gov/files/documents/Unclassified_2015_ATA_SFR_-_SASC_FINAL.pdf
PHASES OF HACKING
Phase 1 – ReconnaissancePhase 2 – ScanningPhase 3 – Gaining AccessPhase 4 – Marinating AccessPhase 5 – Covering Tracks
ATTACK SURFACE
Source: https://twitter.com/JohnLaTwC/status/701530986564046848
SECURITY LAYERS
Good, we are secure now
BE SAFE!
@adforminsider
andrius.janutasecurity @adform.com