48

As The Phish Turns

Embed Size (px)

Citation preview

Page 1: As The Phish Turns
Page 2: As The Phish Turns
Page 3: As The Phish Turns

Definitely a Devil Dog

Page 4: As The Phish Turns

WELCOME&

THANK YOU

Page 5: As The Phish Turns

ROB

Page 6: As The Phish Turns
Page 7: As The Phish Turns
Page 8: As The Phish Turns
Page 9: As The Phish Turns

+ Cadets, Midshipman, Pleebs

Page 10: As The Phish Turns

Father

Page 11: As The Phish Turns
Page 12: As The Phish Turns
Page 13: As The Phish Turns
Page 14: As The Phish Turns

What we’ll be talking about

Security Life Lessons

Current Threats

Defenses

Keeping up with the Jones

One more thing…

Page 15: As The Phish Turns
Page 16: As The Phish Turns

Life Lesson #1

Know whatyou own

Page 17: As The Phish Turns

Life Lesson #2

Logs.Are.

KING.

Page 18: As The Phish Turns

Life Lesson #3

Misconfiguration is the devil

Page 19: As The Phish Turns

Life Lesson #4

Layers

Page 20: As The Phish Turns

Life Lesson #5

Don’t fall asleep at work…

Page 21: As The Phish Turns

Life Lesson #5 (contd.)

…especially when your work laptop has a webcam…

Page 22: As The Phish Turns

No you cannot havethis picture

Page 23: As The Phish Turns

Current Threats

Page 24: As The Phish Turns

[A]dvanced[P]ersistent[T]hreats

Page 25: As The Phish Turns

[F]ear[U]ncertanty[D]oubt

Page 26: As The Phish Turns

OH-Day

Page 27: As The Phish Turns
Page 28: As The Phish Turns
Page 29: As The Phish Turns

_REAL_ Current Threats

Client-side Exploitation• Spam• Phishing• Malicious Attachments• Malicious Links

“Web App Sec”• Do you really know what apps you have

out there?... Really?

Page 30: As The Phish Turns

Your tools:

Page 31: As The Phish Turns

CASTLE Theory

[C]rown[A]ssess[S]nare[T]olerate[L]imit[E]levation

Page 32: As The Phish Turns

Your tools:

Risk Assessment

What is ACTUALLY important to the organization

Page 33: As The Phish Turns

Your tools:

Testing•Vulnerability Assessment•Penetration Testing•Information Operations

Page 34: As The Phish Turns

Your tools:

Incident Response•Log Analysis•Forensics

Page 35: As The Phish Turns

Your tools:

Intrusion Prevention Systems•Firewalls•Anti-Virus•IPS•Proxies

Page 36: As The Phish Turns

Intelligence Operations

Page 37: As The Phish Turns

What sets it apart:•Crown Jewels•Detectability•0day usage•Full Scope•Long Term

Page 38: As The Phish Turns

But how do I keep up?

Page 39: As The Phish Turns
Page 40: As The Phish Turns
Page 41: As The Phish Turns

Home Lab

Page 42: As The Phish Turns

PASSION

Page 43: As The Phish Turns

One more thing…

Page 44: As The Phish Turns
Page 45: As The Phish Turns
Page 46: As The Phish Turns

Start your brand NOW

http://bit.ly/5duczB

Couch to CareerIn 80 hours

Page 47: As The Phish Turns

THANK YOU

Page 48: As The Phish Turns

[email protected]://www.room362.comhttp://twitter.com/mubix