Upload
ben-ten-0xa
View
186
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Slides from my talk at ShowMeCon STL 2014
Citation preview
About Ben
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Introductions
●13+ years experience in Health CareInformation Systems
●Vice President & Security Officer●Developer (Builder)●Security Consultant, Trainer
About Ben
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Introductions
●It's hard being an executive when you look like you are a teenager.
●For serious!
●Thanks to @jaysonstreet
Disclaimer
Our thanks to all of the websites we ripped off to use
images for this deck.
Full attribution on last slide!
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Why Us?
●We are geeks●We are gamers●We love this community●We both wanted to be like our gaming heroes!
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Why Us?
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Why Us?
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
What is this call?
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
Our hopes & dreams
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
Strategic Defense Execution Standard
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
What is PoshSec?
• PoshSec is a framework to enable information security pros, system
administrators, analysts and others to effectively help manage a systems or
a networks security.
• PoshSec consists of
• PoshSec PowerShell Module
• PoshSec Framework
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
How PoshSec Got Started
• Started by Matt Johnson and Will Steele
•Originally saw a lack of Security Related PowerShell modules
• Planned out the project as Will was battling cancer.
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Assembling the team
• Need a team of ninja’s to help make PoshSec grow
• Partnered with Wolfgang Goerlich, Nick Jacob and Rich Cassara and
Michael Ortega
• All seasoned infosec pros and brilliant minds.
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Goals
• The initial PoshSec release focused on the Top 20 controls.
• While maintaining our expertise in the area Top20 controls, we are
branching out to cover:
• Server Hardening
• Forensics
• Many more areas
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Account Management
• Created to satisfy Top Twenty Control #16 for the Account Monitoring and
Control section.
• Allows people to verify:
• User accounts
• Accounts that don’t expire
• Admin accounts
• Accounts that expire
• Accounts pass expiration date
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Log Management
• Allows for querying of a few log types
• DNS
• IIS
• Allows you to set all of your Security Event logs to PoshSec recommended
settings.
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Network Baselining
• Several Baselining Scripts
•Open Ports
•Wireless Networks
• Configure Windows Firewall
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec 1.0
• PoshSec is officially releasing 1.0 of the PowerShell module
today.
• Cleaner code base, a few new additions
• First of many regular releases.
• Currently twice a year
•Download:http://github.com/poshsec/
PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
My original plan....
●Create an open source SIEM●Bake everything inside●Release it to the community●Profit... wait... it's free●Continue my day job!
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
It's not the sum of it's code!
Select your player...
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
Green Ninja
●System Administration●Basic Networking Functions●Scan / Audit Domains●Use Information in Scripts●Patch Management
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
Blue Ninja
●Defensive Team●Live Port Monitoring●Application Integrity●Live File Monitoring●Log Analysis
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
CVE-2014-1776
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
OneGet – PowerShell 5.0
Chocolatelyhttp://chocolatey.org
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
Red Ninja
●Offensive Team●Powersploit Modules●Enumeration Tool●Leverage PSRemoting
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
@obscuresec
Own a box, now you need to download a 3rd party tool like
python/rube.
PowerShell is already there!!!
PoshSec Framework
Black Ninja
●Penetration Testing●Vulnerability Analysis●Posh-Sec Modules●Export Systems to Assets
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
White Ninja
●Forensics●Incident Response●The limit is only based on us
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
Features:
●Exposed Interface Elements●Github Integration●Custom Error Reporting●Create Tabs for Individual Objects●Seamless Integration with Scripts
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Unlock-TheKrakken
Live Demo!
PoshSec Framework 1.0
http://github.com/poshsec/poshsecframework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
PoshSec Developers●@mwjcomputing●@jwgoerlich●@securitymoey●@mortprime●@rjcassara●@sukotto_san●@PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
PoshSec Framework
I Am The Cavalry
The Cavalry is a global grassroots organization that is focused on issues where
computer security intersects public safety and human life.
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
I Am The Cavalry
Our areas of focus are medical devices, automobiles, home electronics and public
infrastructure.
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
I Am The Cavalry
●Content Management●Project Management●Administrative Assistance●Technical Systems Assistance●Sponsorship
Needs
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
I Am The Cavalry
http://www.iamthecavalry.org/
@iamthecavalry
I haz stickerz!
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
I Am The Cavalry
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
I Am The Cavalry
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Strategic Defense Execution Standard
Simple method for planning cyber defenses based on
straightforward step-by-step instructions.
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Strategic Defense Execution Standard
Help you identify where attacks are likely to come from, where
they are likely to go to, how they are likely to get there, and
what the impact on your organization will be.
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Strategic Defense Execution Standard
The final goal is to implement a defense that will allow you to
maintain an acceptable information security posture.
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
●Organization Risk Tolerance●IT Basics●Critical Asset Planning●Threat Scoping●Strategic Network Mapping●Attack Vector Identification
Focus
Strategic Defense Execution Standard
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
●Attack Path Identification●Defense Planning●Defense Testing●Attack Detection and Response
Focus (continued)
Strategic Defense Execution Standard
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Strategic Defense Execution Standard
Current Contributors
James Arlen (@Myrcurial) Iftach Ian Amit (@Iamit) Zate (@Zate) Gabe Bassett (@gdbassett) Ben Ten (@Ben0xA)
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Strategic Defense Execution Standard
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Strategic Defense Execution Standard
http://wiki.doinginfosecright.com/index.php?title=SDES
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
Where do you fit in?
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
I'm answering the call.... what do you need?
●Contribute Ideas●Contribute Powershell Modules●Share your scripts with the community
●Use the tools... give us feedback!The Call of Community: Modern Warfare
Ben0xA – ShowMeCon 2014
The Call of Community
I'm answering the call.... what do you need?
●Join a Project●Support a project (skills/financially)
●Discourage Negativity
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
This idea is only as strong as this community. It's time to
stand together as a team!
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
The more we work as a team the stronger this community
will become.
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
The Call of Community
Conclusion
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Conclusion
Contact Information●@Ben0xA●Ben0xA on Freenode (IRC)●[email protected]●http://ben0xa.com●http://github.com/Ben0xA●http://github.com/PoshSec
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Conclusion
Contact Information
●@mwjcomputing
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Conclusion
Questions?
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Conclusion
Thank you!
I have stickers if you want one.
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014
Attributionhttp://www.virginmedia.com/images/Tennis_for_Two-tennis-431.jpghttp://insertcredit.com/wp-content/uploads/2012/11/pong.jpeghttp://upload.wikimedia.org/wikipedia/en/0/01/Screenshot_of_Zork_running_on_Frotz_through_iTerm_2_on_Mac_OSX.pnghttp://www.abandonia.com/files/games/410/Chip%27s%20Challenge_3.pnghttp://cdn.akamai.steamstatic.com/steam/apps/240160/ss_f2cf77e7d577b6b2b55f9c4e9c3711abcbdb3846.1920x1080.jpg?t=1387578150http://static.giantbomb.com/uploads/original/0/4245/290740-map09_oh_noes_two_elementals.pnghttp://1.bp.blogspot.com/--qksWYEfKrE/TrvyGxkyUuI/AAAAAAAAA7E/VfKZGhl5w8s/s1600/Breakout+%25281978%2529+%2528Atari%2529+%2528PAL%2529_74.pnghttp://freevitathemes.com/wp-content/uploads/2012/03/super-mario.pnghttp://satoshimatrix.files.wordpress.com/2011/08/snake-rattle-n-roll-u-0000.pnghttp://assets1.ignimgs.com/2001/10/19/zelda_nes_boomerang-334450.jpghttp://www.socwall.com/images/wallpapers/13209-1680x1050.jpghttp://i1.ytimg.com/vi/hSzDAB0Ua4g/hqdefault.jpghttp://images4.alphacoders.com/191/191376.jpghttp://thoughtsonfilms.files.wordpress.com/2008/08/img_6.jpghttp://wiimedia.ign.com/wii/image/article/779/779902/star-fox-64-virtual-console-20070411045113846_640w.jpghttp://us.blizzard.com/static/_images/games/wrath/wallpapers/wall1/wall1-1600x1200.jpghttp://www.familyfriendlygaming.com/Images/2012/Pics/FINAL_FANTASY_DIMENSIONS/8679battle.pnghttp://images4.alphacoders.com/191/191376.jpghttp://86bb71d19d3bcb79effc-d9e6924a0395cb1b5b9f03b7640d26eb.r91.cf1.rackcdn.com/wp-content/uploads/2011/11/the-legend-of-zelda-skyward-sword-walkthrough-artwork.jpg
The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014