Upload
alexey-kachalin
View
1.491
Download
1
Embed Size (px)
DESCRIPTION
High tech brings Security struggle resulting in low life. Security Ninjas struggle to overcome obstacles of Enterprise world chaos in this Cyberpunk world.
Citation preview
Hackanalytics
What's
hotWhat's not
Cyberpunk Fairytale with Tips and Tricks
ByAlexey Kachalin
Advanced Monitoring
advancedmonitoring.ru @kchln
CreditsAdvanced Monitoring as The Team
Alexey Kachalin as Narrator
Shiny IT as High Tech
Security Struggle as Low Life
[AK@DeepSec 2013 Nov 21]$ story begin_
advancedmonitoring.ru @kchln
advancedmonitoring.ru @kchln
Security Struggle
advancedmonitoring.ru @kchln
Why Struggle? More Secure Less Secure
Insecurity
Incidents
ResponseIntroduce
Controls
System
Complexity
System
Evolution
Positive link
Negative link
Enforcing loop
???
Tool: System Diagrams
advancedmonitoring.ru @kchln
Wanna skip to Ninjas part?
1. Choose methodologyTechnology specific OWASPTask specific PTESDomain specific OSSTMMResult-oriented CSC
2. Scoping…n. Rock’n’Roll!
advancedmonitoring.ru @kchln
1 Security Ninja wasted. Continue [ y/N] _
Tool: Mindmap, brainstorm. Don’t read it all now – I made it for lols
advancedmonitoring.ru @kchln
Some Hack-o-sophy then?Creating stuff
Engineering view User view
Analytical thinkingCritical thinkingOut-of-box thinking
*Technical expertise is required anyway
advancedmonitoring.ru @kchln
When are you? Understand Their protocolsEnterprise runs hundreds of projects
and processes when you happen’… not going to stop
Plan – Identify & AnalyzeDo- Develop SolutionCheck- …and Improve SolutionAct – Implement Solution
You better know Their context
Tool: Deming cycle and whatever follows PMBOK, TIL, ISO9000
advancedmonitoring.ru @kchln
Pareto-zation. The benefit of hindsight
Proves to be correct over and over
Rarely used in planning
80%
$$$
20%
effort
Log don’t memorize
Work out logs and use in planning
Why?
No Data
Tool: Pareto, Knapsack problem
advancedmonitoring.ru @kchln
Suggest Project/Teamwork Strategy
Waterfall – stages, WBS
Agile conceptTime-limited iterationsTeam work on componentTasks not assigned – takenScope change toleranceCustomer awareness
Tool: WBS, T-Shirt estimate, Burndown
advancedmonitoring.ru @kchln
Broken communication – any project’s issue
Phone call – I’ll call you backE-mail – ignored, maybe in spam?Checklist – too big – please e-mailInterview –please send checklistDiscussion – I will do my way
AaaRghh!!!
advancedmonitoring.ru @kchln
Communicating in and out tricks
Fight fears Appreciative Inquiry (5Ds)
Too sweet? Criticize!Constructive Controversy
Explore causes5 Whys
Overcome egosSix Hats
Tool: Communications scenarios. It’s not always the same
advancedmonitoring.ru @kchln
“Fairytale” Editor’s cut includes section
Other Extremely Effective Communication tips
advancedmonitoring.ru @kchln
Skimming documentation
Don’t read or rewrite or annotate
Review and analyze
Structure - what’s there, not thereAny logic in bundle?Check consistency
How up-to-date documents are?
Authors available for comments?Tool: Structure schemes, Sequence Diagrams
advancedmonitoring.ru @kchln
Organize Chaos
Track and Log *List *
List of received documentsList of created documents for the project
UID * – use ID’s across artifactsID’s used by customer are inconsistent… oftenTranslation tablesID!=UID IP is not UID, MAC -?
Don’t stop hallway through: Brainstorm Mindmap? Actions!
Tool: Affinity Diagram & workflow
advancedmonitoring.ru @kchln
Almost there? Report.Create
Outline first – don’t generate texts
List items and give Definitions
Structure and facts
Width/Depth Switching prototypingGet approval/correctionsGet clarification
Tool: Outline & Example first, WDS Prototype (am)
advancedmonitoring.ru @kchln
Avoid extremes
Data and trends Visualization
Obvious Preconceived
Simple Complicated
Boring Fancy
Report Texts
Full description Screenshots/logs only
Boasting vulns Hug problems
Hack Slang Baby talk
Demonstrate. Communicate. Avoid counterintuitive forms
ex.#1
ex.#2
advancedmonitoring.ru @kchln
Don’t
restrict
ideas by
sticking to
standard
forms
but
do not
neglect
them ?
Tool: Standard vis tools in excel/calc etc. RTFM please!
advancedmonitoring.ru @kchln
Simple standard things. Use them right!
ex.#1ex.#2
Tool: Piecharts
advancedmonitoring.ru @kchln
Tool: No idea. shrooms??
Even if You can explain it – it’s too much
advancedmonitoring.ru @kchln
Tool: Visualization Taxonomy (give it a look here)
advancedmonitoring.ru @kchln
Powerful complex general tools for fast
analysis and check ideas. Don’t over engineer
Tool: Grid analysis (services up/vulns found excel by am)
advancedmonitoring.ru @kchln
Got idea? Prototype. Don’t over engineer
Tool: treemap (for services vis by am)
advancedmonitoring.ru @kchln
Report.Automate – Build your System
Store Data (received/generated)Human readable Machine readableItemized (lists)Well named
ActionableEdit, Snippets takingsFilters, Sorting
Manage and service
advancedmonitoring.ru @kchln
Report.Repeat – They think they are all the same?
No!
Look!!
Theyaresooodifferent
Rep q2
Rep q1
Rep q3
Rep q4
advancedmonitoring.ru @kchln
Hurling results to “Them”Pitches that should’ve made it but could as well fail
SQLi up to RCE for any registered userAny scary words like XSSDatabase vulnerability leads to full compromise Critical vulnerability in AAA config
Doh! You’re gonna get hacked soon
advancedmonitoring.ru @kchln
Master “Their” language
SWOTValue chain
7S, McKinsey’sDecision Trees
Comparison analysisImpact (Organization) analysis
CurrentState
Desired new
State
Bridge
Tool: MindTools.com for reference
That’s all, folks!Summary
Philosophy and high-level concepts
Planning and management
Report crafting
Communication tweaks
Visualization demystified
Organize chaos and keep tracking
Craft tools and build Your own System
Interpret results for presentation
advancedmonitoring.ru @kchln
Advanced Monitoring
OpSec/R&D/Forensics/Trainings
IT Security R&D Cooperation WorldwideRussia – Europe - Americas – Asia
Alexey Kachalin, [email protected]
@kchln