Presentation is loading. Please wait.

Presentation is loading. Please wait.

Game of P0WN3Ds: Winter Has Come

Published byFrancis Beasley Modified over 6 years ago

Similar presentations

Presentation on theme: "Game of P0WN3Ds: Winter Has Come"— Presentation transcript:

1 Game of P0WN3Ds: Winter Has Come

2 Game of P0WN3Ds: Winter Has Come
Duncan McAlynn, Principal Security Engineer Follow Follow Today’s Hashtag: #GameOfP0wn3ds

3 Game of P0WN3Ds: Winter Has Come
Jon (Snow) Stark, Civil Wall Engineer Follow Follow Today’s Hashtag: #GameOfP0wn3ds

4 You Have Been Warned!

5 about us

6 Our History

7 Global Offices Headquarters: SLC, UT • USA Corporate Offices
Satellite Offices

8

9 Agenda Jon comes to the Night’s Watch
Meant to protect & defend the Wall Jon warns against the White Walkers Had firsthand accounts Knew the families & how to exploit them Fought & lost Tried to unify the families White Walkers are coming The Wall will fail (fall) Must unify & use a different battle strategy WINTER IS HERE!

10

11 What is Ransomware? Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files, and the only way to regain access to the files is to pay a ransom. Two types of ransomware in circulation: Encrypting Ransomware - which incorporates advanced encryption algorithms to lock victim out of files. Examples include CryptoLocker, Locky, CrytpoWall and more. Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files.  Some locker versions can even infect the Master Boot Record (MBR). Examples include Satana and Petya families.

12 Key Characteristics of Ransomware
Unbreakable encryption Ability to encrypt all kinds of files Scramble your file names Add a different extension to your files An image or a message (ransom note) Requests payment in Bitcoin The ransom payments have a time-limit Uses a complex set of evasion techniques Often recruits the infected PCs into botnets  Can spread to other PCs connected to a local network Frequently features data exfiltration capabilities

13

14 8 ways in which JavaScript is used to spread malware
Malicious JavaScript code injections in legitimate websites Hidden iFrames Malicious JavaScript code injections in advertising networks Drive-by downloads Malicious JavaScript attachments  Infected downloads triggered through compromised JavaScript code injects Browser add-ons and plugins Fake software pop-up messages

15 Protecting Yourself Against JavaScript Malware
Keeping your software updated at all times (your browsers, apps, operating system, etc.) Using a strong antivirus product with extensive capabilities Installing a traffic filtering solution that can ensure proactive security (VPN, Proxy, URL Filtering, Personal Firewall) Never clicking on links in unsolicited s (spam) Never downloading and opening attachments in spam s Keeping away from suspicious websites

16 What You Can Do Right Now to Protect Yourself
Implement Backup for Critical Systems Have your own backup strategy and test often (Veeam Agent for Microsoft Windows FREE v2) Consider changing your browser security settings, removing old/unused plugins, disabling JavaScript Ensure proper Windows Update settings for auto-protection, including other Microsoft products Patch 3rd party applications and consider turning on vendor’s auto update features for continuous protection Use VPN for public/open WiFi Install HTTPS Everywhere plug-in from EFF & Tor Use a TOR browser for complete anonymity

17

18 What You Can Do Right Now to Protect Your Organization
Use GPOs to Re-associate dangerous file extension types to notepad.exe or for Software Restriction policy Programs: .EXE, .PIF, .APPLICATION, .GADGET, .MSI, .COM, .SCR, .HTA, .CPL, .MSC, .JAR Scripts: .BAT, .CMD, .VB, .VBS, .VBE, .JS, .JSE, .WS, .WSF, .WSC, .WSH, .PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2, .MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML Office Macros: .DOC, .XLS, .PPT, .DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM Others: .REG, .INF, .LNK, .SCF, .PDF

19

20 What You Can Do Right Now to Protect Your Organization
Remove local administrator rights from end users Drive-level Encryption (BITLocker) File/Folder-level Encryption (7-Zip, WinMagic AES-256) Deploy Windows 10 NOW! Device Guard Credential Guard Secure Boot Windows Server Update Services (WSUS) 3rd Patching Patching Solutions like Ivanti Patch for SCCM Use Security Compliance Baselines to Identify Drift Disable SMBv1 Everywhere Possible!

21 I’m Outta Here!

22 @infosecwar @GoIvanti
Questions? @infosecwar @GoIvanti

23 THANK YOU!

Download ppt "Game of P0WN3Ds: Winter Has Come"

Similar presentations

Intrusion Prevention anno 2012: Widening the IPS concept.

Intrusion Prevention anno 2012: Widening the IPS concept.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.

Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Protecting Your Computer & Your Information

Protecting Your Computer & Your Information
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Securing Microsoft® Exchange Server 2010

Securing Microsoft® Exchange Server 2010
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
The Internet and Access to Information Why is it so difficult to eliminate SPAM? By:Juan C. Vargas Computer Science 450.

The Internet and Access to Information Why is it so difficult to eliminate SPAM? By:Juan C. Vargas Computer Science 450.

Similar presentations

Ads by Google