Presentation is loading. Please wait.

Presentation is loading. Please wait.

Or how to learn to love the bomb

Published bySimon Holmes Modified over 5 years ago

Similar presentations

Presentation on theme: "Or how to learn to love the bomb"— Presentation transcript:

1 Or how to learn to love the bomb
Blue Team Or how to learn to love the bomb

2 About Me Long term geek 20 years law enforcement
B.S. in Physics from RPI M.S. in Economic Crime Management from Utica College 4+ years Defense Industry 1.5 years with GE Avid computer gamer 6 years adjunct faculty at Utica College (Cyber Security)

3 Blue Team vs Red Team - Military
Different sides of an exercise Often have similar attack and defend abilities & tools Old school would try to have red team simulate likely opponents tools and abilities while blue team used organizations current tools, policies, and procedures Victory was measured by capturing flags (position on a map) This is where capture the flag (CTF) comes from Sometimes victory was a single flag, other times it was score based with multiple flags possible with different values

4 Corporate Blue Teams Vary by business Grow organically
Typically based on using internal knowledge to test defenses Primary areas: Hardening Systems Evaluating Systems Testing Systems Championing Change

5 System Hardening Cyber Patriot Check lists
Check lists Goal is to have a build method that is Quick Repeatable Explainable

6 Evaluating Systems Focused Attack on
Services Processes Work with internal knowledge of current defenses Policies Procedures Defensive devices Response plan

7 Testing Systems Systems Vulnerability Announcements Hardware Software
Cloud Services Mobile Services Processes Vulnerability Announcements Quickly test systems Determine ways to alert Determine ways to defend

8 Champions for Change Subject Matter Experts (SMEs)
Identify areas where change can have greatest impact Identify areas where lack of change can cause great pain Ability to demonstrate the issue with technical testing Ability to communicate the issue to leadership Ability to accept blue team doesn’t make the business decisions

9 Business Value Blue team is overhead
They don’t make the company money They are expense to maintain What they recommend is expensive to impliment Must market themselves to business for value Just like another company might try to entice a customer to purchase a blue team evaluation Need to demonstrate not having the function will cost more than having it Similar to insurance

10 Value SMEs on staff to help with incidents
Identify systems that need improvements Cost of doing nothing is more expensive than finding + fixing Cost of not knowing sometimes even higher, since ignorance of something you should be aware can make your business more liable Ignorance is not a defense when it is something you should being looking at Cheapest way to reach compliance Mandated by industry or government standards Champion cultural change Champion real change

11 Compliance Many industries have: Finance Defense Commerce
Reasonable Due Dilligence Best Practices Regulations Finance Defense Commerce Compliance is south of secure, but protects against a lot of lawsuits Often being breached creates an out of compliance condition

12 Blue Team Goals Be the coolest team on the map
Identify areas of weakness Identify ways they can be exploited Articulate the consequences of exploitation Demonstrate the consequences of exploitation Participate in remediating risk associated with explotation Patching Monitoring Responding

13 Reconnaissance/Research
Blue team focuses on studying their targets Research what systems are used by a business Research methods for exploiting the systems Don’t stop with just one, the goal is to identify all possible vulnerable points in a system

14 Penetration Blue team tactics can be Scan Targets
Active/Passive Social Engineer processes Stage Exploits Internal/External Malware Carbon Low Security Hygiene

15 Actions on Objectives Escalate Privileges Pivot Pillage Paralyze
Persistence Avoid detection Interfere with responders

16 Value^2 Reporting out Yes, writing report is a highly valued blue team skill No matter how good at penetrating or exploiting, the results must be conveyed to: Leadership Detection team Response team Infrastructure/network team Personnel (HR) for training opportunities

17 Summary Blue team is full of the smartest of the smart
Experience at detection and response are good base Experience at network/system administration help They do a lot of reading They do a lot of failing They add value by preventing damage in excess to their cost They protect a company’s: Intellectual property Real property Image Biggest difference, Blue team starts with knowledge to find weaknesses

18 Careers on Blue Team Skills learned in
Military CTF challenges DFIR challenges (Home lab?) Network admin System admin Security (Physical || Digital) Liars & cheats Programming Did I mention that GE is hiring?

19 Appendix: Tools Kali Linux Metasploit Nessus Nmap Webshells Malware
Credential crackers/scrapers Phone (never forget the social engineering portion of testing)

20

Download ppt "Or how to learn to love the bomb"

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.

Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Network security policy: best practices

Network security policy: best practices
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Introduction to Network Defense

Introduction to Network Defense
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
EEye Digital Security  1.866.339.3732   On the Frontline of the Threat Landscape: Simple configuration goes a long way.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Similar presentations

Ads by Google