It's Okay To Touch Yourself!

DerbyCon 2013

Ben Ten(@Ben0xA)

About Me

●12+ years experience in Health CareInformation Systems

●Vice President & Security Officer●Developer (Builder)●Security Consultant, Trainer

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

About Me

●Federal Regulation Compliance Oversight (HIPAA, HITECH, PCI, Meaningful Use, Red Flag)

●Manager●Gamer●Love Science Fiction

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Overview

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

This talk is SFW!

Overview

●State of Breach Detection●What is a Self Assessment●Performing Fire Drills●Pitfalls to Avoid●Tools●Acknowledgments●Q&A

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#10

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#9

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#8

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#7

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#6

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#5

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#4

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#3

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#2

DerbyConTest

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

#1

Why This Talk? Why Me?

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

A @dave_rel1k story...

Why This Talk? Why Me?

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

64% of businesses did not detect they had a breach

until after 90 days!

Source: 2013 Global Security Report ~ Trustwavehttps://www2.trustwave.com/2013GSR.html

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Approximately 70% of breaches were discovered

by external parties who then notified the victim.

Source: 2013 Data Breach Investigations Report ~ Verizonhttp://www.verizonenterprise.com/DBIR/2013/

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Source: 2013 Data Breach Investigations Report ~ Verizonhttp://www.verizonenterprise.com/DBIR/2013/

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

But we have these tools!!!11!!!two

●SIEM●DLP●IDS/IPS●Logs

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

So, what's the problem?

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

●Poorly implemented tools

●Lack of implemented tools

●Or maybe it's a perception issue...

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Security by Obscurity

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Security by Vicinity

State of Breach Detection

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Security by Divinity

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

It's time to get intimate with your...network!

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

At the very least, the critical parts of your network!

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

PTES – An Intro

● Pre-engagement Interactions● Intelligence Gathering● Threat Modeling● Vulnerability Analysis● Exploitation● Post Exploitation● Reporting

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

● Pre-engagement Interactions● Intelligence Gathering● Threat Modeling● Vulnerability Analysis● Exploitation● Post Exploitation● Reporting

PTES – An Intro

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

http://www.pentest-standard.org/index.php/Vulnerability_Analysis

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

http://www.pentest-standard.org/index.php/Vulnerability_Analysis

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

http://www.pentest-standard.org/index.php/Vulnerability_Analysis

DISCLAIMER

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

●I am not a professional penetration tester. But, I am staying at the Hyatt.

●Do not attempt anything on any network unless you have written permission!

●Do not do this on production first. Use a test environment!

DISCLAIMER

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

DISCLAIMER

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Getting Intimate

Know your Ports!

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Getting Intimate

Know your Logs!

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Getting Intimate

Know your Software!

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

https://www2.trustwave.com/cpn-hackers-playbook-2013-sm.html

Self Assessment

Self Assessment

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Tools● NeXpose (Rapid7)

● Nessus (Tenable)

● BurpSuite

● Health Monitor

● nmap/zenmap

● ninite

Fire Drills

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Why?

Fire Drills

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

● Are your tools working?

● Does your team react appropriately?

● What is happening during that nmap,nexpose, nessus, scan?

● What's the Incident Response plan and is itworking?

Pitfalls to Avoid

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

● Verify Scope!

● Start Small / Focused

● Be wary of untested tools!

● Secure your results

● Don't DoS yourself

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

“[T]he ultimate goal should be to develop an environment in which

security events are discovered innately—by both responsible

security professionals or others in the organization.”

Source: 2013 Global Security Report ~ Trustwavehttps://www2.trustwave.com/2013GSR.html

New Tool

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

My Big Security Idea!

New Tool

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

New Tool

Will Steele @pen_test

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

New Tool

Conclusion

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

In Conclusion

Acknowledgments

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

●@securitymoey●@jwgoerlich●@jaysonstreet●@elizmmartin●@rogueclown●@dualcoremusic●@derbycon

Conclusion

PoshSec Developers

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

●@mwjohnson●@jwgoerlich●@securitymoey●@mortprime●@rjcassara●@PoshSec

Conclusion

PoshSec Framework - Beta

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

http://github.com/poshsec/poshsecframework

Conclusion

View the ReadMe!

Contact Information

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

●@Ben0xA●Ben0xA on Freenode (IRC)●derbycon@ben0xa.com●http://ben0xa.com●http://github.com/Ben0xA●http://github.com/PoshSec

Questions?

Conclusion

Thank You!

It's Okay To Touch YourselfBen0xA - DerbyCon 2013

Conclusion