risk management webinar series - medmarcstep 1 perform a traditional security assessment open source...
TRANSCRIPT
![Page 1: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/1.jpg)
CYBER BREACH
Tactical Network Solutions LLC Proprietary Information [email protected] 1
Preventing Bodily Injury and Property Damage
![Page 3: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/3.jpg)
INTERNET SECURITY CAMERAS
Tactical Network Solutions LLC Proprietary Information [email protected] 3
![Page 7: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/7.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 7
![Page 8: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/8.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 8
![Page 13: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/13.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 13
![Page 14: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/14.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 14
![Page 15: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/15.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 15
![Page 16: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/16.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 16
![Page 17: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/17.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 17
![Page 18: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/18.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 18
![Page 19: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/19.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 19
![Page 20: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/20.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 20
![Page 21: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/21.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 21
![Page 23: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/23.jpg)
ELEMENT
Tactical Network Solutions LLC Proprietary Information [email protected] 23
IMPACTFraud losses, legal fees,new security measures
$Millions to $Billionsin costs
![Page 24: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/24.jpg)
ELEMENT
Tactical Network Solutions LLC Proprietary Information [email protected] 24
IMPACTFraud losses, legal fees,new security measures
$Millions to $Billionsin costs
Drop in stock & profits 5% to 10% drop in stock
![Page 25: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/25.jpg)
ELEMENT
Tactical Network Solutions LLC Proprietary Information [email protected] 25
IMPACTFraud losses, legal fees,new security measures
$Millions to $Billionsin costs
Drop in stock & profits 5% to 10% drop in stock
Brand valueBrand index scores immediately drop to negative
![Page 26: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/26.jpg)
ELEMENT
Tactical Network Solutions LLC Proprietary Information [email protected] 26
IMPACT
Credit rating S&P cuts credit rating
![Page 27: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/27.jpg)
ELEMENT
Tactical Network Solutions LLC Proprietary Information [email protected] 27
IMPACT
Credit rating S&P cuts credit rating
Job security Executive shake-ups
![Page 28: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/28.jpg)
ELEMENT
Tactical Network Solutions LLC Proprietary Information [email protected] 28
IMPACT
Credit rating S&P cuts credit rating
Job security Executive shake-ups
Customers leave Some customers never return
![Page 29: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/29.jpg)
DISCOVERING ATTACK VECTORS
Tactical Network Solutions LLC Proprietary Information [email protected] 29
![Page 30: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/30.jpg)
AS EASY AS 1, 2, 3
Tactical Network Solutions LLC Proprietary Information [email protected]
Step 1 Unpack the Firmware ImageOpen source tool called binwalk can unpack most firmware images.
Step 2 Analyze Executable Binaries and System FilesLook for low-hanging fruit like insecure coding practices and hidden private crypto keys.
Step 3 Fix, Compile, RepeatReplace insecure coding practices with secure methods. Remove all private crypto keys. Recompile code. Re-examine.
30
![Page 31: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/31.jpg)
BUT MY SOURCE CODE IS SECURE!
Tactical Network Solutions LLC Proprietary Information [email protected] 31
![Page 32: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/32.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 32
![Page 33: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/33.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 33
![Page 34: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/34.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 34
![Page 35: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/35.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 35
![Page 36: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/36.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 36
![Page 37: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/37.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 37
![Page 38: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/38.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 38
![Page 39: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/39.jpg)
Tactical Network Solutions LLC Proprietary Information [email protected] 39
![Page 40: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/40.jpg)
HOW TO MITIGATE CYBER SECURITY RISKSIN CONNECTED MEDICAL DEVICES
Tactical Network Solutions LLC Proprietary Information [email protected]
Step 1 Perform a Traditional Security AssessmentOpen source tools such as Nmap, Nessus, and Metasploit can help.
Step 2 Perform Blackbox Testing with FuzzingOpen source tools: w3af, Wfuzz, Wapiti. Commercial tools: Defensics.
Step 3 Perform a Firmware EvaluationOpen source tool: binwalk, gdb, OllyDbg. Commercial tools: Centrifuge Security Platform.
40
![Page 41: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/41.jpg)
WHO ISTACTICAL NETWORK SOLUTIONS
Tactical Network Solutions LLC Proprietary Information [email protected] 41
![Page 42: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/42.jpg)
Founded 2007
Tactical Network Solutions LLC Proprietary Information [email protected]
Founders are former NSA/TAO employeesOffensive cyber operations focus12 Employees
42
![Page 43: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/43.jpg)
MANAGEMENT TEAM
Tactical Network Solutions LLC Proprietary Information [email protected]
Terry Dunlap, Founder & CEONational Security Agency - 7 years experienceComputer Network Exploitation wireless tool developmentActing Branch Chief
Peter Eacmen, Co-Founder & CTONational Security Agency - 10+ years experienceComputer Network Exploitation tool developmentClose access operation supportEmbedded directly with USSOCOM unit at NSA
43
![Page 44: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/44.jpg)
FIRMWARE EVALUATION TEAM
Tactical Network Solutions LLC Proprietary Information [email protected]
10 EmployeesFormer NSA Computer Network Exploitation specialists in firmware reverse engineering
44
![Page 46: Risk Management Webinar Series - MedmarcStep 1 Perform a Traditional Security Assessment Open source tools such as Nmap, Nessus, and Metasploit can help. Step 2 Perform Blackbox Testing](https://reader033.vdocuments.mx/reader033/viewer/2022050323/5f7c3b2f1a401e63d1205b7f/html5/thumbnails/46.jpg)
CONTACT
Tactical Network Solutions LLC Proprietary Information [email protected]
Terry [email protected] (C)
Peter [email protected] (C)
Tactical Network Solutions LLC8825 Stanford Blvd., Suite 308
Columbia, MD 21045(443) 276-2990
46