Google to Pwnag3 pt.IIPreventing the Pwnag3

Jayson E. Street, CISSP, GSEC, GCIH, GCFA

IEM, IAM, CCSE, CCSA, Security+, etc…

Let go of my EGO Lets start out with a little about yours truly.

http://stratagem-one.com

Know yourself know your enemy

• Sun Wu (Tzu) “Ping-fa”(The Art of War)• “Thus it is said that one who knows the enemy and

knows himself will not be endangered in a hundred engagements. One who does not know the enemy but knows himself will sometimes be victorious, sometimes meet with defeat. One who knows neither the enemy nor himself will invariably be defeated in every engagement!”

Contents

• INTRO• Phase 1 Recon / Defense• Phase 2 Scan / Defense• Phase 3 Explore / Defense• Phase 4 Exploit / Defense• Phase 5 Expunge / Defense• THE POINT!• Resources• Discussion

Phase 1 Recon / Defense

The hardest one to detect so how do you defend against it?

Easy you do it first!3.Google alerts4.Look at your website like you want to

hack it.5.Go undercover (cyber-style) BEWARE!

Phase 2 Scan / Defense

• Stealth Scanning not always that stealthy.

• Nmap is NOISY!!!!11one11!!!

• Slow and steady steals the race (but watching your firewall logs can DQ most of your rivals).

Phase 3 Explore / Defense

“Some things aren't and never will be under your control.”

Drive by browsing.= means your web developer is your bullet proof vest.

The human touch. Is no match for a web head who takes pride in his work.

Phase 4 Exploit / Defense

• Netcat (wait a minute you let them get netcat on your system?????)

• Hashing it out. A good time to mention “If they have physical access to your system it is no longer your system.”

• Got R00T? Not if the admin password is 15 characters long and why shouldn’t it be?

Phase 5 Expunge / Defense

• Regedit no match for GPO which beats the NWO every time.

• Events what events? The ones on your remote log server right?

• Patch and clean (there are some bad people out there)

THE POINT!

• “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.”Bruce Schneier

Resources

• Without understanding where the opponent's weaknesses are you cannot borrow their strength to use against them. (Cheng Man Ching)

• http://www.infragard.net/chapters/oklahoma/ • http://OSVDB.org• http://isc.sans.org • http://forums.stratagem-one.com (shameless plug)

This presentation is located @– http://f0rb1dd3n.com/s1s/WP/

Now let’s learn from others

• Discussion and Questions????

• Or several minutes of uncomfortable silence it is your choice.

Once again those links

• http://www.infragard.net/chapters/oklahoma/ • http://OSVDB.org• http://isc.sans.org • http://forums.stratagem-one.com (shameless plug)

This presentation is located @

– http://f0rb1dd3n.com/s1s/WP/