hacking a company
TRANSCRIPT
![Page 1: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/1.jpg)
Hacking a Company
Igor Beliaiev
![Page 2: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/2.jpg)
whoami
Security EngineerOWASP Lviv memberIgor Beliaiev
![Page 3: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/3.jpg)
Red TeamingA red team is an independent group that challenges an organization to improve its effectiveness.
Penetration testers assess organization security, often unbeknownst to client staff. This type of Red Team provides a more realistic picture of the security readiness than announced assessments.
(c) Wikipedia
![Page 4: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/4.jpg)
Red Teaming … of the airport security
95% failure rate67 out of 70
Transportation Security Administration test
![Page 5: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/5.jpg)
%companyname
![Page 6: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/6.jpg)
Compliance vs Security
![Page 7: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/7.jpg)
![Page 8: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/8.jpg)
Attack planning
The weakest part in security?
The security level of the system is determined by its most insecure
element
The most valuable information in company?
PEOPLEMONEY CLIENTS
Choosing targetsFinance
IT(backups, access, data)
AccountingInfrastructure Legal
![Page 9: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/9.jpg)
Risks analysis
Technological risks: Malware/viruses/intrusions Cyber attacks Service provider failure Physical security (f.e. loss of devices) Data related vulnerabilities Phishing
Human risks: Human error/mistakes Insider sabotage/theft Lack of skills Lack of knowledge Lack of guidance
![Page 10: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/10.jpg)
Social Engineering Works
![Page 11: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/11.jpg)
Social Engineering Works
![Page 12: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/12.jpg)
Caution - a lot of BLUR inside
![Page 13: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/13.jpg)
![Page 14: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/14.jpg)
Ask to use your USB flash
![Page 15: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/15.jpg)
Let’s go deeper
![Page 16: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/16.jpg)
Is it a feature?
![Page 17: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/17.jpg)
Acting like IT Support
![Page 18: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/18.jpg)
Accounting
![Page 19: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/19.jpg)
Finance
![Page 20: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/20.jpg)
IT support
![Page 21: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/21.jpg)
Change in mindset needed
![Page 22: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/22.jpg)
![Page 23: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/23.jpg)
going inside…SoftServe
![Page 24: Hacking a company](https://reader036.vdocument.in/reader036/viewer/2022062905/5870e36d1a28abcf288b5371/html5/thumbnails/24.jpg)
[email protected]: ghost-bel