hacking cyber-iamit
DESCRIPTION
TRANSCRIPT
![Page 1: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/1.jpg)
Hacking vs. Cyber
Hacking is a single battle, Cyber attack is part of warfare
Iftach Ian Amit | Director of Services, IOActive inc.
![Page 2: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/2.jpg)
About
![Page 3: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/3.jpg)
Hacking
![Page 4: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/4.jpg)
Hacking
![Page 5: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/5.jpg)
Hacking• How it looks like in the industry:
– Vulnerability Assessments– Penetration Testing– Code Reviews
– Other marketing terminology (that may involve the term “cyber” by mistake)
![Page 6: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/6.jpg)
Hacking• Features:
– Usually a single target– Surface of attack – shallow (opportunistic)– Tools/Techniques: common, or simple development effort
• Motivation:– Financial– Political– Challenge
• Defenses:– Anti-Virus, Firewalls, WAF, IDS, IPS, etc…– Really ???
![Page 7: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/7.jpg)
Cyber Attack
![Page 8: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/8.jpg)
Warfare
![Page 9: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/9.jpg)
Cyber Attack
![Page 10: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/10.jpg)
![Page 11: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/11.jpg)
Warfare• So… how does your “cyber” work out so far?• Confused yet?
• Good.
![Page 12: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/12.jpg)
Warfare
![Page 13: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/13.jpg)
This isn’t about computers anymore!
Hint – it never was.
![Page 14: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/14.jpg)
Cyber Warfare• As the name suggests – it’s part of a bigger picture. Warfare.
• Warfare is never fought in a single domain (unless you want to lose…)
• Physical• Social• Intelligence• Electronic
These are the domains that cyberwar is engaged in
![Page 15: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/15.jpg)
Hack into the server farm?
Or just take the server (hack into the server room…)
![Page 16: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/16.jpg)
Bypass the firewall?
Nope. I’ll just walk into the network…
Or let you install my backdoor for me:
![Page 17: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/17.jpg)
Social
![Page 18: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/18.jpg)
![Page 19: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/19.jpg)
Social-Electronic convergence
![Page 20: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/20.jpg)
Intelligence
![Page 21: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/21.jpg)
Check outGuy’s talkRight after this!
![Page 22: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/22.jpg)
Final convergence – Electronic/Digital• Here’s your “cyber”…
• Profiling, intel gathering, reconnaissance• Vulnerability research (not just software!)• Exploitation• Establishing control, opening comm channels,
broadening foothold• Targeting assets• Exfiltration
The new language: Campaign
In ALL domains!
![Page 23: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/23.jpg)
Cyber Warfare• Features:
– Multiple strategic targets– Surface of attack – full– Tools/Techniques: all, including all domains, and often with custom built tools
• Motivation:– Financial– Political
• Defenses:– Strategic Defense in Depth (not vendor products)– Awareness and Education (the human factor)– Coverage of all domains at the defense strategy
![Page 24: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/24.jpg)
Practicing “cyber” – Red Team Testing
Writing
Hands-on
HomeworkPre-
engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis Exploitation Post
Exploitation
Reporting
![Page 25: Hacking cyber-iamit](https://reader035.vdocument.in/reader035/viewer/2022062616/54b6b6134a7959e71f8b4659/html5/thumbnails/25.jpg)
Hacking vs. Cyber
China always had it right