Hacking cyber-iamit

Tags:

Preview:

Click to see full reader

DESCRIPTION

 

Citation preview

Hacking vs. Cyber

Hacking is a single battle, Cyber attack is part of warfare

Iftach Ian Amit | Director of Services, IOActive inc.

About

Hacking

Hacking

Hacking• How it looks like in the industry:

– Vulnerability Assessments– Penetration Testing– Code Reviews

– Other marketing terminology (that may involve the term “cyber” by mistake)

Hacking• Features:

– Usually a single target– Surface of attack – shallow (opportunistic)– Tools/Techniques: common, or simple development effort

• Motivation:– Financial– Political– Challenge

• Defenses:– Anti-Virus, Firewalls, WAF, IDS, IPS, etc…– Really ???

Cyber Attack

Warfare

Cyber Attack

Warfare• So… how does your “cyber” work out so far?• Confused yet?

• Good.

Warfare

This isn’t about computers anymore!

Hint – it never was.

Cyber Warfare• As the name suggests – it’s part of a bigger picture. Warfare.

• Warfare is never fought in a single domain (unless you want to lose…)

• Physical• Social• Intelligence• Electronic

These are the domains that cyberwar is engaged in

Hack into the server farm?

Or just take the server (hack into the server room…)

Bypass the firewall?

Nope. I’ll just walk into the network…

Or let you install my backdoor for me:

Social

Social-Electronic convergence

Intelligence

Check outGuy’s talkRight after this!

Final convergence – Electronic/Digital• Here’s your “cyber”…

• Profiling, intel gathering, reconnaissance• Vulnerability research (not just software!)• Exploitation• Establishing control, opening comm channels,

broadening foothold• Targeting assets• Exfiltration

The new language: Campaign

In ALL domains!

Cyber Warfare• Features:

– Multiple strategic targets– Surface of attack – full– Tools/Techniques: all, including all domains, and often with custom built tools

• Motivation:– Financial– Political

• Defenses:– Strategic Defense in Depth (not vendor products)– Awareness and Education (the human factor)– Coverage of all domains at the defense strategy

Practicing “cyber” – Red Team Testing

Writing

Hands-on

HomeworkPre-

engagement Interactions

Intelligence Gathering

Threat Modeling

Vulnerability Analysis Exploitation Post

Exploitation

Reporting

Hacking vs. Cyber

China always had it right

QUESTIONS?

Iftach Ian Amit@iiamitiamit@ioactive.com

Recommended

Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Decembre 2016
Technology
Ethical Hacking – Finse 2019 Cyber Security Winter school · 2019-06-13 · Ethical hacking sub-fields • Information gathering • Network reconnaissance • Web hacking • Internal
Documents
Ce hv6 module 43 cyber warfare hacking al-qaida and terrorism
Technology
Focus on cyber threats in hacking cycle
Government & Nonprofit
Theme: “ on Cyber Security and Ethical Hacking
Documents
Cyber Camp Hacking Web
Documents
Networking:) Based on Ethical Hacking And Cyber Security
Education
CYBER SECURITY & ETHICAL HACKING Training Training Program
Documents
Cyber Warfare vs. Hacking (in English)
Technology
Cyber Security-Ethical Hacking
Technology
Cyber Hacking
Documents
Hacking a cause of cyber crime final
Education
DDOS HACKING CYBERCRIME CYBER SECURITY PHISHING SPYING ... · SPYING MALWARE BOTNET ECRIME PARTNERSHIP TRAINING COOPERATION CYBER ESSENTIALS ANTIVIRUS FIREWALLS POLICE NCA DDOS HACKING
Documents
Cyber Range: Virtual Hacking Warfare
Documents
LoRaWAN Networks Susceptible to Hacking: Common Cyber … · Research-fueled Security Services \ WHITE PAPER \ LoRaWAN Networks Susceptible to Hacking: Common Cyber Security Problems,
Documents
Cyber Ethical Hacking Security Contest: Hack Fight!
Documents
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Technology
Cyber Security Workshop Ethical Web Hackingcybersecuritycompetition.unitec.ac.nz/files/Ethical_Manual_Web.pdf · Cyber Security Workshop Ethical Web Hacking ... Computer and operating
Documents
Hacking & cyber Security
Education
Cyber Crime Computer Hacking
Documents