Cybersecurity Red Team, Blue Team
CYBERSECURITYRED TEAM, BLUE TEAMOLLI Summer 2016Tom ManteuffelSlides: http://www.olligmu.org/ docstore
Plan of The CourseWeek I - How did we get here?Week II - Red Team: Hacking 101Week III - Blue Team: Defending the home computers
Phases in a Major AttackReconnaissance Open source investigation Possible Google-hackingIntrusion Acquiring persistence, command-and-control Privilege escalationNetwork Discovery Scanning FootprintingHost Capture Data capture and encryptionExfiltration Data transfer to source
Cyberwarfare
Will there be a Cyberwar?There already has Has among the highestInternet usage in the worldHas free Wi-Fi virtuallyeverywhereFirst nation to conductvoting purely onlineWhere Skype wasinventedAnd it happens to be where the firstcyberwar was launched
Cyberwar 1.0?April 2007Denial of Service attacks targetedEstonian Parliament, banks, ministries,newspapers and broadcasters.The attacks followed EstonianParliament’s decision to relocate a bronzepost-WW II Monument to the Red Army .The attacks triggeredmilitaries around the world toprepare for cyber attacks.NATO established its Cyber DefenseCenter in Estonia in 2008.
StuxnetMalware targeting Iranian nuclear centrifugeswas developed by nation-state(s).Was largely thought to be effective.But Eventually escaped to the wild, causingheadaches for civilian infrastructure
Titan RainA long series of cyber attacks starting around 2001 targetingLockheed Martin, Sandia Labs, DIA, Redstone Arsenal, etc.Generally attributed to Chinese (PLA) entitiesBillions of dollars worth of stolen intellectualproperty has been taken overall.Attacks may have moderated since a September2015 informal promise by Xi JinPing to Obama thatChina would constrain its attacks.
Verizon’s -insights-lab/dbir/2016/
Verizon DBIR 2016Nation-state vs. organized crimeWho is responsible?What are they after?
Verizon BDIR 2016How does malware get in?
Research on Specific ThreatsRecent cyber-espionage research published in 2015/2016 APT28 (FireEye) APT30 (FireEye) Duqu Threat Actor (Kaspersky) Morpho Group (McAfee) Various Actors/Campaigns (Kaspersky) Project CameraShy (Threat Connect) Various Actors/Campaigns (CrowdStrike)Arm yourself with information
So What Can One Do to Protect Oneself?
Be Password SavvyConsider using a password managerLastPass 4.0RoboFormSticky PasswordLogmeOnce
Use an Up-to-Date AntivirusAvast Free Antivirus 2016All these are free AVG AntiVirus Free (2016)Panda Free Antivirus 2016Sophos HomeBitdefender Antivirus Free Edition (2014)Check Point ZoneAlarm Free Antivirus Firewall 2016
You Can Submit Malware Here
Antivirus Used on VirusTotal
This is just the lastseven days activities
Keep Up-to-Date on PatchesAlways accept patches when offered, especially Adobe(including Flash), Java and BrowsersConsider using a tool to detect unpatched softwareMicrosoft Baseline Security AnalyzerPersonal Software Inspector
Free Endpoint ProtectionInstall one and see if it fits your needs
Microsoft Tools
Good Source for Info/Downloads
Other Tools
More Tools
Don’t Websurf as Administrator
Browser Safety HabitsDisable automatic Javascriptand other scripting languagesOr Suppress ads and popupsMinimize Tracking
To Fight Ransomware Backup!And maybe try
Email SecurityAlso be wary ofemailattachments!
If you are a bit tech savvy Try Application Whitelisting AdobeOutlookMS WordWindowsExplorerFirefoxSystemFire
Application WhitelistingApplication whitelisting is like the inverse of antivirus, whichattempts to block known-bad programs. Whitelisting permitsonly known-good programs.Recommended readingLook up Windows Family Safety feature and use ‘child accounts.’
Some more ideas Turn off the computer when not in use Occasionally examine Windows Task Manager Windows EMET is free, and helps---if you’re tech savvy Can try anti-rootkit freeware:Vba32 Anti-Rootkit
What To Do If You’ve Been Hacked
Compared to those who defend corporateand governmental networks you have a chance!Happy surfing .
Questionsmanteuf@verizon.net
Use an Up-to-Date Antivirus Avast Free Antivirus 2016 AVG AntiVirus Free (2016) Panda Free Antivirus 2016 Bitdefender Antivirus Free Edition (2014) Check Point ZoneAlarm Free Antivirus Firewall 2016 Sophos Home All these are free
Brownie Cybersecurity Explore cybersecurity by earning these three badges! Badge 1: Cybersecurity Basics Badge 2: Cybersecurity Safeguards Badge 3: Cybersecurity Investigator This Cybersecurity badge booklet for girls provides the badge requirements, background information, and fun facts about cybersecurity for all three Brownie
Wishy-Washy Level 2, Pink Level 3, Red Level 3, Red Level 4, Red Level 2, Pink Level 3, Red Level 3, Red Level 4, Red Level 3, Red Level 4, Red Level 4, Red Titles in the Series Level 3, Red Level 3, Red Level 4, Red Level 3, Red Also available as Big Books There Was an Old Woman. You think the old woman swallowed a fly? Kao! This is our
Deep Red/Blue - Low Blue 1 GPL toplighting DR/B LB 200-400V 303818 9290 009 79906 Deep Red/Blue - Low Blue - Wide beam 1 GPL toplighting DR/B LB 200-400V WB 303834 9290 009 80006 Deep Red/Blue - Medium Blue 1 GPL toplighting DR/B MB 200-400V 303842 9290 009 80106 Deep Red/Blue - High Blue 1 GPL toplightin
team xl team 2. t050710-f xl team 3. t050907-f xl team xl team 4. t050912-f xl team xl team 5. t050825-f xl team xl team 6. t050903-f xl team. 2 7. t050914-f xl team xl team 8. t061018-f xl team 9. t061105-f xl team name xl team 10. t060717-f xl team xl team 11. t070921-f xl team xl team xl team 12. t061116-f xl team. 3 13. 020904-f name/# xl .
Blue Shield 65 Plus Choice Plan (HMO) X Blue Shield of California Blue Shield Inspire (HMO) X Blue Shield of California Blue Shield Medicare (PPO) Blue Shield Promise X Blue Shield of California AdvantageOptimum Plan (HMO) Blue Shield Promise X Blue Shield of California AdvantageOpt
Blue Cross and Blue Shield of Alabama is an independent corporation operating under a license from the Blue Cross and Blue Shield Association, an association of independent Blue Cross and Blue Shield plans. The Blue Cross and Blue Shield Association permits us to use the Blue Cross and Blue Shield service marks in the state of Alabama.
Mar 01, 2018 · ISO 27799-2008 7.11 ISO/IEC 27002:2005 14.1.2 ISO/IEC 27002:2013 17.1.1 MARS-E v2 PM-8 NIST Cybersecurity Framework ID.BE-2 NIST Cybersecurity Framework ID.BE-4 NIST Cybersecurity Framework ID.RA-3 NIST Cybersecurity Framework ID.RA-4 NIST Cybersecurity Framework ID.RA-5 NIST Cybersecurity Framework ID.RM-3 NIST SP 800-53
CSCC Domains and Structure Main Domains and Subdomains Figure (1) below shows the main domains and subdomains of CSCC. Appendix (A) shows relationship between the CSCC and ECC. Cybersecurity Risk Management 1-1 Cybersecurity Strategy 1-2 1- Cybersecurity Governance Periodical Cybersecurity Review and Audit 1-4 Cybersecurity in Information Technology
