View
616
Download
0
Category
Preview:
Citation preview
Hacking a Company
Igor Beliaiev
whoami
Security EngineerOWASP Lviv memberIgor Beliaiev
Red TeamingA red team is an independent group that challenges an organization to improve its effectiveness.
Penetration testers assess organization security, often unbeknownst to client staff. This type of Red Team provides a more realistic picture of the security readiness than announced assessments.
(c) Wikipedia
Red Teaming … of the airport security
95% failure rate67 out of 70
Transportation Security Administration test
%companyname
Compliance vs Security
Attack planning
The weakest part in security?
The security level of the system is determined by its most insecure
element
The most valuable information in company?
PEOPLEMONEY CLIENTS
Choosing targetsFinance
IT(backups, access, data)
AccountingInfrastructure Legal
Risks analysis
Technological risks: Malware/viruses/intrusions Cyber attacks Service provider failure Physical security (f.e. loss of devices) Data related vulnerabilities Phishing
Human risks: Human error/mistakes Insider sabotage/theft Lack of skills Lack of knowledge Lack of guidance
Social Engineering Works
Social Engineering Works
Caution - a lot of BLUR inside
Ask to use your USB flash
Let’s go deeper
Is it a feature?
Acting like IT Support
Accounting
Finance
IT support
Change in mindset needed
going inside…SoftServe
igor@beliaiev.comskype: ghost-bel
Recommended