Hmmmm? Google?
Putting aside the movie thing… Today’s national infrastructures are in desperate need for red team testing.
We know they run ancient software that it’s exploitable. We know they are relatively easy to penetrate. We know the vendors (such as Siemens) have no plans of upgrading anything because they still sell the old, security-lack software.
Good strategy is elusive. Some people can read The Art of War every day and never generate a single good strategy, while others can outthink Sun Tzu without ever opening a book. Reading can help, and so can training, but the effect is limited when an exploitable mindset prevails. Americans, for example, tend to emphasize technology and forget that every gadget comes with at least one new liability, usually several.
What we really need is a common base of flexible but structured thinking techniques—techniques that help us focus and collaborate while strengthening our ability to outthink, not just “out-tech,” our opponents. To date, a variety of authors have attempted to collect and share such techniques, but no single source has captured a critical mass of techniques or presented them in a way that makes them immediately useful.
In the past few years security contractors and other personnel have been engaged in VIP protection; from perimeter security and convoy protection to personal security assignments.
I've done this in the past. I received the training. However, since I am also a geek with red team and information warfare skills I also performed what I like to call *VIP digital protection* or VDP.
C-level executives, VPs, command and other high level employees or personnel are targets not only on the physical side but also on the digital side. Their laptops, cellphones, iPads, etc contain a wealth of information that can not only be sold for a lot of money, it can also represent a risk to national security.
Read MoreIf you’re in public, you’re on camera. If you walk into a coffee shop, the owner gets you at the register. Visit a larger store, and chances are they have your face as soon as you cross the threshold. At least one or two of your neighbors catch you on camera when you walk around your neighborhood, and many cities monitor traffic using red light cameras at major intersections. The question is no longer if you’re on camera, but rather how many different angles you were caught on while going about your day.
With so much monitoring taking place, and with surveillance systems gaining more online functionality every year, it’s natural that securing these systems would become… complicated. And that many many are secured incorrectly or not at all. Because so many cameras and surveillance systems are completely open, it’s possible for anyone with Internet access to watch literally thousands of cameras online using only Google and a kindergartener’s understanding of the ‘Net. With a little time and patience, almost any given system, from a set of residential cameras to those used by your local police, can be accessed, viewed, and even reset if not properly secured. Of course, if you can do this, it means that anyone can do it. Feel safer yet?
Read MoreI wanted to post again a link to Richard’s Digital Situational Awareness Methods article. It’as n old but it is still relevant and good. He wrote about this also back in 2007: Asset-Centric vs Threat-Centric Digital Situational Awareness. Also a good read.
Read MoreSome time ago, while I was helping a law enforcement agency track a wanted mobter boss, I came across one of his trusted people's computer. He and I were connected to the same insecure wireless at a cafe. After some scanning and running several little exploits I managed to get a shell to his Windows XP machine.
Putting aside the fact that his XP wasn't updated and that XP is the easiest Windows to penetrate, he didn't have any firewall, antivirus or any other security program on his laptop. Initially I thought the laptop was one of those *burn* computers: use once and discard, so I was hesitant to leave there any backdoor, however he was the only lead we had to the boss. I installed a little backdoor.
The backdoor program would try to connect to a server I had ready. Just send a "I'm alive" signal via an HTTP GET that was injected into any application connected to the internet as soon as the laptop connected to a new network (different from the one we were connected at that moment). The idea was to piggy back into an app already connected and try to remain hidden like that.
I wasn't sure it would work because the more I searched the laptop, the more I thought this was a burn computer. My hope, though, was that this guy would eventually connect to a network where either the boss was connected or that we could find data belonging to the organization; maybe this last part would help us find the boss.
For several weeks my *listening* program didn't get any signals. Then, when I was to shut down the server, I had one.
Rob Fuller and Chris Gates: Dirty Little Secrets Part 2
One of our security lab team members is an ex-cyberspook who spent his career in the military doing hacking, crypto, and a lot of special computer ops for different government agencies. Having the highest security clearance gave him access to a wide range of attack techniques and understanding of countermeasures and a unique perception of what I will refer to as twenty-first century “digital gangs.” He is now employed by the private sector to protect corporations from global attacks by infiltrating the digital attackers.
A great set of slides about the utilization of Open Source Intelligence (OSINT) for information gathering and as a penetration vector for pentests.
Heck Yes. Interview with Eddie Schwartz CSO of RSA
Richard Stiennon interviews Eddie Schwartz, CSO of RSA from Richard Stiennon on Vimeo.
