Download   Report
  1. No category

Marcus Bengtsson

Marcus Bengtsson
CTO
Coresec 2014
EMPLOYEES
> 185
REVENUE
GROWTH 2014
>18%
REVENUE 2014 (€)
>47M
Safely enabling business
How to hack a retail company
Based on a true story
Phase 1 – Get in
Phase 1 – Get in
Phase 1 – Get in
Phase 1 – Get in
Attacker
DMZ
Application
server
Phase 1 – Get in
Based on a true story!
Phase 1 – Get in
The attacker then used the Metasploit
ntdsgrab module to obtain a copy of the NTDS
database
Based on a true story!
Phase 1 – Get in
Phase 1 – Get in
Phase 1 – Get in
Attacker
CnC Traffic
Corporate
domain
DMZ
User
workstation
Domain
controller
Application
server
Phase 2 – Gold
Attacker
CnC Traffic
Corporate
domain
Retail domain
User
workstation
User
workstation
AD Trust
Store 2
Store 1
DMZ
Domain
controller
Domain
controller
Application
server
Phase 2 – Gold
Attacker
CnC Traffic
Corporate
domain
Retail domain
User
workstation
User
workstation
AD Trust
Store 2
Store 1
DMZ
Domain
controller
Domain
controller
Application
server
Phase 3 – Extraction
Phase 3 – Extraction
Attacker
Data Exfiltration through FTP
CnC Traffic
Corporate
domain
Retail domain
User
workstation
User
workstation
AD Trust
Store 2
Store 1
DMZ
Domain
controller
Domain
controller
Application
server
There is no such thing as perfect security
Attacker
Data Exfiltration through FTP
CnC Traffic
Corporate
domain
Retail domain
User
workstation
User
workstation
AD Trust
Store 2
Store 1
DMZ
Domain
controller
Domain
controller
Application
server
Attacker
Data Exfiltration through FTP
CnC Traffic
Corporate
domain
Retail domain
User
workstation
User
workstation
AD Trust
Store 2
Store 1
DMZ
Domain
controller
Domain
controller
Application
server
Requirements for detection
Visibility
Context & Intelligence
Human Empowerment
Visibility
Trafikledningssystem, radar, flygplans cockpit….
“Without data you are just another person with an opinion”
Context & Intelligence
Without Context
With Context
Context & Intelligence
Data without Context:
Event:
Source=194.128.23.15 Destination=10.42.32.55 Type=Auth failed
Data with Context:
User:
Group:
Device:
Location:
Server:
LoginHistory:
AuthFailed: 1
Bob
Finance
Corporate PC
Copenhagen Office
SAP
10/day
Data with Context:
User:
Group:
Device:
Location:
Server:
LoginHistory:
AuthFailed: 29
Alice
Development
Unknown
China
SAP
0
Why people are smarter then machines...
Why people are smarter then machines...
The bad guys are smart, well equipped, and
determined.
There’s no reason that the good
guys can’t be the same.
Set Start Time Select Days Set Run Times Horas de Inicio

Set Start Time Select Days Set Run Times Horas de Inicio

. So Playing video games can get expensive,

. So Playing video games can get expensive,

The sky within your reach... air traffic controller Requirements For more information

The sky within your reach... air traffic controller Requirements For more information

Features General Description •

Features General Description •

How to Change the Chiller Digital Controller STEP 1 STEP 2 STEP 3

How to Change the Chiller Digital Controller STEP 1 STEP 2 STEP 3

Papers 2015 - Allama Iqbal Open University

Papers 2015 - Allama Iqbal Open University

Declaration by the M.Ed. applicants for the year 2015

Declaration by the M.Ed. applicants for the year 2015

EVOLUTION® Series Controller

EVOLUTION® Series Controller

How to use a CNC Machine 1.Design

How to use a CNC Machine 1.Design

UI Design Patterns for the Web and Desktop

UI Design Patterns for the Web and Desktop

Full Text - J

Full Text - J

Cybersecurity: Protecting Against Things that go “bump” in the

Cybersecurity: Protecting Against Things that go “bump” in the

abcdocz.com

© Copyright 2024