Help Irongeek.com pay for bandwidth and research equipment:
The Art Of Espionage 2016 or Stop Trying To Be Tom Cruise - Ryan Jones, McOmie NolaCon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)
The Art Of Espionage 2016 or Stop Trying To Be Tom Cruise Ryan Jones, McOmie
A continuation of the series that we have been doing for close to 10
years now. The freshly updated (as in this week) slide deck will present
ole’ school basics, brand spanking new techniques, low tech attacks,
crazy blended attacks, and lots of fun stories from the field. All of
this in an effort to change the audience’s mindset and way they approach
security.
Disclosure:
This is not a how-to Red Teaming, Pentesting, Security Consulting, etc.
boring ass speech (although parts of it will help you in these arenas).
This speech is designed to help you wrap you mind around what matters
and how you are fucking up. A few quick examples:
1. the company that puts 260$ medeco locks on external doors. . . made
of glass.
2. defeating $100,000 fireproof vaults with 10 cents worth of liquid
tide.
3. Hiring guards, dogs, deploying cameras, high security solutions like
man traps, weight plates, and metal detectors, etc. . . and then you
invite me in and welcome me with a smile.ts 5pm on a Friday, everyone is
ready to go home for the weekend. An urgent email comes in from the CEO,
requesting an immediate fund transfer of hundreds of thousands of
dollars. Don’t click “OK” just yet – you might be getting whaled.
In this talk, we will examine the various aspects of one of the most
successful, large-scale whaling campaigns currently affecting
businesses. We’ll start by examining the emails, context, and domains
used by the attackers to trick employees. We will also look at the
various documents used to trick companies, and how to potentially detect
them in your network. But it gets better – using past research and
publicly-available tools, we’re going to profile a whaling campaign that
stretches across dozens of victims, and hundreds of millions of dollars.
We’ll present research spanning over two years across the globe,
involving banks from North Carolina to Hong Kong. Lastly, we're going to
examine how this evidence led to a recent arrest of one of these scam
artists.
Attendees will learn how to utilize open tools to hunt for related
malware, documents, and threat actors. They will also learn how to
expand knowledge of TTPs into their environment to protect against
massive losses such as highly-successful whaling campaigns.
Offering 20 years of experience as a trusted security leader, adviser,
and strategist. Luke is industry certified and recognized for his
excellence in management, execution, communication, and delivery. He has
lead risk and compliance programs, managed red teams, and conducted
security assessments for many Fortune 100 companies, federal agencies,
and private businesses. These efforts and his diverse background in
ethical hacking, penetration testing, physical security, social
engineering, and incident response have all contributed to his extensive
understanding of the challenges and risks that threaten the modern
business and operating environment.
Printable version of this article