slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
I’m a Suit in a Cyber World! PowerPoint Presentation
Download Presentation
I’m a Suit in a Cyber World!

Loading in 2 Seconds...

play fullscreen
1 / 123

I’m a Suit in a Cyber World! - PowerPoint PPT Presentation


  • 154 Views
  • Uploaded on

October 2011. I’m a Suit in a Cyber World!. Twitter: #cybergamut. Employment History. Financial Services. Employment History. Suit. Financial Services. Employment History. Ski Bum. Employment History. Not-a-Suit. Ski Bum. Employment History. USAF Officer. Employment History.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

I’m a Suit in a Cyber World!


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

October 2011

I’m a Suit in a Cyber World!

Twitter: #cybergamut

employment history
Employment History

Financial Services

employment history1
Employment History

Suit

Financial Services

employment history3
Employment History

Not-a-Suit

Ski Bum

employment history4
Employment History

USAF Officer

employment history5
Employment History

Suit

USAF Officer

employment history7
Employment History

SAIC Program Manager

employment history8
Employment History

Suit

SAIC Program Manager

employment history9
Employment History

SAIC Division Manager

employment history10
Employment History

Suit

SAIC Division Manager

employment history11
Employment History

SAIC Capture Manager

employment history12
Employment History

Suit

SAIC Capture Manager

education history
Education History

King CollegeBA Economics & Business Administration

education history1
Education History

Mega-Suit

King CollegeBA Economics & Business Administration

education history2
Education History

Chartered Life Underwriter

education history3
Education History

Suit

Chartered Life Underwriter

education history4
Education History

UMD EuropeBowie State UniversityMS Management Information Systems

education history5
Education History

Suit

UMD EuropeBowie State UniversityMS Management Information Systems

education history7
Education History

Ultimate-Suit

PMP

education history9
Education History

Cyber Cred

GCIH

large cyber procurements
Large Cyber Procurements

SAIC Capture Manager

history and why change
History and Why Change

In 2008 SAIC established cybernexus

Coming together or “nexus” of cyber analysts

Central Maryland

In 2011 cybernexus renamed cybergamut

Runs the “gamut” of cyber disciplines

Global organization

cybergamut nodes

Socorro, New Mexico

Sioux Falls, South Dakota

San Antonio, Texas

Northern Virginia (Tysons Corner and Herndon)

mission statement
Mission Statement

cybergamut is a worldwide community of practice for cyber professionals across industry, academia, and government providing ongoing education, training, and certification opportunities throughout all phases of a cyber professional’s career, utilizing traditional methods as well as non-traditional techniques like puzzles, Easter Eggs, and problem solving.

technical tuesday
Technical Tuesday

What it is

a technical exchange

What it is not

A sales presentation

A product endorsement

For discussion of procurements

For discussion of procurement related issues

pdu and cpe
PDU and CPE
  • PMI PDU’s
    • PMI Baltimore approved most Technical Tuesday events as eligible for PMI PDU’s under Category B, Continuing Education
  • CPE’s for CISSP
    • Self certification
  • Other certifications
    • What do you need?
previous topics
Defending a Large Network

Brian Rexroad of AT&T

2 Dec 2008

DNI Essentials

Paul Schnegelberger of SAIC and John Sanders of Northrop Grumman TASC

Nov/Dec 2008

Digital Forensics

Jim Jaeger of General Dynamics

13 Jan 2009

Case Studies in Cyber Attacks

Aaron Wilson of SAIC

13 Jan 2009

Trickler

Greg Virgin of RedJack

27 Jan 2009

Security Tools

Peiter “Mudge” Zatko of BBN

27 Jan 2009

IPv6

David Harris of SAIC

10 Feb 2009

Exploitation Prediction

Darryl Ackley of New Mexico Tech

24 Feb 2009

Analytic and IO Tools

Clift Briscoe and Nat Cooper of Edge

24 Mar 2009

Distributed Systems Technologies and Internet Intelligence

George Economou of Akamai

24 Mar 2009

Exploring the Social World of the Russian Hacker Community

Tom Holt of Michigan State University

10 Mar 2009

Modern Forensic Investigative Techniques

Amber Schroader of Paraben

10 Mar 2009

Defending Against BGP Man-In-The-Middle Attacks

Earl Zmijewski of Renesys

14 Apr 2009

Examining the Storm Worm

Nico Lacchini of TDI

26 May 2009

No-Tech Hacking

Johnny Long

11 Jun 2009

Dirty Secrets of the Security Industry

Bruce Potter of Ponte Technologies

14 Jul 2009

Windows Forensic Analysis: Dissecting the Windows Registry

Rob Lee of MANDIANT and the SANS Institute

18 Aug 2009

Silence of the RAM

Sean Bodmer of Savid Corporation

22 Sep 2009

VoIP Security - Attacks, Threats and Countermeasures

Stuart McLeod of Global Knowledge

3 Nov 2009

Previous Topics
previous topics cont
A Tale of Two Departments – How Commerce and State Dealt With Chinese Intrusions: Lessons Learned Plus: Security Heroes and the 20 Critical Controls

Alan Paller of the SANS Institute

9 Mar 2010

Aurora

Aaron Barr of HBGary Federal

27 Apr 2010

Malware reverse engineering at ITT

Paul Frank of ITT

25 May 2010

Advanced Cyber Collection Techniques; Extracting and Analyzing Information from the Domain Name System

Tim Cague of The CYAN Group

10 Aug 2010

The Rise of the Social Web

Aaron Barr of HBGary Federal

5 Oct 2010

Why Security People S#ck

Gene Bransfield of Tenacity Solutions

9 Nov 2010

Insider Threat and Real-World Incident Study

Presented by Michael Collins & Greg Virgin of RedJack along with Jim Downey of DISA PEO-MA

30 Nov 2010

Network Monitoring

Josh Goldfarb of 21st Century Technologies

4 Jan 2011

Network Device Exploitation with Universal Plug & Play

Terry Dunlap of Tactical Network Solutions

8 Feb 2011

Deep Packet Inspection for Cybersecurity ASW&R

Jeff Kuhn of Pangia Technologies

29 Mar 2011

Stuxnet Redux: Malware Attribution & Lessons Learned

Tom Parker of Securicon

19 Apr 2011

Special Technical Tuesday and renaming

10 May 2011

APT Intrusion Remediation: The Top Do's and Don'ts

Rob Lee of MANDIANT and The SANS Institute

24 May 2011

Deep Packet Inspection

Peder Jungck of Cloudshield and SAIC

28 Jun 2011

Our Security Status is Grim

Brian Snow

19 Jul 2011

Cellular Security

Jason MacLulich of Endace

9 Aug 2011

Government Cyber Technical Directors’ Panel

30 Aug 2011

Previous Topics cont.
upcoming technical tuesdays
Upcoming Technical Tuesdays

Hacking Windows 7 and defending against physical attacks

18 Oct 2011

Jesse Varsalone

Looking for more speakers and topics such as:

Tor routing

Malware reverse engineering

Cyber situational awareness

Splunk

Cloud computing and cloud forensics

Geolocation of IP addresses and mobile devices

Digital forensics

E-discovery

Attack attribution

Deep packet inspection

Fuzzing

Writing secure code

To suggest topics, volunteer to speak, or to receive an invitation, please contact: scott.w.sheldon@saic.com

foreign language
Foreign Language
  • 1337 = LEET = short for elite (maybe)
    • 5uit = Suit
  • Pwn = Own
    • Your computer has been pwned
  • Teh = the
    • Accidents become purposeful
    • This was before spell checkers – hard to do now
  • Texting
    • LOL
    • ROFL
    •  - OMG Powerpoint translated : and ) to this
different culture
Different Culture
  • 95% male
  • Black T-shirts
  • Interesting facial hair
  • Body art
  • Add alcohol and mix vigorously
  • Stickers everywhere
  • Lock picking for fun (lock sport)
  • Hackers aren’t all Bad
    • I Hack Charities
  • As a 5uit, I’m counter-counter-culture
pure evil
Pure evil
  • Wireless diabetes pump exploit
pure evil or is it
Pure evil – or is it?
  • Wireless diabetes pump exploit
  • Exploit released by a pump user
  • Wants manufacturer to fix the problem
  • This is typical of many of the things released
bot in a botnet
Bot in a Botnet
  • What’s a Bot and what’s a Botnet?
    • Computers that have been taken over
    • Used for distribution of Spam and Malware
    • Used for other nefarious deeds
bot in a botnet1
Bot in a Botnet

What’s a Bot and what’s a Botnet?

Computers that have been taken over

Used for distribution of Spam and Malware

Used for other nefarious deeds

Does your Mom care?

bot in a botnet2
Bot in a Botnet

What’s a Bot and what’s a Botnet?

Computers that have been taken over

Used for distribution of Spam and Malware

Used for other nefarious deeds

Does your Mom care?

Do you care?

social engineering
Social Engineering
  • Extremely effective
  • DEFCON Social Engineering Contest
    • Amazing what people will give away
    • Help desks were overly helpful
phishing and spearphishing
Phishing and Spearphishing
  • E-mails and targeted e-mails
    • Usually with a link
    • Watch for typo’s and misspelllings
  • V1AGRA
  • [Insert company name here] has been sold!
phishing and spearphishing1
Phishing and Spearphishing

E-mails and targeted e-mails

Usually with a link

Watch for typo’s and misspelllings

V1AGRA

[Insert company name here] has been sold!

DEFCON Skybox Demo

Trend tracking via Twitter

Tracking an individual via Social Media

Tiny urls and Bit.ly

gps and other evil devices
GPS and other evil devices
  • GPS, iPhones, etc remember everything
  • iPhones sync EVERYTHING with their host
  • Windows 7 Registry saves things a long time
  • Forensics examiner’s dream
  • Car thieves “Go Home”
    • You’re not home and now you’re stranded
gps and other evil devices1
GPS and other evil devices

GPS, iPhones, etc remember everything

iPhones sync EVERYTHING with their host

Windows 7 Registry saves things a long time

Forensics examiner’s dream

Car thieves “Go Home”

You’re not home and now you’re stranded

supply chain
Supply Chain
  • Where was your code written?
  • Where was your hardware produced?
  • How did it get to you?
  • Thumb drives
  • Hard drives
x begets y begets z
X begets Y begets Z…
  • Needs beget innovation
  • Innovation begets technology
  • Policy and strategy follow
    • aren’t necessarily “begotten”
  • Lack of policy begets ineffective or non-strategy
  • Doctrine is the military word for policy
  • Tactics are the refinement of military strategy
  • difference between responsibility and authority
    • DHS has responsibilities
    • DoD has many clearly defined authorities
  • National Cyber Policy is challenging
    • AFCEA story
steganography
Steganography
  • Stuff hidden in pictures
  • Stuff hidden in other non-obvious places
steganography1
Steganography

Let’s check your votes . . .

steganography2
Steganography
  • None of those pictures
    • I don’t think anyway…
  • Very hard to detect in a single picture
    • Potential detection if you have both pictures

50 KB

450 KB

other scary cool concepts
Other Scary/Cool Concepts
  • Segmented polymorphic malware
    • Bad stuff that changes its looks, delivered in parts
  • Metamorphic malware
    • Bad stuff that changes what it does
  • Cloud Computing – distributed virtualization
    • Which denomination?
      • Hadoop – son’s toy elephant
    • Cloud Security
    • Cloud Forensics
  • Zero-day
    • Brand new malware or exploits
social networking
Social Networking
  • “On the Internet, nobody knows you’re a dog”
    • New Yorker Magazine, 1993
    • Still true today
  • Do you really know who your Friends are?
    • Would you cross the street to see them in person?
    • What are you revealing in your posts?
social networking1
Social Networking

“On the Internet, nobody knows you’re a dog”

New Yorker Magazine, 1993

Still true today

Do you really know who your Friends are?

Would you cross the street to see them in person?

What are you revealing in your posts?

“My Daddy’s dating…”

Twitter - #cybergamut

Spontaneous and quick

No filter

No retraction after re-tweet

location based services
Location-based Services
  • Facebook Places and Foursquare
  • Preparation for Travel
    • Set up light timers
    • Make your home look lived in
  • “Check in” at out of state locations
  • Photo metadata
  • Okay for my Friends to know
  • What about Friends of Friends?
    • What about Mafia Wars Friends of Friends?
slide116

Photo metadata

  • Facebook actually removes the location information
user names and passwords
User Names and Passwords
  • Anonymous and LULZ Sony Attacks
    • 77 million users affected
  • Other large data thefts
  • User Name and Password combinations
    • How many do you use?
    • Remember the Bots?!?
    • This got my attention!
what do we do
What do we do?
  • I don’t know…
  • I think education helps…
cyber increases
Cyber Increases
  • Volume
  • Variety
  • Velocity
cyber increases1
Cyber Increases
  • Volume = 123 slides
  • Variety
  • Velocity
cyber increases2
Cyber Increases

Volume = 123 slides

Variety = 25 topics

Velocity

cyber increases3
Cyber Increases

Volume = 123 slides

Variety = 25 topics

Velocity = 1 hour = ~29 sec per slide