Scribd Logo
Upload

Welcome to Scribd!

  • Grugq - On Cyber PDF

    Uploaded by

    rev3
    28 views94 pages

    Original Title

    Grugq - On Cyber.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views94 pages

    Grugq - On Cyber PDF

    Uploaded by

    rev3

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 94

    ON CYBER

    THE GRUGQ
    @THEGRUGQ
    IVE BEEN IN THIS
    GAME FOR YEARS
    HACKING IN THE 90S
    10 FIND 0DAY
    20 HACK THE PLANET
    30 GOTO 10
    THE GAME
    THE GAME: CYBERSECURITY 2000

    • Cleanup after breaches

    • Usually by script kiddies w/ egg drops

    • Clean up malware

    • Sometimes by cybercriminals

    • Coordinate vulnerability disclosure

    • (At least this one has been solved)


    T H E N , O N E D AY…
    THE GAME GOT WEIRD
    THE GAME GOT BIG
    T H E G R E AT G A M E
    APT
    ALSO APT
    BEST APT
    I N E V I TA B L E
    I N F O R M AT I O N W A N T S
    TO BE FREED
    THE NEW NORMAL
    WE’RE HERE
    N O W W H AT ?
    T H E G R E AT C Y B E R G A M E
    CYBERWAR
    THEORY
    REALITY
    W E L L T H AT S U C K S
    WHY SO VERY WRONG?
    NEW DOMAINS OF
    CONFLICT
    ARE INFREQUENT
    HARD TO PREDICT
    THEORY MEETS PRAXIS
    THIS HAS HAPPENED
    BEFORE
    AN ANALOGY
    A NEW DOMAIN OF
    CONFLICT
    AIR POWER 1915
    AIR POWER 1915: TECHNOLOGY

    • Airplanes were basically motorised kites

    • No weapons

    • Used for reconnaissance

    • Critical to accurate artillery fire


    A I R P O W E R : TA C T I C A L T H E O R Y

    • Highly skilled pilots

    • Highly manoeuvrable planes

    • Battle for supremacy in bouts of skill and daring!

    • Takeaway

    • Build highly manoeuvrable planes


    PRACTICE…
    AIR POWER 1917: EXPERIENCE

    • Practical rules for air war

    • Boelke Dicta

    • Similar rules from Western aces

    • Proven in the crucible

    • Concerned only with winning, not chivalry

    • Takeaway

    • Fast planes that can climb high


    D I C TA B O E L K E

    • Secure the upper hand before attacking

    • Always continue an attack you have begun

    • Only fire at close range, when target is in sights

    • Always keep an eye on your opponent


    D I C TA B O E L K E C O N T.

    • In any attack, attack from behind

    • If opponent dives on you, turn to meet the attack

    • When over enemy lines, never forget line of retreat

    • Attack in groups
    “There are two types of planes: fighters, and
    targets”

    A I R F O R C E S AY I N G
    FIGHTER
    TA R G E T
    OVERWHELM THE WEAK
    GO IN QUICK
    HIT HARD
    GET OUT
    TA C T I C A L C Y B E R
    CYBERWAR 2015: IN THEORY…
    CYBER CONFLICT 2015: PRACTICE

    • Experience has produced some basic rules about


    winning

    • Hit the softest targets the hardest


    TARGETED ATTACK DEMO
    QUANTUM

    • Why does NSA hit browsers?

    • Targeted

    • Easy*

    • It works
    APT

    • Why does Asia Pacific Threat do spear phishing?

    • Targeted

    • Easy

    • It works
    EVERYONE

    • Why do all* nation states use phishing?

    • Targeted

    • Easy

    • It works
    W H AT W O R K S

    • Client sides

    • Spear/phishing

    • Browsers

    • USB

    • Web Apps

    • Other:

    • Interdiction, telnet sniffing, big boy stuff…


    C Y B E R TA C T I C S
    OVERWHELM THE WEAK
    G O I N Q U I C K LY
    HIT HARD
    GET OUT
    CYBER OPS
    O P E R AT I O N P H A S E S

    • planning

    • preparation

    • execution

    • finish
    SPEC OPS

    • simplicity

    • security

    • repetition

    • surprise

    • speed

    • purpose
    CYBERWAR 2015
    A D V E R S A R I A L O R G A N I S AT I O N S
    CHINA
    RUSSIA
    INDIA
    NORTH KOREA
    TOOLCHAINS

    • An investment and an expense

    • Constant maintenance

    • Tools, Techniques & Procedures are Commitments


    S T R AT E G I C C Y B E R
    "data packets are like bullets and your walls of fire
    are like the armor that repels them."

    – T W O S TA R G E N E R A L , C Y B E R C O M M A N D
    W H AT C A N H E L P ?
    SECURITY VENDORS’ SOLUTIONS

    YOU WILL BE DISAPPOINT


    STUNT HACKING
    INFOSEC INDUSTRY

    DISASTER TOURISTS
    CISSP

    G O O D L U C K W I T H T H AT
    NATIONAL INTELLIGENCE AGENCIES

    DON’T LOVE YOU


    W H AT W O R K S
    E A R LY D E T E C T I O N
    C O M PA R T M E N TA T I O N
    TIME IS ON YOUR SIDE
    ENJOY THE VIEW
    THANK YOU

    You might also like