filmov
tv
#HITBGSEC 2017 CommSec D2 - Intelligence And Counterintelligence Techniques - J. Hesse & K. Ranjan
Показать описание
Modern cyber network operations, whether defensive or offensive suffer from a unique predicament. As professionals in the field of cybersecurity we are inundated with information overload, defining return on investment, metrics, and politics. All the while we seek the same goals as our physical-world intelligence and counterintelligence counterparts, which is to protect the secrets that allow our organizations to provide for our way of life. By reframing the context of our daily cybersecurity duties into an intelligence and counterintelligence perspective, regardless of the offensive or defensive nature of the work, we can better protect our organizations by leveraging and applying centuries old, well established fundamentals and practices of the intelligence and counterintelligence professions.
The theories and practices of counterintelligence are no different and you may discover that the very foundations of security itself are the roots of the disciple just as cyber security is. It isn’t specifically counterespionage we are discussing; we will be providing case studies of specific incidents and analyzing how counterintelligence practices were applied, from both a defensive counterintelligence perspective as well as an offensive counterintelligence perspective. As typical with cases of this nature, as you know from your own work, you don’t ever here about the successes, but you do hear about the failures. Unfortunately we will have to use these failures as examples in our work.
Of particular value to red teamers and blue teamers alike in this session will be the concept of “the intelligence lifecycle” and in particular how it is edified in the cyber operations domain. We will show how to apply the lifecycle to the performance of incident response as well as a typical penetration test. A brief discussion of national security and its definition and uses and how that context can be shifted into organizational or corporate security. We are going to briefly describe multiple domains of intelligence, how those domains are valid for the purposes of cybersecurity, and furthermore how they theory and practices can be applied in everyday use by reframing the context of our missions to those that support specific information objectives.
Attendees will leave with an understanding of defensive counterintelligence and how the basic tenants of counterintelligence are commonly overlooked by security teams, but most importantly why.
Finally we will discuss tenants of offensive counterintelligence and the principles applicable to cybersecurity specifically detection, deception and neutralization. We will share why you should adopt strategies and techniques of counterintelligence professionals into your organizations and how once the perspective of a counterintelligence officer is assumed personnel can overcome the common pitfalls of routine, politics, and ‘tunnel vision’ in their daily lives. We will specifically look at a successful, criminal operation that allowed for the theft of proprietary technologies from a high profile organization and how the operation was successful due to a lack of insight regarding detection and neutralization of the threat. We will also discuss technologies that can be leveraged in environments to assist in neutralizing threats.
===
Joseph Hesse is a Penetration Tester within DarkMatter’s Cyber Network Defence team. He specialises in red teaming and penetration testing focusing on physical security, RF and hardware exploitation, and social engineering. Joseph graduated from the University of Nebraska at Omaha with a Bachelor’s degree in Political Science and International Studies with a focus on International Politics and Global Strategic Studies. He has worked for American information security firms such as Infogressive and Coalfire Labs, garnering him over five years professional experience. His experience with penetration testing and red teaming has taken him throughout the world. Joseph has obtained certifications such as the OSCP, GXPN, and OSCE.
---
Kamal works as an Incident Responder within DarkMatter’s Cyber Network Defence team. He has 7+ years of work experience in Digital Forensics, Incident Response and Threat Hunting. Kamal holds a master degree in Information Technology along with the GCFA certification. He is also one of the SANS Lethal Forensicator coin holders for winning forensic challenges
The theories and practices of counterintelligence are no different and you may discover that the very foundations of security itself are the roots of the disciple just as cyber security is. It isn’t specifically counterespionage we are discussing; we will be providing case studies of specific incidents and analyzing how counterintelligence practices were applied, from both a defensive counterintelligence perspective as well as an offensive counterintelligence perspective. As typical with cases of this nature, as you know from your own work, you don’t ever here about the successes, but you do hear about the failures. Unfortunately we will have to use these failures as examples in our work.
Of particular value to red teamers and blue teamers alike in this session will be the concept of “the intelligence lifecycle” and in particular how it is edified in the cyber operations domain. We will show how to apply the lifecycle to the performance of incident response as well as a typical penetration test. A brief discussion of national security and its definition and uses and how that context can be shifted into organizational or corporate security. We are going to briefly describe multiple domains of intelligence, how those domains are valid for the purposes of cybersecurity, and furthermore how they theory and practices can be applied in everyday use by reframing the context of our missions to those that support specific information objectives.
Attendees will leave with an understanding of defensive counterintelligence and how the basic tenants of counterintelligence are commonly overlooked by security teams, but most importantly why.
Finally we will discuss tenants of offensive counterintelligence and the principles applicable to cybersecurity specifically detection, deception and neutralization. We will share why you should adopt strategies and techniques of counterintelligence professionals into your organizations and how once the perspective of a counterintelligence officer is assumed personnel can overcome the common pitfalls of routine, politics, and ‘tunnel vision’ in their daily lives. We will specifically look at a successful, criminal operation that allowed for the theft of proprietary technologies from a high profile organization and how the operation was successful due to a lack of insight regarding detection and neutralization of the threat. We will also discuss technologies that can be leveraged in environments to assist in neutralizing threats.
===
Joseph Hesse is a Penetration Tester within DarkMatter’s Cyber Network Defence team. He specialises in red teaming and penetration testing focusing on physical security, RF and hardware exploitation, and social engineering. Joseph graduated from the University of Nebraska at Omaha with a Bachelor’s degree in Political Science and International Studies with a focus on International Politics and Global Strategic Studies. He has worked for American information security firms such as Infogressive and Coalfire Labs, garnering him over five years professional experience. His experience with penetration testing and red teaming has taken him throughout the world. Joseph has obtained certifications such as the OSCP, GXPN, and OSCE.
---
Kamal works as an Incident Responder within DarkMatter’s Cyber Network Defence team. He has 7+ years of work experience in Digital Forensics, Incident Response and Threat Hunting. Kamal holds a master degree in Information Technology along with the GCFA certification. He is also one of the SANS Lethal Forensicator coin holders for winning forensic challenges
0:34:25
0:27:55
0:56:31
0:19:20
0:27:46
0:28:57
0:42:32
0:32:01
0:46:44
0:34:23
0:44:08
0:21:20
0:59:34
0:24:38
0:27:41
0:26:28
0:47:21
0:31:22
0:16:55
0:55:25
0:16:56
0:53:08
0:31:22
0:28:17