Wednesday, December 14, 2016

The back and forth of 0day

In case you don't read my twitter feed, I wanted to post a quick blog about this talk. There's a few things in it, but we go over both Authentication and VPN+Wireless as bug categories, and then talk about next gen targeting for phishing (aka, microtargeting using Twitter ads) and a few other things that are policy related.

Dwell Time

I like to think of the amount of useful information in any size organization as a static number. It's like, movies all compress differently, but roughly they are 1G per hour. So at a certain point, due to bandwidth improvements on average across the world, torrents moved from being mostly songs, to mostly movies. The same thing is true for corporations. Can you download an entire midsize corporation's information-sphere overnight, before the incident response team comes into work the next day? Lately we've seen this information-sphere include phone calls, recorded from VOIP systems.

But the point here is that every part of the defense equation changes when you hit "complete compromise" times of about a day. If you assume, not just compromise, but a Snowden-level event every five years, how would you organize the NSA?

Awareness Training

Almost all awareness training happens via "someone sends you an email". We've seen how well this works.  But even worse is acknowledging that hackers can leverage the entire battery of advertising targeting tools, to narrow down very targeted ads against your IT staff, even down to one or two members. Facebook and Twitter are great for this. And because it's not a spam email, your organization's defenses never get to see it.


We talk a lot at Immunity about how DoS and resource exhaustion are a "medium" severity vulnerability in the reports we often write, and a "critical" in the wild when they get exploited.

What is NG anyways?

Our position is next-gen is not monitoring, but automated response. This means you have to know ahead of time what it takes to deprovision and reprovision anything on your network.

No comments:

Post a Comment