Call of Community - ShowMeCon 2014

transcript

About Ben

The Call of Community: Modern Warfare Ben0xA – ShowMeCon 2014

Introductions

●13+ years experience in Health CareInformation Systems

●Vice President & Security Officer●Developer (Builder)●Security Consultant, Trainer

About Ben

Introductions

●It's hard being an executive when you look like you are a teenager.

●For serious!

●Thanks to @jaysonstreet

Disclaimer

Our thanks to all of the websites we ripped off to use

images for this deck.

Full attribution on last slide!

Why Us?

●We are geeks●We are gamers●We love this community●We both wanted to be like our gaming heroes!

Why Us?

The Call of Community

What is this call?

Our hopes & dreams

Strategic Defense Execution Standard

What is PoshSec?

• PoshSec is a framework to enable information security pros, system

administrators, analysts and others to effectively help manage a systems or

a networks security.

• PoshSec consists of

• PoshSec PowerShell Module

• PoshSec Framework

PoshSec

How PoshSec Got Started

• Started by Matt Johnson and Will Steele

•Originally saw a lack of Security Related PowerShell modules

• Planned out the project as Will was battling cancer.

PoshSec

Assembling the team

• Need a team of ninja’s to help make PoshSec grow

• Partnered with Wolfgang Goerlich, Nick Jacob and Rich Cassara and

Michael Ortega

• All seasoned infosec pros and brilliant minds.

PoshSec

PoshSec Goals

• The initial PoshSec release focused on the Top 20 controls.

• While maintaining our expertise in the area Top20 controls, we are

branching out to cover:

• Server Hardening

• Forensics

• Many more areas

PoshSec

Account Management

• Created to satisfy Top Twenty Control #16 for the Account Monitoring and

Control section.

• Allows people to verify:

• User accounts

• Accounts that don’t expire

• Admin accounts

• Accounts that expire

• Accounts pass expiration date

PoshSec

Log Management

• Allows for querying of a few log types

• DNS

• IIS

• Allows you to set all of your Security Event logs to PoshSec recommended

settings.

PoshSec

Network Baselining

• Several Baselining Scripts

•Open Ports

•Wireless Networks

• Configure Windows Firewall

PoshSec

PoshSec 1.0

• PoshSec is officially releasing 1.0 of the PowerShell module

today.

• Cleaner code base, a few new additions

• First of many regular releases.

• Currently twice a year

•Download:http://github.com/poshsec/

PoshSec

PoshSec Framework

My original plan....

●Create an open source SIEM●Bake everything inside●Release it to the community●Profit... wait... it's free●Continue my day job!

PoshSec Framework

It's not the sum of it's code!

Select your player...

PoshSec Framework

Green Ninja

●System Administration●Basic Networking Functions●Scan / Audit Domains●Use Information in Scripts●Patch Management

PoshSec Framework

Blue Ninja

●Defensive Team●Live Port Monitoring●Application Integrity●Live File Monitoring●Log Analysis

PoshSec Framework

CVE-2014-1776

PoshSec Framework

OneGet – PowerShell 5.0

Chocolatelyhttp://chocolatey.org

PoshSec Framework

Red Ninja

●Offensive Team●Powersploit Modules●Enumeration Tool●Leverage PSRemoting

PoshSec Framework

@obscuresec

Own a box, now you need to download a 3rd party tool like

python/rube.

PowerShell is already there!!!

PoshSec Framework

Black Ninja

●Penetration Testing●Vulnerability Analysis●Posh-Sec Modules●Export Systems to Assets

PoshSec Framework

White Ninja

●Forensics●Incident Response●The limit is only based on us

PoshSec Framework

Features:

●Exposed Interface Elements●Github Integration●Custom Error Reporting●Create Tabs for Individual Objects●Seamless Integration with Scripts

PoshSec Framework

Unlock-TheKrakken

Live Demo!

PoshSec Framework 1.0

http://github.com/poshsec/poshsecframework

PoshSec Framework

PoshSec Developers●@mwjcomputing●@jwgoerlich●@securitymoey●@mortprime●@rjcassara●@sukotto_san●@PoshSec

PoshSec Framework

I Am The Cavalry

The Cavalry is a global grassroots organization that is focused on issues where

computer security intersects public safety and human life.

I Am The Cavalry

Our areas of focus are medical devices, automobiles, home electronics and public

infrastructure.

I Am The Cavalry

●Content Management●Project Management●Administrative Assistance●Technical Systems Assistance●Sponsorship

I Am The Cavalry

http://www.iamthecavalry.org/

@iamthecavalry

I haz stickerz!

I Am The Cavalry

Simple method for planning cyber defenses based on

straightforward step-by-step instructions.

Help you identify where attacks are likely to come from, where

they are likely to go to, how they are likely to get there, and

what the impact on your organization will be.

The final goal is to implement a defense that will allow you to

maintain an acceptable information security posture.

●Organization Risk Tolerance●IT Basics●Critical Asset Planning●Threat Scoping●Strategic Network Mapping●Attack Vector Identification

●Attack Path Identification●Defense Planning●Defense Testing●Attack Detection and Response

Focus (continued)

Current Contributors

James Arlen (@Myrcurial) Iftach Ian Amit (@Iamit) Zate (@Zate) Gabe Bassett (@gdbassett) Ben Ten (@Ben0xA)

http://wiki.doinginfosecright.com/index.php?title=SDES

help@doinginfosecright.com

Where do you fit in?

I'm answering the call.... what do you need?

●Contribute Ideas●Contribute Powershell Modules●Share your scripts with the community

●Use the tools... give us feedback!The Call of Community: Modern Warfare

Ben0xA – ShowMeCon 2014

I'm answering the call.... what do you need?

●Join a Project●Support a project (skills/financially)

●Discourage Negativity

This idea is only as strong as this community. It's time to

stand together as a team!

The more we work as a team the stronger this community

will become.

Conclusion

Contact Information●@Ben0xA●Ben0xA on Freenode (IRC)●bsideschicago@ben0xa.com●http://ben0xa.com●http://github.com/Ben0xA●http://github.com/PoshSec

Conclusion

Contact Information

●@mwjcomputing

Conclusion

Questions?

Conclusion

Thank you!

I have stickers if you want one.

Attributionhttp://www.virginmedia.com/images/Tennis_for_Two-tennis-431.jpghttp://insertcredit.com/wp-content/uploads/2012/11/pong.jpeghttp://upload.wikimedia.org/wikipedia/en/0/01/Screenshot_of_Zork_running_on_Frotz_through_iTerm_2_on_Mac_OSX.pnghttp://www.abandonia.com/files/games/410/Chip%27s%20Challenge_3.pnghttp://cdn.akamai.steamstatic.com/steam/apps/240160/ss_f2cf77e7d577b6b2b55f9c4e9c3711abcbdb3846.1920x1080.jpg?t=1387578150http://static.giantbomb.com/uploads/original/0/4245/290740-map09_oh_noes_two_elementals.pnghttp://1.bp.blogspot.com/--qksWYEfKrE/TrvyGxkyUuI/AAAAAAAAA7E/VfKZGhl5w8s/s1600/Breakout+%25281978%2529+%2528Atari%2529+%2528PAL%2529_74.pnghttp://freevitathemes.com/wp-content/uploads/2012/03/super-mario.pnghttp://satoshimatrix.files.wordpress.com/2011/08/snake-rattle-n-roll-u-0000.pnghttp://assets1.ignimgs.com/2001/10/19/zelda_nes_boomerang-334450.jpghttp://www.socwall.com/images/wallpapers/13209-1680x1050.jpghttp://i1.ytimg.com/vi/hSzDAB0Ua4g/hqdefault.jpghttp://images4.alphacoders.com/191/191376.jpghttp://thoughtsonfilms.files.wordpress.com/2008/08/img_6.jpghttp://wiimedia.ign.com/wii/image/article/779/779902/star-fox-64-virtual-console-20070411045113846_640w.jpghttp://us.blizzard.com/static/_images/games/wrath/wallpapers/wall1/wall1-1600x1200.jpghttp://www.familyfriendlygaming.com/Images/2012/Pics/FINAL_FANTASY_DIMENSIONS/8679battle.pnghttp://images4.alphacoders.com/191/191376.jpghttp://86bb71d19d3bcb79effc-d9e6924a0395cb1b5b9f03b7640d26eb.r91.cf1.rackcdn.com/wp-content/uploads/2011/11/the-legend-of-zelda-skyward-sword-walkthrough-artwork.jpg

Call of Community - ShowMeCon 2014

Technology