H a c k i n g H o s p i t a l s

Cyber Civil War: Are You - Team InfoSec or Team Audit?

About ISE

• We are: - Ethical Hackers - Computer Scientists

• Our clients are: - Everyone.

• Our perspective is: – Everything is broken! – Whitebox testing rules.

ISE Confidential – Please do not distribute.

#SOHOpelessly Broken

HACK ROUTERS AND GET PAID https://sohopelesslybroken.com

DEFCON 23, DerbyCon v4.0, BSIDES DC, ToorCon

We launched the first IoT Village @ DEFCON 23

ISE Confidential – Please do not distribute.

ISE IoT Village DEF CON 24

ISE Confidential – Please do not distribute.

About Me

About Me

Rise of the Machines?

“Have you seen this

boy?”

Science Fiction

SCIENCE

Science Fiction

SCIENCE

What’s the point?

Time for Change?

Time for Change?

What’s the one thing that’s not growing with

adoption of technology?

Time for Change?

What’s the one thing that’s not growing with adoption of

technology?

Our ability to properly understand risk and make informed decisions

about the use of technology.

UNDERSTANDING RISK

System Architecture

ISE Confidential – Please do not distribute.

Threat Modeling

ISE Confidential – Please do not distribute.

Threat Modeling

• Assets • Threats • Attack Surfaces • Misuse & Abuse Cases

Now is the time to think like an attacker: outside of the box, open minded, and no limit as to how crazy something might sound.

ISE Confidential – Please do not distribute.

Security Model

• Authentication – Establish an identity – Multiple factors (Know? Have? Are?)

• Authorization – Match identity, request, permissions – Frequently overlooked

• Accountability – Imperative for anomaly detection – Non-repudiation

ISE Confidential – Please do not distribute.

HACKING METHODOLOGY

Hacking Methodology

• Information Gathering • Scanning and Enumeration • Gaining Access • Maintaining Access

Information Gathering

• Administration Settings – Default credentials – Management interface(s)

• WLAN Settings – SSID and wireless encryption

• Network Service Settings – DHCP, DNS, SNMP, UPnP, SMB, FTP, etc.

Scanning and Enumeration

• Identifying active hosts • Identifying open TCP/UDP ports • Identifying running services and versions

Gaining Access

• Service Investigation – Analyze web applications – Analyze servers (e.g., FTP, SMTP, SMB, HTTP) – Source Code Review (Static Code Analysis) – Fuzz Network Services (Dynamic Analysis)

HACKING HOSPITALS

Hacking Hospitals

Hacking Hospitals

CALL TO ACTION

What Can We Do?

• Engage the C-Suite to discuss the new mission

• Review our empirical blueprint with your org

Next week

• Work to separate IS from IT

• Begin an in-depth inventory of all assets; prioritize their defense

30 days • Start to develop a long term security plan

60 days

• Perform a security assessment

90 days

What Should We Do?

There’s no solution without collaboration. Let’s talk.

Paul Dant

Chief Strategist @ ISE pdant@securityevaluators.com