H a c k i n g H o s p i t a l s
Cyber Civil War: Are You - Team InfoSec or Team Audit?
About ISE
• We are: - Ethical Hackers - Computer Scientists
• Our clients are: - Everyone.
• Our perspective is: – Everything is broken! – Whitebox testing rules.
ISE Confidential – Please do not distribute.
#SOHOpelessly Broken
HACK ROUTERS AND GET PAID https://sohopelesslybroken.com
DEFCON 23, DerbyCon v4.0, BSIDES DC, ToorCon
We launched the first IoT Village @ DEFCON 23
ISE Confidential – Please do not distribute.
ISE IoT Village DEF CON 24
ISE Confidential – Please do not distribute.
About Me
About Me
Rise of the Machines?
“Have you seen this
boy?”
Science Fiction
SCIENCE
Science Fiction
SCIENCE
What’s the point?
Time for Change?
Time for Change?
What’s the one thing that’s not growing with
adoption of technology?
Time for Change?
What’s the one thing that’s not growing with adoption of
technology?
Our ability to properly understand risk and make informed decisions
about the use of technology.
UNDERSTANDING RISK
System Architecture
ISE Confidential – Please do not distribute.
Threat Modeling
ISE Confidential – Please do not distribute.
Threat Modeling
• Assets • Threats • Attack Surfaces • Misuse & Abuse Cases
Now is the time to think like an attacker: outside of the box, open minded, and no limit as to how crazy something might sound.
ISE Confidential – Please do not distribute.
Security Model
• Authentication – Establish an identity – Multiple factors (Know? Have? Are?)
• Authorization – Match identity, request, permissions – Frequently overlooked
• Accountability – Imperative for anomaly detection – Non-repudiation
ISE Confidential – Please do not distribute.
HACKING METHODOLOGY
Hacking Methodology
• Information Gathering • Scanning and Enumeration • Gaining Access • Maintaining Access
Information Gathering
• Administration Settings – Default credentials – Management interface(s)
• WLAN Settings – SSID and wireless encryption
• Network Service Settings – DHCP, DNS, SNMP, UPnP, SMB, FTP, etc.
Scanning and Enumeration
• Identifying active hosts • Identifying open TCP/UDP ports • Identifying running services and versions
Gaining Access
• Service Investigation – Analyze web applications – Analyze servers (e.g., FTP, SMTP, SMB, HTTP) – Source Code Review (Static Code Analysis) – Fuzz Network Services (Dynamic Analysis)
HACKING HOSPITALS
Hacking Hospitals
Hacking Hospitals
CALL TO ACTION
What Can We Do?
• Engage the C-Suite to discuss the new mission
• Review our empirical blueprint with your org
Next week
• Work to separate IS from IT
• Begin an in-depth inventory of all assets; prioritize their defense
30 days • Start to develop a long term security plan
60 days
• Perform a security assessment
90 days
What Should We Do?
There’s no solution without collaboration. Let’s talk.
Paul Dant
Chief Strategist @ ISE [email protected]