tech r02 cybersecurity tips tools techniques for all security professionals

2020-03-01 58浏览

  • 1.#RSAC SESSIONID:TECH-R02 CYBERSECURITY TIPS, TOOLS AND TECHNIQUES FOR ALL SECURITY PROFESSIONALS Ron Woerner IT Risk and Compliance Consultant DirectDefense @ronw123
  • 2.Poll the Audience #RSAC SessionID:TECH-R02 Do you have a USB drive on you? Yes Nohttps://rsa1-live.eventbase.com/polls?event=rsa2018&polls=3821
  • 3.Poll the Audience #RSAC SessionID:TECH-R02 When were you last asked to fix someone's computer? < 1 week < 1 month < 3 monthshttps://rsa1-live.eventbase.com/polls?event=rsa2018&polls=3822
  • 4.Ron Woerner - BIO #RSAC CyberSecurity Consultant / Trusted Advisor for DirectDefense Adjunct Professor, Bellevue University 25+ years experience in IT / Security CISSP, CISM, CEH, BS-A Blogger & writer Given tons’o presentations on security and Internet safety
  • 5.Thoughts are my own Use at your own risk Ron Woerner, 2017 5 #RSAC
  • 6.Apologies in Advance for any broken links Content as of February 2018 Ron Woerner, 2017 6 #RSAC
  • 7.If you only remember 1 slide… #RSAChttps://www.stopthinkconnect.org/https://www.lockdownyourlogin.com/https://www.dhs.gov/see-something-say-something
  • 8.What the $%$# are we doing here? Tools, applications, websites, references, other stuff that can help you do you job. Cybersecurity tips to keep yourself, others, and hopefully your company out of trouble.
  • 9.#RSAC
  • 10.The Easiest Hack #RSAC “The art and science of skillfully maneuvering humans to take an action that may or may not be in their own best interests.” Chris Hadnagy, Social Engineering, The Art of Human Hacking
  • 11.Google Hacking #RSAChttp://www.google.com/intl/en/help/features_list.html
  • 12.Time Travel #RSAC Google Cache Archive.org – Wayback Machine 10101
  • 13.Lists of tools, tips, & tricks #RSAC OlderGeeks SecTools HowToGeek.com, Geek School The Geek Stuff (mostly Linux) 13
  • 14.Security Awareness #RSAC DHS Stop-Think-Connect NCSA Stay Safe Online Director of NationalIntelligence:https://www.dni.gov/index.php/resources/protectingpersonal-information
  • 15.Virtual Environments #RSAC VMWare Player / Workstation Oracle VM VirtualBox
  • 16.Cookie & Ad Blockers #RSAC Firefox NoScript Ghostery Editthiscookie EFF Privacy Badger Sandboxie EFF – Privacy Badger
  • 17.Forensics #RSAC OSForensics Licensed – free for home use WinHex
  • 18.Windows Administration #RSAC SysInternals Suite Autoruns Process Explorer Process MonitorVideo:Mark Russinovich, Malware Hunting
  • 19.Windows Administration #RSAC GodMode Create a new folder and edit it so that it is named the following and then press enter. GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} When done, you should have an icon on your desktop
  • 20.Windows Administration #RSAC PowerShell Using Windows PowerShell PowerShell.exe Command-Line Help
  • 21.System Inventory & Automation #RSAC PDQ Inventory & Deployhttps://www.pdq.com/Ansiblehttps://www.ansible.com/
  • 22.Patching & Updating #RSAC Ninite (https://ninite.com/)
  • 23.Patching & Updating BatchPatch (https://batchpatch.com/)#RSAC Chocolatey (https://chocolatey.org/)
  • 24.Network Evaluation #RSAC Introduction video TcpDump
  • 25.Network Evaluation #RSAC Nmap / ZenMap
  • 26.Network Evaluation #RSAC Fing (iOS & Android)
  • 27.Encryption #RSAC 7-Zip AES Crypt Office 365
  • 28.Password Vaults #RSAC LastPass KeePass LogMeOnce 1Password RoboForm Dashlane
  • 29.Anonymous Browsing #RSAChttps://tails.boum.org/
  • 30.Proxy Resources #RSAC • •Anonymouse:This service allows you to surf the web without revealing any personal information. 250 WorkingProxies:the biggest list I've ever seen of anonymous proxies.
  • 31.Security Testing #RSAC OWASP Zed Attack Proxy (ZAP) Portswigger Burp Suite GuardiCore Infection Monkey Metasploit
  • 32.Linux #RSAChttps://livecdlist.com/https://distrowatch.com/The Geek Stuff
  • 33.Kali Linux #RSAC • • • Kali Linux is a Debian-derived Linux distribution, designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs. Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits. 33
  • 34.#RSAC
  • 35.Social Engineering Toolkit (SET) #RSAC
  • 36.Cheat Sheets #RSAC Lenny Zeltser – IT and Information Security CheatSheets:https://zeltser.com/cheat-sheets/Malware Archeology (Auditing):https://www.malwarearchaeology.com/cheat-sheets/
  • 37.Finding People Google LinkedIn Cree.py – Geolocation Information Aggregator,http://www.geocreepy.com/Peek You - www.peekyou.com #RSAC
  • 38.More Lists Sectools.org Tools Watch – Top Security Tools SANS Twenty Critical Security Controls Lifehacker HowToGeek Eric Ligman Collection of FREE Microsoft eBooks 2014, 2015, 2016, 2017 #RSAC
  • 39.Checklists #RSAC NISTCSRC:http://csrc.nist.gov/Publications:http://csrc.nist.gov/publications/PubsSPs.html Baldrige Cybersecurity Excellence Builder U.S. Cyber Consequences Unit (US-CCU) Cyber Security Matrix
  • 40.#RSAC
  • 41.“Apply” Slide #RSA C Immediate Next 3 mos. Pick 1 or 2 tools Review this slide deck Play / Try it out / Experiment Pick more tools (3-5) Experiment with tools in a virtual environment Review the awareness websites Presenter’s Company Logo – replace or delete on master slide
  • 42.Questions??? #RSAC
  • 43.
  • 44.#RSAC Ron Woerner, CISSP, CISM rwoerner @ directdefense.comTwitter:@ronw123