Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition
-
Upload
alexey-kachalin -
Category
Technology
-
view
1.491 -
download
1
description
Transcript of Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition
![Page 1: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/1.jpg)
Hackanalytics
What's
hotWhat's not
Cyberpunk Fairytale with Tips and Tricks
ByAlexey Kachalin
Advanced Monitoring
![Page 2: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/2.jpg)
advancedmonitoring.ru @kchln
CreditsAdvanced Monitoring as The Team
Alexey Kachalin as Narrator
Shiny IT as High Tech
Security Struggle as Low Life
[AK@DeepSec 2013 Nov 21]$ story begin_
![Page 3: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/3.jpg)
advancedmonitoring.ru @kchln
![Page 4: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/4.jpg)
advancedmonitoring.ru @kchln
Security Struggle
![Page 5: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/5.jpg)
advancedmonitoring.ru @kchln
Why Struggle? More Secure Less Secure
Insecurity
Incidents
ResponseIntroduce
Controls
System
Complexity
System
Evolution
Positive link
Negative link
Enforcing loop
???
Tool: System Diagrams
![Page 6: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/6.jpg)
advancedmonitoring.ru @kchln
Wanna skip to Ninjas part?
1. Choose methodologyTechnology specific OWASPTask specific PTESDomain specific OSSTMMResult-oriented CSC
2. Scoping…n. Rock’n’Roll!
![Page 7: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/7.jpg)
advancedmonitoring.ru @kchln
1 Security Ninja wasted. Continue [ y/N] _
Tool: Mindmap, brainstorm. Don’t read it all now – I made it for lols
![Page 8: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/8.jpg)
advancedmonitoring.ru @kchln
Some Hack-o-sophy then?Creating stuff
Engineering view User view
Analytical thinkingCritical thinkingOut-of-box thinking
*Technical expertise is required anyway
![Page 9: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/9.jpg)
advancedmonitoring.ru @kchln
When are you? Understand Their protocolsEnterprise runs hundreds of projects
and processes when you happen’… not going to stop
Plan – Identify & AnalyzeDo- Develop SolutionCheck- …and Improve SolutionAct – Implement Solution
You better know Their context
Tool: Deming cycle and whatever follows PMBOK, TIL, ISO9000
![Page 10: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/10.jpg)
advancedmonitoring.ru @kchln
Pareto-zation. The benefit of hindsight
Proves to be correct over and over
Rarely used in planning
80%
$$$
20%
effort
Log don’t memorize
Work out logs and use in planning
Why?
No Data
Tool: Pareto, Knapsack problem
![Page 11: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/11.jpg)
advancedmonitoring.ru @kchln
Suggest Project/Teamwork Strategy
Waterfall – stages, WBS
Agile conceptTime-limited iterationsTeam work on componentTasks not assigned – takenScope change toleranceCustomer awareness
Tool: WBS, T-Shirt estimate, Burndown
![Page 12: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/12.jpg)
advancedmonitoring.ru @kchln
Broken communication – any project’s issue
Phone call – I’ll call you backE-mail – ignored, maybe in spam?Checklist – too big – please e-mailInterview –please send checklistDiscussion – I will do my way
AaaRghh!!!
![Page 13: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/13.jpg)
advancedmonitoring.ru @kchln
Communicating in and out tricks
Fight fears Appreciative Inquiry (5Ds)
Too sweet? Criticize!Constructive Controversy
Explore causes5 Whys
Overcome egosSix Hats
Tool: Communications scenarios. It’s not always the same
![Page 14: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/14.jpg)
advancedmonitoring.ru @kchln
“Fairytale” Editor’s cut includes section
Other Extremely Effective Communication tips
![Page 15: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/15.jpg)
advancedmonitoring.ru @kchln
Skimming documentation
Don’t read or rewrite or annotate
Review and analyze
Structure - what’s there, not thereAny logic in bundle?Check consistency
How up-to-date documents are?
Authors available for comments?Tool: Structure schemes, Sequence Diagrams
![Page 16: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/16.jpg)
advancedmonitoring.ru @kchln
Organize Chaos
Track and Log *List *
List of received documentsList of created documents for the project
UID * – use ID’s across artifactsID’s used by customer are inconsistent… oftenTranslation tablesID!=UID IP is not UID, MAC -?
Don’t stop hallway through: Brainstorm Mindmap? Actions!
Tool: Affinity Diagram & workflow
![Page 17: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/17.jpg)
advancedmonitoring.ru @kchln
Almost there? Report.Create
Outline first – don’t generate texts
List items and give Definitions
Structure and facts
Width/Depth Switching prototypingGet approval/correctionsGet clarification
Tool: Outline & Example first, WDS Prototype (am)
![Page 18: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/18.jpg)
advancedmonitoring.ru @kchln
Avoid extremes
Data and trends Visualization
Obvious Preconceived
Simple Complicated
Boring Fancy
Report Texts
Full description Screenshots/logs only
Boasting vulns Hug problems
Hack Slang Baby talk
Demonstrate. Communicate. Avoid counterintuitive forms
ex.#1
ex.#2
![Page 19: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/19.jpg)
advancedmonitoring.ru @kchln
Don’t
restrict
ideas by
sticking to
standard
forms
but
do not
neglect
them ?
Tool: Standard vis tools in excel/calc etc. RTFM please!
![Page 20: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/20.jpg)
advancedmonitoring.ru @kchln
Simple standard things. Use them right!
ex.#1ex.#2
Tool: Piecharts
![Page 21: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/21.jpg)
advancedmonitoring.ru @kchln
Tool: No idea. shrooms??
Even if You can explain it – it’s too much
![Page 22: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/22.jpg)
advancedmonitoring.ru @kchln
Tool: Visualization Taxonomy (give it a look here)
![Page 23: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/23.jpg)
advancedmonitoring.ru @kchln
Powerful complex general tools for fast
analysis and check ideas. Don’t over engineer
Tool: Grid analysis (services up/vulns found excel by am)
![Page 24: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/24.jpg)
advancedmonitoring.ru @kchln
Got idea? Prototype. Don’t over engineer
Tool: treemap (for services vis by am)
![Page 25: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/25.jpg)
advancedmonitoring.ru @kchln
Report.Automate – Build your System
Store Data (received/generated)Human readable Machine readableItemized (lists)Well named
ActionableEdit, Snippets takingsFilters, Sorting
Manage and service
![Page 26: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/26.jpg)
advancedmonitoring.ru @kchln
Report.Repeat – They think they are all the same?
No!
Look!!
Theyaresooodifferent
Rep q2
Rep q1
Rep q3
Rep q4
![Page 27: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/27.jpg)
advancedmonitoring.ru @kchln
Hurling results to “Them”Pitches that should’ve made it but could as well fail
SQLi up to RCE for any registered userAny scary words like XSSDatabase vulnerability leads to full compromise Critical vulnerability in AAA config
Doh! You’re gonna get hacked soon
![Page 28: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/28.jpg)
advancedmonitoring.ru @kchln
Master “Their” language
SWOTValue chain
7S, McKinsey’sDecision Trees
Comparison analysisImpact (Organization) analysis
CurrentState
Desired new
State
Bridge
Tool: MindTools.com for reference
![Page 29: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/29.jpg)
That’s all, folks!Summary
Philosophy and high-level concepts
Planning and management
Report crafting
Communication tweaks
Visualization demystified
Organize chaos and keep tracking
Craft tools and build Your own System
Interpret results for presentation
![Page 30: Hackanalytics. With Tips and Tricks. Cyberpunk Fairytale DeepSec 2013 Edition](https://reader033.fdocuments.us/reader033/viewer/2022051323/548d1c85b47959ce0c8b656b/html5/thumbnails/30.jpg)
advancedmonitoring.ru @kchln
Advanced Monitoring
OpSec/R&D/Forensics/Trainings
IT Security R&D Cooperation WorldwideRussia – Europe - Americas – Asia
Alexey Kachalin, [email protected]
@kchln