Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec....
Transcript of Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec....
![Page 1: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/1.jpg)
Stu HirstPhotobox
![Page 2: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/2.jpg)
![Page 3: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/3.jpg)
War Stories - From The
Front Lines Of InfoSec!
@stuhirstinfosec
![Page 4: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/4.jpg)
Disclaimers;
• I like memes.
• I don’t take myself too seriously.
• Some of these stories may or
may not have happened….
@stuhirstinfosec
![Page 5: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/5.jpg)
Who Am I?
@stuhirstinfosec
•Public Speaker
•Run Security Scotland
Meet Up
•Run the AWS Security
Slack Forum
•Regular LinkedIn ‘Brain
Farter’
![Page 6: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/6.jpg)
@stuhirstinfosec
The most difficult part of
security incidents is that we
don’t know what we don’t know!
(and we often rely on people telling us!)
![Page 7: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/7.jpg)
@stuhirstinfosec
INCIDENT NUMBER ONE
![Page 8: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/8.jpg)
@stuhirstinfosec
For legal
reasons, I can’t tell you….
![Page 9: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/9.jpg)
@stuhirstinfosec
![Page 10: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/10.jpg)
@stuhirstinfosec
Boogle BadWords -Compromised Passwords
Impact: £30,000 of account spendAttack vector: hack
What Happened/What Did We Do….
![Page 11: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/11.jpg)
@stuhirstinfosec
Lessons Learned!•2FA all the things!•Use a password manager!
•Don’t trust 3rd parties, even boogle!
![Page 12: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/12.jpg)
@stuhirstinfosec
INCIDENT NUMBER TWO
![Page 13: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/13.jpg)
@stuhirstinfosec
Open AWS ElasticSearch ClusterImpact: outage
Attack vector: ransomware
What Happened/What Did We Do….
![Page 14: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/14.jpg)
@stuhirstinfosec
![Page 15: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/15.jpg)
@stuhirstinfosec
Open AWS S3 Buckets are
one of the easiest hacks to do….
… you just need to find them!
![Page 16: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/16.jpg)
@stuhirstinfosec
Lessons Learned!•Don’t make anything in AWS publicly
accessible by default!
•Alert on S3 open to the world!
•Automate, automate, automate!
![Page 17: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/17.jpg)
@stuhirstinfosec
INCIDENT NUMBER THREE
![Page 18: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/18.jpg)
@stuhirstinfosec
Phishing email with macro in Word docImpact: minimal
Attack vector: Phishing
What Happened/What Did We Do….
![Page 19: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/19.jpg)
@stuhirstinfosec
Lessons Learned!•Don’t jump to conclusions!
•Allow yourself time to make decisions!
•Educate, train and test!
![Page 20: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/20.jpg)
@stuhirstinfosec
INCIDENT NUMBER FOUR
![Page 21: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/21.jpg)
@stuhirstinfosec
Two mySQL databases with default creds
Impact: thousands in bug bounty paymentAttack vector: hack
What Happened/What Did We Do….
![Page 22: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/22.jpg)
@stuhirstinfosec
Lessons Learned!•Be careful who you get to carry
out work for you!
•Lock down your data, all of it!
![Page 23: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/23.jpg)
@stuhirstinfosec
INCIDENT NUMBER FIVE
![Page 24: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/24.jpg)
@stuhirstinfosec
The Mystery Chinese ‘Bots’
Impact: hours of investigation!
Attack vector: none?!
What Happened/What Did We Do….
![Page 25: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/25.jpg)
@stuhirstinfosec
Lessons Learned!•Understand when an incident has
reached a conclusion!
•Focus on what you CAN protect, not on what you CAN’T
![Page 26: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/26.jpg)
@stuhirstinfosec
INCIDENT NUMBER SIX
![Page 27: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/27.jpg)
@stuhirstinfosec
The Public Wi-fi Password!
Impact: unknown
Attack vector: hack
What Happened/What Did We Do….
![Page 28: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/28.jpg)
@stuhirstinfosec
Lessons Learned!•Check your office space before
events!
•Employ a healthy dose of paranoia!
![Page 29: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/29.jpg)
@stuhirstinfosec
INCIDENT NUMBER SEVEN
![Page 30: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/30.jpg)
@stuhirstinfosec
The Trump Balloon
Impact: Twitter craziness!
Attack vector: unknown
What
Happened/What Did We Do….
![Page 31: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/31.jpg)
@stuhirstinfosec
Lessons Learned!•Don’t trust what you read on Twitter!
•Be careful with what you say on social media!
•Protect your personal accounts - you’re easy to find!
![Page 32: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/32.jpg)
@stuhirstinfosec
INCIDENT NUMBER EIGHT
![Page 33: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/33.jpg)
@stuhirstinfosec
Wannacry
Impact: A month of pain!
Attack vector: malware
What
Happened/What Did We Do….
![Page 34: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/34.jpg)
@stuhirstinfosec
Where were we when Wannacry first kicked off?
![Page 35: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/35.jpg)
@stuhirstinfosec
Where was I for the week after it kicked off?
![Page 36: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/36.jpg)
@stuhirstinfosec
Lessons Learned!•Don’t take holidays!
•Be prepared to change your view on something, quickly!
![Page 37: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/37.jpg)
@stuhirstinfosec
INCIDENT NUMBER NINE
![Page 38: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/38.jpg)
@stuhirstinfosec
The p*ssed-off leaver!Impact: £20k a week!
Attack vector:
insider/rogue employee
What
Happened/What Did We Do….
![Page 39: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/39.jpg)
@stuhirstinfosec
1.84 days to spot2.£20k a week cost3.Nearly 50 failures in process
![Page 40: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/40.jpg)
@stuhirstinfosec
Lessons Learned!•Not everyone leaves ‘happy’
•If you’re a manager, ensure accesses have been removed!
![Page 41: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/41.jpg)
@stuhirstinfosec
SOME OF THE MORE
LIGHT HEARTED INCIDENTS!!!
![Page 42: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/42.jpg)
@stuhirstinfosec
![Page 43: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/43.jpg)
@stuhirstinfosec
And to leave you with….
Toilet humour….
![Page 44: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/44.jpg)
@stuhirstinfosec
![Page 45: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/45.jpg)
@stuhirstinfosec
Lessons Learned!•Don’t take your laptop into the
toilet!
•Stickers help!
![Page 46: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/46.jpg)
@stuhirstinfosec
Thank you!
We’re recruiting!
Twitter; stuhirstinfosec
![Page 47: Stu Hirst Photobox · Photobox. War Stories - From The Front Lines Of InfoSec! @stuhirstinfosec. Disclaimers; ...](https://reader036.fdocuments.us/reader036/viewer/2022071211/602308f207ff4b21306a9c38/html5/thumbnails/47.jpg)
Q&A