-
Notifications
You must be signed in to change notification settings - Fork 1
/
InfosecToDo.html
1 lines (1 loc) · 18.8 KB
/
InfosecToDo.html
1
<html><head><title>Infosec To Do</title><meta content="text/html; charset=UTF-8" http-equiv="content-type"><style type="text/css">.lst-kix_kh0lztxsp3im-6>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-6}.lst-kix_kh0lztxsp3im-7>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-7}ol.lst-kix_kh0lztxsp3im-6.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-6 0}.lst-kix_kh0lztxsp3im-0>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-0}.lst-kix_kh0lztxsp3im-8>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-8}ol.lst-kix_kh0lztxsp3im-0{list-style-type:none}.lst-kix_kh0lztxsp3im-3>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-3}ol.lst-kix_kh0lztxsp3im-1{list-style-type:none}.lst-kix_kh0lztxsp3im-4>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-4}ol.lst-kix_kh0lztxsp3im-5{list-style-type:none}ol.lst-kix_kh0lztxsp3im-4{list-style-type:none}ol.lst-kix_kh0lztxsp3im-3{list-style-type:none}ol.lst-kix_kh0lztxsp3im-2{list-style-type:none}ol.lst-kix_kh0lztxsp3im-8{list-style-type:none}ol.lst-kix_kh0lztxsp3im-7{list-style-type:none}ol.lst-kix_kh0lztxsp3im-6{list-style-type:none}ol.lst-kix_kh0lztxsp3im-3.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-3 0}.lst-kix_kh0lztxsp3im-4>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-4,lower-latin) ". "}.lst-kix_kh0lztxsp3im-6>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-6,decimal) ". "}.lst-kix_kh0lztxsp3im-1>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-1}ol.lst-kix_kh0lztxsp3im-1.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-1 0}.lst-kix_kh0lztxsp3im-7>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-7,lower-latin) ". "}ol.lst-kix_kh0lztxsp3im-5.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-5 0}.lst-kix_kh0lztxsp3im-2>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-2,lower-roman) ". "}ol.lst-kix_kh0lztxsp3im-4.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-4 0}.lst-kix_kh0lztxsp3im-2>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-2}ol.lst-kix_kh0lztxsp3im-8.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-8 0}.lst-kix_kh0lztxsp3im-8>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-8,lower-roman) ". "}.lst-kix_kh0lztxsp3im-1>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-1,lower-latin) ". "}ol.lst-kix_kh0lztxsp3im-0.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-0 0}ol.lst-kix_kh0lztxsp3im-2.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-2 0}ol.lst-kix_kh0lztxsp3im-7.start{counter-reset:lst-ctn-kix_kh0lztxsp3im-7 0}.lst-kix_kh0lztxsp3im-3>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-3,decimal) ". "}.lst-kix_kh0lztxsp3im-5>li{counter-increment:lst-ctn-kix_kh0lztxsp3im-5}.lst-kix_kh0lztxsp3im-0>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-0,decimal) ". "}.lst-kix_kh0lztxsp3im-5>li:before{content:"" counter(lst-ctn-kix_kh0lztxsp3im-5,lower-roman) ". "}ol{margin:0;padding:0}.c7{max-width:468pt;background-color:#ffffff;padding:72pt 72pt 72pt 72pt}.c5{margin:0;padding:0}.c4{color:#1155cc;text-decoration:underline}.c2{padding-left:0pt;margin-left:36pt}.c3{color:inherit;text-decoration:inherit}.c6{font-weight:bold}.c1{height:11pt}.c0{direction:ltr}.title{padding-top:24pt;line-height:1.15;text-align:left;color:#000000;font-size:36pt;font-family:"Arial";font-weight:bold;padding-bottom:6pt}.subtitle{padding-top:18pt;line-height:1.15;text-align:left;color:#666666;font-style:italic;font-size:24pt;font-family:"Georgia";padding-bottom:4pt}li{color:#000000;font-size:11pt;font-family:"Arial"}p{color:#000000;font-size:11pt;margin:0;font-family:"Arial"}h1{padding-top:24pt;line-height:1.15;text-align:left;color:#000000;font-size:18pt;font-family:"Arial";font-weight:bold;padding-bottom:6pt}h2{padding-top:18pt;line-height:1.15;text-align:left;color:#000000;font-size:14pt;font-family:"Arial";font-weight:bold;padding-bottom:4pt}h3{padding-top:14pt;line-height:1.15;text-align:left;color:#666666;font-size:12pt;font-family:"Arial";font-weight:bold;padding-bottom:4pt}h4{padding-top:12pt;line-height:1.15;text-align:left;color:#666666;font-style:italic;font-size:11pt;font-family:"Arial";padding-bottom:2pt}h5{padding-top:11pt;line-height:1.15;text-align:left;color:#666666;font-size:10pt;font-family:"Arial";font-weight:bold;padding-bottom:2pt}h6{padding-top:10pt;line-height:1.15;text-align:left;color:#666666;font-style:italic;font-size:10pt;font-family:"Arial";padding-bottom:2pt}</style></head><body class="c7"><p class="c0"><span class="c6">Summarize government privacy policy sources, including:</span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.priv.gc.ca%2Finformation%2Fsr-rs%2F201314%2Fsr_cic_e.asp&sa=D&sntz=1&usg=AFQjCNE7qerS24NcIaaEO2IWdSmIKPlBTw">http://www.priv.gc.ca/information/sr-rs/201314/sr_cic_e.asp</a></span><span> (source: Robert Beggs LinkedIn feed on Sat Feb 1 2014)</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Check out these sites:</span></p><p class="c0"><span class="c4"><a class="c3" href="https://www.google.com/url?q=https%3A%2F%2Fwww.synack.com%2F&sa=D&sntz=1&usg=AFQjCNHNFn9eootQsPLMS5i3ywHDFAJbOQ">https://www.synack.com/</a></span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fmortasecurity.com%2F&sa=D&sntz=1&usg=AFQjCNE-_ce_6JATf8trQKIZHc4hX8AZEw">http://mortasecurity.com/</a></span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.shapesecurity.com%2F&sa=D&sntz=1&usg=AFQjCNE2j5qjaO7qWJ1ia3wTycVnKjcVLA">http://www.shapesecurity.com/</a></span></p><p class="c0"><span>taken from </span><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.nytimes.com%2F2013%2F08%2F23%2Ftechnology%2Fthe-pentagon-as-start-up-incubator.html%3Fpartner%3Drss%26emc%3Drss&sa=D&sntz=1&usg=AFQjCNFt7lojY7PknDHvqwMqqYbvFfrxPw">NY times article</a></span></p><p class="c1 c0"><span></span></p><p class="c0"><span class="c6">Black Hat 2013 sessions to watch: </span><span>(</span><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.scmagazine.com%2F11-talks-you-dont-want-to-miss-at-black-hat-2013%2Fslideshow%2F1448%2F%230&sa=D&sntz=1&usg=AFQjCNGyHlz-tnTv_51OXazcNfWJbBaHHw">Taken from SC Magazine</a></span><span>)</span></p><p class="c0"><span>http://www.blackhat.com/us-13/briefings.html</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Keynote with Gen. Keith Alexander</span></p><p class="c0"><span>When the director of the NSA addresess thousands of privacy-minded researchers, he’ll likely have a well-calculated speech planned. But if America’s top spymaster leaves time for questions, the room may get as heated as the temperatures outside. 9 a.m., July 31, keynote room</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>What security researchers need to know about the anti-hacking law</span></p><p class="c0"><span>Marcia Hofmann, former senior staff attorney at the Electronic Frontier Foundation, discusses the perils of the Computer Fraud and Abuse Act, which is under fire for being broadly interpreted to bring aggressive prosecutions against computer researchers. – 11:45 a.m., July 31, Palace 3</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>I can hear you now</span></p><p class="c0"><span>Two security experts have found a way to rig the Verizon Wireless Network Extender, also known as a femtocell, to monitor almost exactly how people are using their Verizon mobile phones. Any communication sent from the devices is at risk of exposure. – 2:15 p.m., July 31, Palace 1</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Injecting malware into iOS devices via malicious chargers</span></p><p class="c0"><span>iOS devices are considered more secure than their Android brethen, but this presentation will prove how easily an iPhone can be compromised with malware by being plugged into a rogue charger. – 5 p.m., July 31, Augustus 3 and 4</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>One root to own them all</span></p><p class="c0"><span>Researchers will present on a major vulnerability that is believed to be present in 99 percent of Android devices and allows attackers to hijack any legitimate app without modifying its digital signature. – 11:45 a.m., Aug. 1, Augustus 1 and 2</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Hacking the Samsung SmartTV</span></p><p class="c0"><span>It's an old wives' tale that sitting too close to the TV will hurt your eyes. But there's real evidence that the Samsung SmartTV platform is vulnerable to attack. Videos demonstrating exploits on the network-connected system will be showcased. – 11:45 a.m., Aug. 1, Palace 3</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Hacking humans</span></p><p class="c0"><span>Three years removed from his famous "ATM Jackpotting" talk, Barnaby Jack has turned his attention to pacemakers. After dissecting the communication methods of these implantable medical devices, he’s found problems with the security of the protocols in place. – 2:15 p.m., Aug. 1, Augustus 3 and 4</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Cyber response at the national level</span></p><p class="c0"><span>With breaches a regular happening, organizations are becoming better suited to perform incident response. But all bets are off if the event has a national security component to it. This session covers how a “different kind of thinking” is needed. – 2:15 p.m., Aug. 1, Roman 1 and 3</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Rooting SIM cards</span></p><p class="c0"><span>There are more than seven billion SIM cards in use. The widely deployed portable memory chips have never been exploited…until now. This discussion highlights design flaws in these these tiny, but powerful, pieces of hardware. – August 1, Augustus 3 and 4 at 3:30 p.m.</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>CreepyDOL: Cheap, distributed stalking</span></p><p class="c0"><span>Think of it as the NSA on a shoestring budget. CreepyDOL is a distributed sensing and data mining system that provides identification, tracking, and analysis on a target without sending them any data. All for a few hundred bucks. – 3:30 p.m., Aug. 1, Roman 2</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Hacking Z-wave home automation systems</span></p><p class="c0"><span>Central control panels in many "smart" homes connect all of the monitoring and function of things like air conditioning and physical security through the use of Z-wave wireless communication protocols. This talk will cover how Z-wave can be attacked. – 5 p.m., Aug. 1, Augustus 5 and 6</span></p><p class="c1 c0"><span></span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Contribute to an open source infosec project:</span></p><p class="c0"><span class="c4"><a class="c3" href="https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Frapid7%2Fmetasploit-framework%2F&sa=D&sntz=1&usg=AFQjCNGpMjhu5Dk8o1SCFwP0kiyoz5YOKA">https://github.com/rapid7/metasploit-framework/</a></span></p><p class="c0"><span>Kali</span></p><p class="c0"><span>Backtrack</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>TONS OF READING MATERIAL ON SCRIBD:</span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.scribd.com%2Ftag%2Fcyber&sa=D&sntz=1&usg=AFQjCNFMrLhP1dSn9c8wjAW0kbqPhcjOXg">http://www.scribd.com/tag/cyber</a></span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.scribd.com%2Ftag%2Finfosec&sa=D&sntz=1&usg=AFQjCNGd9n-8K058Ms7VR0yab3MbydbDDQ">http://www.scribd.com/tag/infosec</a></span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Build a consulting company like this:</span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fsecuritycompass.com%2F&sa=D&sntz=1&usg=AFQjCNE1fYz-SGuY_Wo-5mvvSP3zhoXCig">http://securitycompass.com/</a></span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.palantir.com%2F&sa=D&sntz=1&usg=AFQjCNFnqAVLJfzN8Ui9-BrQX9bxgC_6JQ">http://www.palantir.com/</a></span></p><p class="c0"><span>See additional businesses in this report: </span><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.scribd.com%2Fdoc%2F22223122%2FSecDev-Palantir-government-conference-final-agenda&sa=D&sntz=1&usg=AFQjCNESRQBIEc_uZrlfTQunzOD5WwD8XA">http://www.scribd.com/doc/22223122/SecDev-Palantir-government-conference-final-agenda</a></span></p><p class="c1 c0"><span></span></p><p class="c1 c0"><span></span></p><p class="c0"><span class="c6">CISSP Domains:</span></p><ol class="c5 lst-kix_kh0lztxsp3im-0 start" start="1"><li class="c2 c0"><span>Access Control</span></li><li class="c2 c0"><span>Telecommunications and Network Security</span></li><li class="c2 c0"><span>Information Security Governance and Risk Management</span></li><li class="c2 c0"><span>Software Development Security</span></li><li class="c2 c0"><span>Cryptography</span></li><li class="c2 c0"><span>Security Architecture and Design</span></li><li class="c2 c0"><span>Operations Security</span></li><li class="c0 c2"><span>Business Continuity and Disaster Recovery Planning</span></li><li class="c2 c0"><span>Legal, Regulations, Investigations and Compliance</span></li><li class="c2 c0"><span>Physical (Environmental) Security</span></li></ol><p class="c1 c0"><span></span></p><p class="c0"><span>Reference sites:</span></p><p class="c0"><span class="c4"><a class="c3" href="https://www.google.com/url?q=https%3A%2F%2Fopennet.net%2Fabout-oni&sa=D&sntz=1&usg=AFQjCNEsxLpyD6TwEnVQ_oIBziBb4SPvbQ">https://opennet.net/about-oni</a></span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.syngress.com%2Ffree-e-booklets&sa=D&sntz=1&usg=AFQjCNE6Xj2wwDILCslqQmw6kNarrMg8Kw">http://www.syngress.com/free-e-booklets</a></span></p><p class="c0 c1"><span></span></p><p class="c0"><span>Great summary of security processes for SMB:</span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fdigitaldefence.ca%2Fbeen-hacked&sa=D&sntz=1&usg=AFQjCNHikVL7vQ1c0PDXVu954Hb2I5ccvw">http://digitaldefence.ca/been-hacked</a></span></p><p class="c1 c0"><span></span></p><p class="c1 c0"><span></span></p><p class="c0"><span>To do (from sector):</span></p><p class="c0"><span>Build a pineapple device - w/ Noah?</span></p><p class="c0"><span>Build nmap, metasploit server on aws.</span></p><p class="c0"><span>Build my blog on aws w/ thesis 2.0.</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>On aws: (ssh -i wirepaper1.pem [email protected])</span></p><p class="c0"><span>* nmap was installed 2012 10 05</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Look into:</span></p><p class="c0"><span>* Backtrack (consolidated toolset?)</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>From Sector 2012:</span></p><p class="c0"><span>Check out:</span></p><p class="c0"><span>* metasploit</span></p><p class="c0"><span>* Nessus by Tenable Network Security</span></p><p class="c0"><span>* Trustwave by SpiderLabs</span></p><p class="c0"><span>* Check Point software (demoed at the Star Wars presentation)</span></p><p class="c0"><span>* EnCase Cybersecurity (offered by FDR Forensic Data Recovery Inc)</span></p><p class="c0"><span>* Damballa Failsafe (offered by FDR Forensic Data Recovery Inc)</span></p><p class="c0"><span>* AccessData (offered by FDR Forensic Data Recovery Inc)</span></p><p class="c0"><span>* RiskIO (risk.io) - vulnerability mgmt software</span></p><p class="c0"><span>* FireEye</span></p><p class="c0"><span>* Fortinet</span></p><p class="c0"><span>* Gigamon</span></p><p class="c0"><span>* Bluecoat</span></p><p class="c0"><span>* Qualys & Service-Now tie in?</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>Reference blog:</span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.securelist.com%2Fen%2F&sa=D&sntz=1&usg=AFQjCNF6njvU2Apqlyh0tN15DySmTN9_cw">http://www.securelist.com/en/</a></span></p><p class="c1 c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.securelist.com%2Fen%2F&sa=D&sntz=1&usg=AFQjCNF6njvU2Apqlyh0tN15DySmTN9_cw"></a></span></p><p class="c0"><span>Penetration testing:</span></p><p class="c0"><span>metasploit: </span><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.metasploit.com%2F&sa=D&sntz=1&usg=AFQjCNFR4tplM90bVnccpwCNs5WGJl51Nw">http://www.metasploit.com/</a></span></p><p class="c0"><span>CISSP Training Kit - MS Press (July 2012 release)</span></p><p class="c1 c0"><span></span></p><p class="c0"><span>NST (all in one image): </span><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fnetworksecuritytoolkit.org%2Fnst%2Findex.html&sa=D&sntz=1&usg=AFQjCNFR94Hcov_jtBHt5l8_hxwfB-zDHg">http://networksecuritytoolkit.org/nst/index.html</a></span></p><p class="c1 c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fnetworksecuritytoolkit.org%2Fnst%2Findex.html&sa=D&sntz=1&usg=AFQjCNFR94Hcov_jtBHt5l8_hxwfB-zDHg"></a></span></p><p class="c0"><span>Nessus docs: </span><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fwww.nessus.org%2Fproducts%2Fnessus%2Fdocumentation&sa=D&sntz=1&usg=AFQjCNGI-Di5l4j8Y0m28YtACqJWkT8UCw">http://www.nessus.org/products/nessus/documentation</a></span></p><p class="c0"><span>Nessus local install: </span><span class="c4"><a class="c3" href="https://www.google.com/url?q=https%3A%2F%2Flocalhost%3A8834%2Fdownloading%2F&sa=D&sntz=1&usg=AFQjCNGANVM221hWfBeh98qwPfltktAtRg">https://localhost:8834/</a></span></p><p class="c0"><span>Start Nessus: # sudo launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist</span></p><p class="c0"><span>Stop Nessus: # sudo launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist</span></p><p class="c1 c0"><span></span></p><p class="c1 c0"><span></span></p><p class="c0"><span>nmap:</span></p><p class="c0"><span>nmap 192.168.1.*</span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Flinux.byexamples.com%2Farchives%2F339%2Fa-simple-tutorial-for-network-scanning-software-nmap%2F&sa=D&sntz=1&usg=AFQjCNHu7vL80Gn1SRaaYEUNp6PIk4S04g">http://linux.byexamples.com/archives/339/a-simple-tutorial-for-network-scanning-software-nmap/</a></span></p><p class="c0"><span class="c4"><a class="c3" href="http://www.google.com/url?q=http%3A%2F%2Fnmap.org%2Fbook%2Fman-port-scanning-basics.html&sa=D&sntz=1&usg=AFQjCNHGAYkfMyHcCFJhUrGHOErn7jAEFw">http://nmap.org/book/man-port-scanning-basics.html</a></span></p><p class="c1 c0"><span></span></p></body></html>