Corporate Laboratories PENTESTIT: Modern IB Threats

The relevance of cyberguroz

Recently, the cases of so-called. targeted hacker attacks (APT), the main purpose of which are financial, industrial and public sector. Such attacks are characterized by their lightning speed (from several minutes to several hours) and high professionalism of the attackers.

Often, security specialists, faced with several attempts at invasions (including distractions), do not have time to respond to a real attack. Moreover, the majority of such intrusion attempts are already revealed after the fact - after the leakage of critical data. The level of awareness of information security personnel of modern threats is usually not questioned, but, nevertheless, the number of attacks and their scale grows from year to year. Even large information security vendors like Kaspersky Lab are subject to similar attacks:

In early spring 2015, Kaspersky Lab recorded cyber intrusion into its corporate network. In the course of the investigation that followed, a new malicious platform was discovered that is directly related to one of the most complex and mysterious cyber espionage campaigns - Duqu, uncovered in 2011. The new platform is called Duqu 2.0.

How to protect the company's IT infrastructure in the face of cyber threats?

Three factors of readiness

It is important to identify three factors of information security preparedness that can deal with APT:

• the level of knowledge of modern threats;
• ability to think like an attacker and predict his actions;
• infrastructure security and risk minimization skills.

The PENTESTIT Corporate Laboratories training program focuses specifically on the practice of implementing modern attack scenarios and developing adequate protective measures, including when protecting against insider attacks - attempts by an employee of the company to attack the corporate network from the inside, which is well protected from the outside.

Intelligence and information gathering

The first stage of the APT attacks is to collect information about the attacked system. Such actions include:

• Intelligence and information gathering;
• Network Perimeter Scan;
• Search and operation of configuration errors.

(Un) website security

One of the most popular "entry points" in the corporate network is the company's website. Every fifth site contains critical vulnerabilities that allow an attacker to compromise it. These vulnerabilities primarily include:

• SQL injections;
• RCE (remote code execution);
• XSS;
• RFI / LFI;
• Race condition.

(Un) internal perimeter security

Often, the internal perimeter of the company is not given due attention. Getting one way or another into the inside of the corporate network, the attacker is more likely to become its full owner, using the following techniques:

• privilege elevation (exploits, SUID, etc.);
• collection of accounting data and consolidation in the system;
• hiding tracks.

Cybercrime investigation and evidence collection

In addition to preventing attacks, a clear advantage for IS specialists will be practical experience:

• reconstruction of the actions of the attacker;
• collection of evidence, including the collection of data for transmission to law enforcement agencies;
• removal of RAM dump and analysis using specialized utilities;
• file system analysis;
• determine possible consequences and damage assessment.

Corporate Laboratories PENTESTIT

The widespread dissemination of methods, techniques and tools for the work of intruders, the numerous “loud” vulnerabilities discovered in recent times, as well as the constant data leaks and hacks of large companies indicate their actual vulnerability to information security threats. The training of the information security department is a key factor in solving such problems. What are the features of the Corporate Laboratories training programs?
')
The uniqueness of Corporate Laboratories lies in the symbiosis of the training format (fully distant, not requiring separation from work and study), the quality of the material, and the specialized resources on which training is conducted. In addition to the strongest practical training, Corporate Laboratories include interesting webinar courses that are comparable in level to the material of professional conferences on practical security .

Relevance of the material

One of the distinguishing features of "Corporate laboratories" is the relevance of the material. The absence of a lengthy process of coordinating the training program with different instances allows us to update the course with each set (once every 1.5 months).

In Corporate Laboratories, we try to evaluate and objectively analyze the latest “loud” vulnerabilities and attacks: last year’s Heartbleed and POODLE, recent attacks on Hackerteam and extortion in one of the Russian banks:

The attackers demanded a ransom of $ 29 million rubles, otherwise they will publish the stolen customer information.

According to the publication "Fontanka", Bank "Saint Petersburg" was the victim of hackers. The largest attack in the entire history of St. Petersburg financial organizations began in April of this year. The attackers stole confidential information from the company's customers and demanded that its management pay 29 million rubles, otherwise customer data will be published in the public domain.

According to bank employees, they were able to detect in time an “activity that is not typical for clients” in the information database. Having studied the situation, the experts of the financial organization came to the conclusion that the information obtained by the attackers is not critical and cannot be used for the purpose of fraud. In this regard, it was decided not to block access to it for hackers, but to give time to law enforcement agencies to gather enough evidence to find the criminals. Within two weeks, the hackers "were allowed" to steal several thousand requisites unsuitable for carrying out operations on behalf of clients.

Learn more about the Corporate Laboratories .

In addition to the main, paid program, we invite experts from IT and IB areas who share their experiences, and also talk about best practices:

• Ares, Intercepter-ng ;
• Gregory Zemskov, Revisium ;
• Sergey "Rebz", Antichat , Rebz.net ;
• Maxim Lagutin, SiteSecure ;
• Oleg Mikhalsky, Acronis ;
• Oleg Bondarenko, Qrator ;
• Ivan Novikov, Wallarm .

“To protect yourself from hackers, you need to be able to think and act like a hacker. Otherwise, it is impossible to understand what is a vulnerability that can help an attacker to overcome your protection systems, and what is not ”.