Re: Presentation Advice

[Craig Freyman <craigfreyman () gmail com>]

Great input, thank you.

On Wed, Sep 8, 2010 at 8:13 PM, Dave Ockwell-Jenner <doj () primeinfosec com>wrote:

> Hi Craig,
>
> I've given a very similar presentation earlier this year, and shortly
> dusting it off to deliver it again to a new audience.
>
> I took a similar approach to show the limitations of traditional security
> controls (firewalls, AV, etc.). I have a virtual 'lab' consisting of three
> machines which simulate a small office. There is an endpoint desktop system,
> running AV (in my case it's AVG Free--kept up-to-date), a server system
> hosting shared files and a web site, and a security appliance (Untangle)
> providing networking routing, firewall, content inspection, etc.
>
> Lastly, I have a separate 'attacker' system, running Metasploit. I took
> Metasploit's meterpreter payload, ran through some AV evasion techniques,
> and encoded it up as a VBScript, which I embedded in an innocuous looking
> Word document.
>
> I demonstrate that the endpoint system is fully patched and has fully
> updated AV. We try to access a few web sites which the security appliance
> blocks, to show that it's working. We then open up the suspect Word
> document, which is hosted on a professional looking web site, such as you
> might be sent a link to in e-mail, IM, etc. The security appliance doesn't
> see a problem. IE doesn't see anything wrong with it's download checker. We
> even test the file with AV manually, just to be sure.
>
> The 'user' opens up the Word document, the meterpreter payload runs, and we
> have pwnage.
>
> I then run through a few things in Metasploit: access sensitive files,
> cracking passwords and pivoting to attack the server system.
>
> Last time out, I mostly saw open jaws... and LOTS of questions, which was
> the purpose of the presentation :)
>
> Good luck!
> Dave.
>
> On 2010-09-08, at 4:59 PM, Craig Freyman wrote:
>
> > I'm giving a security presentation to a room full of non IT folks in a
> few weeks. The point I want to drive home is that simply having AV and a
> Firewall doesn't make you bulletproof. There is a big gap between what the
> bad guys can do and what modern security apps can stop or catch. I think one
> way to help bridge this gap would be to raise user awareness and to get
> users thinking about security issues. I believe most users think that with
> AV/Firewall and not clicking on links, they're safe.
> > I was planning on doing a live demo (crossing fingers) to make this
> point. I will set up a rogue AP ("FreeWIFI Connect to ME!"), connect a
> client machine and then demonstrate some MITM attacks. I'll also throw in
> some SET to have some meterpreter fun. Password stealing, key logging, sound
> recording etc... I know I cant get too technical and if I do, I'll loose the
> group. I think this demo would get their attention but was wondering if
> anyone has done this before and if so, what did you do?
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
> --
> Dave Ockwell-Jenner, President
> Prime Information Security • Because business is risky enough™
> www.primeinfosec.com • (519) 772-4929
>
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com