More offensive security metrics and you

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I've spent my time on planes recently trying to figure out a metric
for something a bit soft. I've noticed that there comes a point where a
hacker has been in a system for X number of days, reading emails,
learning about things, where it's not going to be possible to keep them
out. There's a certain set of things they know that give them an
infinite edge over the defence.

This needs to be a hacker with some set of analysis attached to it of
course.

Example things you should know after X days:
1. Active Directory structure.
   1a. Purpose of various OU's
   1b. Administrators and their roles
   1c. relationships to other active directory forests
   1d. Corporate groups
   1e. History (i.e. the "why" things are set up the way they are)
2. Password policies
   2a. New user default passwords
   2b. Passwords enforced by anything in particular?
3. internal terminology ("Yo, the EQT just exceeded our TOL - did you
fill out a ETM for that?")
4. Backup programs, patching programs.
5. How tech support calls work
6. Intranet web apps users use.
7. Overall network layout and FW policies.
etc. etc.

I know there's a long list of these sorts of things, and when you have
80% of them, you can't get kicked out. Essentially, you'll have found
strategic operational flaws that transcend any point-fixes the company
may be able to put into place.

So that's my offensive security metric of the week. :>

And now, a brief message from our sponsor, Shari!

___________________________________________________________________

As a vendor at the upcoming Hacker Halted Conference in downtown
Miami, FL, we are able to provide you with a special discounted
registration rate of $999 (which is a $300 savings).  If you are
interested in attending this conference at the special discounted
rate, please email admin () immunityinc com to get the registration code
needed for the discount to be applied.  There are no strings or fine
print attached in order to take part in this special offer.  Below you
will find more information about the conference.

*Hacker Halted USA 2009, the 14th in the global series, will be hosted
in Miami, Florida, from Sep 23 - 25.  To be held at the Hilton Miami
Downtown, Hacker Halted USA 2009 is set to be the perfect platform for
information security professionals to enhance knowledge and exchange
views, as well as network with other security professionals globally.

This information security conference will feature some of the best
security experts including the likes of Amit Yoran, Prof. Howard
Schmidt, Dave Litchfield, Ari Takenen, Ira Winkler, Dr. Herbert H.
Thompson, Ron Gula, Greg Hoglund and Edward Haletky, among others. It
presents a comprehensive program comprising intriguing, thought
provoking and current security topics such as Threats and
Countermeasures, Virtualization Security, Computer Forensics and
Investigations, Application Security and Secure Coding, Malware and
Botnets, etc. There will be an exhibition showcasing the latest
technologies, solutions and services in IT security as well.

To make Hacker Halted USA 2009 a truly valuable conference for all
attendees, EC-Council will be hosting three custom designed security
workshops led by EC-Council Master Instructors. These full fledged
one-day workshops on Sep 25, will cover three of the most popular
security topics, namely *Identifying Threats and Deploying
Countermeasures (Ethical Hacking)*; *Principles of Incident Handling*;
and *Exposing Virtualization Security Threats*. All registrants for
the conference will be entitled to attend one of these workshops,
worth $599, at absolutely no additional cost.

Presented by EC-Council, Hacker Halted has been hosted in different
cities including Myrtle Beach, Dubai, Taipei, Singapore, Kuala Lumpur,
Guangzhou, Mexico City, Tokyo among others. The objective of the
global series of Hacker Halted conferences is to raise international
awareness towards increased education and ethics in Information Security.

*Hackers Are Ready. Are you?*
http://www.hackerhalted.com


- -dave


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkqJ1MoACgkQtehAhL0gheppAACfdd3VzMrwNjWpDSpib2i+yRmb
mfQAnisJE11BYwMboTW37JAZCyYQQb49
=bVrQ
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave