Re: Presentation Advice

[d4ncingd4n () gmail com]

I would suggest a gimmick to get people involved. I brought a package of individually wrapped peppermint candy to may 
presentation. Early in the presentation I asked a basic question to get the audience involved. When people held up 
there hand, I called on the person on the back row. When they correctly answered, I unwrapped the peppermint with 
everyone watching and asked the person on the front row to pass it back. Everyone was disgusted but did so. As the 
candy made it further to the back, everyone was disgusted. That's wheni sad "the reason you don't want to eat that is 
it might have a virus on it. Imagine that were a usb key you found in the parking lot. It could have a virus also." 
people were talking about that for days. 

Bart

Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Bugbear <gbugbear () gmail com>
Sender: pauldotcom-bounces () mail pauldotcom com
Date: Thu, 9 Sep 2010 09:58:46 
To: PaulDotCom Security Weekly Mailing List<pauldotcom () mail pauldotcom com>
Reply-To: PaulDotCom Security Weekly Mailing List
        <pauldotcom () mail pauldotcom com>
Subject: Re: [Pauldotcom] Presentation Advice

All great valid points. This is your chance to get some users to think
about what they are doing, so don't forget to give them some useful,
constructive advice on how to protect themselves and the corporate
data.

I have found such presentations are often a great way to sell internal
policies, procedures, and technical defenses to the users. Once they
understand why you have put these in place they are less likely
(theoretically) to try to circumvent these.

Best of luck

Tim

On Wed, Sep 8, 2010 at 11:43 PM, Craig Freyman <craigfreyman () gmail com> wrote:
> Great input, thank you.
>
> On Wed, Sep 8, 2010 at 8:13 PM, Dave Ockwell-Jenner <doj () primeinfosec com>
> wrote:
> > Hi Craig,
> >
> > I've given a very similar presentation earlier this year, and shortly
> > dusting it off to deliver it again to a new audience.
> >
> > I took a similar approach to show the limitations of traditional security
> > controls (firewalls, AV, etc.). I have a virtual 'lab' consisting of three
> > machines which simulate a small office. There is an endpoint desktop system,
> > running AV (in my case it's AVG Free--kept up-to-date), a server system
> > hosting shared files and a web site, and a security appliance (Untangle)
> > providing networking routing, firewall, content inspection, etc.
> >
> > Lastly, I have a separate 'attacker' system, running Metasploit. I took
> > Metasploit's meterpreter payload, ran through some AV evasion techniques,
> > and encoded it up as a VBScript, which I embedded in an innocuous looking
> > Word document.
> >
> > I demonstrate that the endpoint system is fully patched and has fully
> > updated AV. We try to access a few web sites which the security appliance
> > blocks, to show that it's working. We then open up the suspect Word
> > document, which is hosted on a professional looking web site, such as you
> > might be sent a link to in e-mail, IM, etc. The security appliance doesn't
> > see a problem. IE doesn't see anything wrong with it's download checker. We
> > even test the file with AV manually, just to be sure.
> >
> > The 'user' opens up the Word document, the meterpreter payload runs, and
> > we have pwnage.
> >
> > I then run through a few things in Metasploit: access sensitive files,
> > cracking passwords and pivoting to attack the server system.
> >
> > Last time out, I mostly saw open jaws... and LOTS of questions, which was
> > the purpose of the presentation :)
> >
> > Good luck!
> > Dave.
> >
> > On 2010-09-08, at 4:59 PM, Craig Freyman wrote:
> >
> > > I'm giving a security presentation to a room full of non IT folks in a
> > > few weeks. The point I want to drive home is that simply having AV and a
> > > Firewall doesn't make you bulletproof. There is a big gap between what the
> > > bad guys can do and what modern security apps can stop or catch. I think one
> > > way to help bridge this gap would be to raise user awareness and to get
> > > users thinking about security issues. I believe most users think that with
> > > AV/Firewall and not clicking on links, they're safe.
> > >
> > > I was planning on doing a live demo (crossing fingers) to make this
> > > point. I will set up a rogue AP ("FreeWIFI Connect to ME!"), connect a
> > > client machine and then demonstrate some MITM attacks. I'll also throw in
> > > some SET to have some meterpreter fun. Password stealing, key logging, sound
> > > recording etc... I know I cant get too technical and if I do, I'll loose the
> > > group. I think this demo would get their attention but was wondering if
> > > anyone has done this before and if so, what did you do?
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> > --
> > Dave Ockwell-Jenner, President
> > Prime Information Security • Because business is risky enough™
> > www.primeinfosec.com • (519) 772-4929
> >
> >
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com