Friday, May 16, 2008

ChicagoCon Day 1 wrap-up

The first round of talks was on Friday nite and they went well. By far the best talk was Luke McOmie and Chris Nickerson's talk on "The Art of Espionage" They talked about why red team style pentesting is working and why you should want your organization to have those types of tests conducted. They also gave out a good basic methodology on conduction those kind of assessments. It was a really good talk and I am looking forward to their workshop tomorrow.

2nd up was my talk on "New School Information Gathering". took me a bit to get warmed up but I think it went well after I got going.

The talk was basically about information gathering beyond just using whois lookups without sending non-standard traffic or scanning to the target domain.

End Result?
Organization's net blocks, external servers IPs and domain names, internal IP ranges, emails to send phishing attacks to, phone numbers to call, trust relationships with other organizations, & other relevant information for your audit and hopefully identifying exploitable flaws in the target’s network without scanning or sending non-standard traffic at the organization.

3rd was Matt Luallen of Sph3r3 LLC. He talked about "Simple Principles to Protect Information and Control Now and Tomorrow." He rolled out 22 principles to protect information. Definitely worth taking another look at when the slides come out.

Last up was Kelly Housman of Microsoft talking about "A look into Defense In Depth Security." I missed the first part because i was snagging free food. What I did catch was about Microsoft's Network Access Protection (NAP) initiative. Basically NAC implemented in windows software, where if your agent doesn't check in with the server and you aren't patched up you wont get network access tickets and you'll be segmented off and ignored by other clients. I'm old school and I like network gear doing my layer 2/3 protection instead of it being implemented by a server and some client software. I'm also leery of how a client will start to "ignore" an unauthenticated host on a LAN as well. He also went into some IPSec stuff, very MS centric and if you are running OSX or *nix you may be out of luck. Of course the whole trick to NAC is just figuring out how to tell the "checking software" what it wants to hear.

I'm excited for day 2, hopefully I'll get out an update on day 2 tomorrow.


Anonymous said...

Chris -

I greatly enjoyed sitting in on your keynote on information gathering. You not only introduced me to some resources I was not aware of, but also gave me some new ideas and approaches to take with this area. Thanks!!

CG said...

thanks Pete!