Subscribe
Part of the AvengerCon VI presentations cleared for public release:
Back to Basics. Why your $10 million SIEM wont' stop the bad guys, presented by Mark Klink
As a community of hackers, we struggle to see the forest for the trees. In the process of analyzing big, complicated datasets, we fail to identify the simple solution lying directly in front of us. My approach to hacking is more along the lines of saying KISS, Keep it Simple, Stupid.
This talk is a conversation that leverages my experience on the offensive side as a penetration tester, bug bounty hunter, or from my observations working with red teams across more than a dozen Army exercises. I’ll discuss why big data analytics, artificial intelligence, and machine learning may be distracting us from achieving success on both the offensive and defensive sides of cyberspace operations, and why sometimes, taking a non-technical or fresh approach to a technical problem and lead to surprising solutions.
In December of 2020, I identified default credentials on more than 2 dozen printers and a public facing router within the Department of Defense which led to remote code execution as a root privileged user. As a result, I was awarded with DoD Security Researcher of the Month. Most of my experience in bug hunting, penetration testing, and offensive cyberspace operations often comes down to identifying simple vulnerabilities that can present substantial opportunity.
The 2021 HackerOne Security trends report states that the top reported vulnerabilities include Cross-Site Scripting, Information Disclosure, and Improper Access Control – Generic (including default credentials, authentication bypass, and weak/guessable passwords). The trends in the private sector seem to indicate that 51% of reported vulnerabilities are due either input sanitization or user error when configuring a web application. These trends match what I’ve seen in real-world bug bounty hunting over the course of several years, and these concepts can be applied to much more complex target sets.
While things like 0-days, custom exploits, and big data analytics provide benefit in highly specific or time-sensitive situations, it can be easy to get wrapped up in a complex task and miss the subdomain takeover, the default credentials, or the information disclosure right in front of you. This talk will attempt to encourage others to step back, take a breath, and revaluate a situation from a new perspective in order to become a better attacker or defender without having to rely on tools, technology, or buzz words to be successful.
AvengerCon is a free security event hosted every fall by Maryland Innovation and Security Institute to benefit the hackers of the U.S. Cyber Command community and the U.S. Army 780th Military Intelligence Brigade. The event is open to all service members and employees of U.S. Cyber Command and Department of Defense personnel supporting cyberspace missions. AvengerCon features presentations, hacker villages, training workshops, and much more.
The event is open to all service members and employees of U.S. Cyber Command and Department of Defense, and related partners supporting cyberspace missions. It will include a keynote speaker, presentations, and villages, currently scheduled for 1 December, and workshops hosted on 30 November.
| Date Taken: | 11.30.2021 |
| Date Posted: | 09.15.2022 14:21 |
| Category: | Series |
| Video ID: | 857461 |
| VIRIN: | 211130-O-PX639-832 |
| Filename: | DOD_109219166 |
| Length: | 00:11:14 |
| Location: | US |
| Downloads: | 2 |
| High-Res. Downloads: | 2 |
This work, Back to Basics. Why your $10 million SIEM wont' stop the bad guys., by Steven Stover, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.
LEAVE A COMMENT