際際滷

際際滷Share a Scribd company logo

Dec2018 istanbul-2

Download as PPTX, PDF
C
Chris Roberts

Rapid fire talk going through a number of topics that we'd pre-selected...one slide on the question, 1-2 slides on an answer.... Much goodness, for reference, here's the subjects: Planes: Lets go from myth to reality in a couple of slides, including updates since 2015 Transportation in general, cars, trucks, trains and ships´. Why can we still do this? What¨s not changed? The technology, reactive, static vs. predictive The humans, why do we ignore them? Why this needs to change´what does the future hold? Why DO we stare into the abyss, why do we continue to deny it Hacking humans, molecular Hacking humans, consciousness Why DO we need to fix and HOW do we fix it? Fix the human Fix the basics Intelligent systems working collaboratively with us Augmented intelligence, the science of giving us the edge. Collaborate

1 of 69
Download to read offline
Dec2018 istanbul-2
A Hackers Contemplation Where Do We Go From Here? Chris Roberts Chris@hillbillyhitsquad.com Sidragon1 (LinkedIn and Twitter)
Agenda ? Quick intro slide C What IS the kilted hairy thing doing here? ? Transportation C Planes, trains, ships and things ? State of the union C Why¨s everything still broken? ? Humans C Evolution or dystopia ? How DO we fix this mess? C Taser the vendors IS one option´ ? Closing thoughts´ C Wise words from Martin Luther King, Jr.
Intro
The Purple Goatee´ ? In the InfoSec/Cyber industry for too many years... ? Broke Nigeria, ISS, Mars Rover, airplanes, trains, etc. C Researched a whole lot more´ ? Working in the lab, consulting with Attivo, HHS, etc. C Why? Because I need to work out what I want to do´ ? Currently researching humans, AI, ML, and consciousness computing´ C Because there¨s better ways than passwords! C Because the future¨s not already scary enough ? C Because we¨re heading off the cliff´and we need to wake up ? Might also have a whisky collection that borders on the obsessive´ C Occasionally travels with the whisky football (thanks Inbar!)
永鉛温稼艶壊´
Planes History´ Never tweet about hacking planes WHILE in the plane
4 years of research BEFORE anyone listened.
Planes Today´ ALL the data ALL the time ALL the locations 10,000 Sensors in wing 7-8TB data per day 5,000 data points a sec. (engines)
Transportation & Intermodal
Cars And Lorries
Shipping, Make It Roll Over SATCOM C Navigation C RDP C Maintenance C Ballast Control
Locomotives: What to do when you get banned from several airlines´
Trains, Signals And Rail Yards´ Rail yard, run by 3rd party, manages freight across the entire country. TELNET access, ID=Admin PWD=Admin1 GE-EMD Locomotive Cellular, rail-line or network access to train ID=Admin PWD=000000 ElectroLogIXS switch (scattered ALL over the USA.) Allows signals to be interrupted AND changed´ Man NOT Present, bypassed. PWD=password Can change signals from RED to GREEN Etc.
3 years of research and NOBODY is listening yet.
Why Can We Still Break Everything?
Introspective´ ? So focused on red teams and breaking things we forget WHY we are truly here. ? Our charges who rely upon us to protect them are looking at us wondering WTF. ? We keep blaming our charges AND we keep increasing complexities. ? We spend more time building band aids than actually FIXING things.
We have failed absolutely spectacularly.
Why Have We Not Changed?
Safety vs. Security ? Human¨s have evolved over the last 50-60,00 years. ? Humans have always been targeted, depending upon various circumstances. ? We UNDERSTAND safety. ? Security is NOT part of our language.
Technology, Reactive vs. Proactive
Static Defense´
Static Defenses (Mk2)
Dec2018 istanbul-2
Why Do We Still Ignore The Humans?
Technology Is Sexier To Sell´
And It Makes Money! We spent $90 Billion on Information Security related products in 2017´ You think we¨d be able to do better?!?
Why Do We Have To Change?
By The Numbers Because in 2017 we ^lost ̄ 2 - 3 BILLION records´ (ish...) Numbers are between 1.9B and 8B´ (Yea, we can¨t even work out the right numbers´)
´HumansTechnology´ Past Present Future Vs.
The Abyss Is Waving Back´
The 9 Circles Of Hell´ ? Circle 1: Limbo: That age old Microsoft wait state´ ? Circle 2: Lust: The new tech´just like the old tech ? Circle 3: Gluttony: All those dongles, all over again, Apple! ? Circle 4: Avarice: Falling for another Nigerian prince´ ? Circle 5: Sullenness: Continually staring at that screen´ ? Circle 6: Heresy: Facebook IS evil and there is NO privacy ? Circle 7: Violence: Cyberbullying, no more words needed ? Circle 8: Fraud: Technology used against us daily´scams, etc. ? Circle 9: Treachery: Arguably all parties betraying the other´
Hacking Humans
2017´ Swimming nanorobots. Direction, motion and other functions can be changed based on the application of either heat (laser) or electromagnetic pulses. Nanorobots being taught how to code. In this case, recognize the differences in certain chemicals.
Nano And Bio Technology 2018´
Hacking Brains´
Mapping The Brain´ Left: Recording my brain interacting with my test computer. Right: Replayed a heap of times along with phone and two other devices. The brain interacting with the various systems, get a baseline with some deviation
Goodbye Passwords
So, recap´ We¨ve broken EVERYTHING Including humans InfoSec/Cyber is a bloody mess What the heck DO we do?
First!
Then!
Options; Dystopia Or 京顎壊岳´
The Revolution ? The industrial revolution went from 1712 to 1913 or so´ ? We went from steam to mass production of automotive transportation, aviation, and everything in-between. ? We¨ve had computing power for about 80 years and have changed EVERYTHING from transportation, communication, food, health, shelter, etc.
The Consequences ? Technology usage is in the hands of the many. C HUGE gap between developing/developed nations. ? Fewer still understand how it works. C And fewer still understand how it¨s fragmented. ? Fewer still understand how to protect it. C And we have almost NO diversity. ? We are handing control over to machines. C We don¨t fully understand the repercussions. C We REALLY don¨t know who¨s got control´
Fix The Basics!
Back to Basics ? The human: C 1 hour of awareness training PER year C ? session of ^don¨t click shit ̄ C ? session of ^don¨t send shit ̄ C No understanding of balancing work and life security C P@ssw0rd1 used at work and on Facebook etc. C Thinks the ^S ̄ in HTTPS is for wimps
Fix the humans
Change the conversation Safety NOT Security
Back to Basics (2) ? Your computers: C The ones on the FLAT network running W2k C The ones in the warehouse running XP C The ones the vendor said don¨t touch C The ones on the Internet with RDP!! C The ones on the Internet with 1433/3306/Etc. C The ones you don¨t even know about!
Remove the easy ways in!
Back to Basics (3) ? Your perimeter: C Accept it, you don¨t have one C The laptops, iPhones, IoT took your control away C Computer No1 on YOUR network is hacked C 2018¨s NGIPS/UBA/NGFW isn¨t going to help C Reactive, static defenses suck and don¨t work C There is NO cake, no fairy and NO simple answer C Start looking at preventative, proactive, predictive
Get eyes inside your world!
Back to Basics (4) ? Passwords (still) C Stop the re-use! C Teach pass phrases and password vaults. C Teach separation/segmentation C 2FA, it¨s NOT hard to integrate C All your users DON¨T need to be admin! C All your admins NEED to be separated C All your developers DON¨T need to hardcode
Education and simpler integration
Back to Basics (5) ? Get a plan C Face it, shit¨s going to hit the fan at some point. C Be prepared, simpler to reach for the IR forms than wonder WHAT to do´ C Have the communications plan in place ready to go´ C Have the humans prepared. (No, not cannibalism) C Practice makes perfect, headless chicken mode is NOT needed´ C Know the steps (OODA or NIST IR)
Get a plan!
Intelligent Systems And 雨壊´
Technology AND Humans
Augmented Intelligence
Human Intelligence Influencers SurroundingsMy Life and I
Artificial Intelligence In Cyber´ This IS security!
Want to REALLY embrace artificial intelligence? Give up on privacy.
Collaborate Or Die
5 million apps, 6 billion connected people, 26 Billion devices, 3 million shortfall in InfoSec´
Final Words
The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy. Martin Luther King, Jr. 66
I will fail We will succeed
We Succeed´ HUGE thank you to EVERYONE here´ And to everyone at Innovera !
^So long and thanks for all the fish ̄ Douglas Adams, you are missed.

Recommended

Introduction to software testing
Introduction to software testingIntroduction to software testing
Introduction to software testing
Aruna Iyer
?
Artificial intelligence
Artificial intelligenceArtificial intelligence
Artificial intelligence
Chandra Pr. Singh
?
Turing test
Turing testTuring test
Turing test
SHAKIB MONDAL
?
AI and Superintelligence
AI and SuperintelligenceAI and Superintelligence
AI and Superintelligence
Mustafa O?uz
?
Artificial Intelligence in InfoSec
Artificial Intelligence in InfoSecArtificial Intelligence in InfoSec
Artificial Intelligence in InfoSec
Chris Roberts
?
[嬉夛I伏Bw狼] 02 泌採効貧憐紅a瞳
[嬉夛I伏Bw狼] 02 泌採効貧憐紅a瞳[嬉夛I伏Bw狼] 02 泌採効貧憐紅a瞳
[嬉夛I伏Bw狼] 02 泌採効貧憐紅a瞳
National Development Council, Taiwan
?
Internet of ?
Internet of ?Internet of ?
Internet of ?
Audrius Janulis
?
Presentation on Artificial Intelligence
Presentation on Artificial IntelligencePresentation on Artificial Intelligence
Presentation on Artificial Intelligence
Arif Mahmud Sisir
?
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
Chris Roberts
?
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Michael Rushanan
?
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange Land
Dr. Kim (Kyllesbech Larsen)
?
Hushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for EchoHushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for Echo
Deja vu Security
?
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
Paul Woodhead
?
You online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the SelfYou online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the Self
Abhay Agarwal
?
Red vs. Blue Why we¨ve been getting it wrong for 25 years
Red vs. Blue Why we¨ve been getting it wrong for 25 yearsRed vs. Blue Why we¨ve been getting it wrong for 25 years
Red vs. Blue Why we¨ve been getting it wrong for 25 years
EC-Council
?
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
zapp0
?
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
?
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdf
Thijs Ebbers
?
New technology
New technologyNew technology
New technology
Russell Feldhausen
?
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
?
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology report
Marq2014
?
Everyone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business SchoolEveryone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business School
David Terrar
?
AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020
Denis Curtin
?
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
VMware Tanzu
?
AI C Risks, Opportunities and Ethical Issues April 2023.pdf
AI C Risks, Opportunities and Ethical Issues April 2023.pdfAI C Risks, Opportunities and Ethical Issues April 2023.pdf
AI C Risks, Opportunities and Ethical Issues April 2023.pdf
Adam Ford
?
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slides
Leon Kuunders
?
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
?
The Science Of Social Networks
The Science Of Social NetworksThe Science Of Social Networks
The Science Of Social Networks
Ehren Foss
?
2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx
Chris Roberts
?
Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020
Chris Roberts
?

More Related Content

Similar to Dec2018 istanbul-2 (20)

Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
Chris Roberts
?
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Michael Rushanan
?
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange Land
Dr. Kim (Kyllesbech Larsen)
?
Hushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for EchoHushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for Echo
Deja vu Security
?
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
Paul Woodhead
?
You online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the SelfYou online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the Self
Abhay Agarwal
?
Red vs. Blue Why we¨ve been getting it wrong for 25 years
Red vs. Blue Why we¨ve been getting it wrong for 25 yearsRed vs. Blue Why we¨ve been getting it wrong for 25 years
Red vs. Blue Why we¨ve been getting it wrong for 25 years
EC-Council
?
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
zapp0
?
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
?
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdf
Thijs Ebbers
?
New technology
New technologyNew technology
New technology
Russell Feldhausen
?
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
?
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology report
Marq2014
?
Everyone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business SchoolEveryone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business School
David Terrar
?
AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020
Denis Curtin
?
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
VMware Tanzu
?
AI C Risks, Opportunities and Ethical Issues April 2023.pdf
AI C Risks, Opportunities and Ethical Issues April 2023.pdfAI C Risks, Opportunities and Ethical Issues April 2023.pdf
AI C Risks, Opportunities and Ethical Issues April 2023.pdf
Adam Ford
?
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slides
Leon Kuunders
?
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
?
The Science Of Social Networks
The Science Of Social NetworksThe Science Of Social Networks
The Science Of Social Networks
Ehren Foss
?
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
Chris Roberts
?
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Michael Rushanan
?
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange Land
Dr. Kim (Kyllesbech Larsen)
?
Hushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for EchoHushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for Echo
Deja vu Security
?
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
Paul Woodhead
?
You online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the SelfYou online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the Self
Abhay Agarwal
?
Red vs. Blue Why we¨ve been getting it wrong for 25 years
Red vs. Blue Why we¨ve been getting it wrong for 25 yearsRed vs. Blue Why we¨ve been getting it wrong for 25 years
Red vs. Blue Why we¨ve been getting it wrong for 25 years
EC-Council
?
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
zapp0
?
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
?
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdf
Thijs Ebbers
?
New technology
New technologyNew technology
New technology
Russell Feldhausen
?
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
?
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology report
Marq2014
?
Everyone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business SchoolEveryone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business School
David Terrar
?
AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020
Denis Curtin
?
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
VMware Tanzu
?
AI C Risks, Opportunities and Ethical Issues April 2023.pdf
AI C Risks, Opportunities and Ethical Issues April 2023.pdfAI C Risks, Opportunities and Ethical Issues April 2023.pdf
AI C Risks, Opportunities and Ethical Issues April 2023.pdf
Adam Ford
?
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slides
Leon Kuunders
?
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
?
The Science Of Social Networks
The Science Of Social NetworksThe Science Of Social Networks
The Science Of Social Networks
Ehren Foss
?

More from Chris Roberts (6)

2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx
Chris Roberts
?
Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020
Chris Roberts
?
Addo nov-culture-holding us accountable
Addo nov-culture-holding us accountableAddo nov-culture-holding us accountable
Addo nov-culture-holding us accountable
Chris Roberts
?
Gunning for granny
Gunning for grannyGunning for granny
Gunning for granny
Chris Roberts
?
Oct2018 msp-css18-squished
Oct2018 msp-css18-squishedOct2018 msp-css18-squished
Oct2018 msp-css18-squished
Chris Roberts
?
GrrCon 2018 - Getting Into InfoSec
GrrCon 2018 - Getting Into InfoSecGrrCon 2018 - Getting Into InfoSec
GrrCon 2018 - Getting Into InfoSec
Chris Roberts
?
2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx
Chris Roberts
?
Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020
Chris Roberts
?
Addo nov-culture-holding us accountable
Addo nov-culture-holding us accountableAddo nov-culture-holding us accountable
Addo nov-culture-holding us accountable
Chris Roberts
?
Gunning for granny
Gunning for grannyGunning for granny
Gunning for granny
Chris Roberts
?
Oct2018 msp-css18-squished
Oct2018 msp-css18-squishedOct2018 msp-css18-squished
Oct2018 msp-css18-squished
Chris Roberts
?
GrrCon 2018 - Getting Into InfoSec
GrrCon 2018 - Getting Into InfoSecGrrCon 2018 - Getting Into InfoSec
GrrCon 2018 - Getting Into InfoSec
Chris Roberts
?

Recently uploaded (20)

Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)
nick896721
?
Gojek Clone Multi-Service Super App.pptx
Gojek Clone Multi-Service Super App.pptxGojek Clone Multi-Service Super App.pptx
Gojek Clone Multi-Service Super App.pptx
V3cube
?
L01 Introduction to Nanoindentation - What is hardness
L01 Introduction to Nanoindentation - What is hardnessL01 Introduction to Nanoindentation - What is hardness
L01 Introduction to Nanoindentation - What is hardness
RostislavDaniel
?
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
Safe Software
?
Replacing RocksDB with ScyllaDB in Kafka Streams by Almog Gavra
Replacing RocksDB with ScyllaDB in Kafka Streams by Almog GavraReplacing RocksDB with ScyllaDB in Kafka Streams by Almog Gavra
Replacing RocksDB with ScyllaDB in Kafka Streams by Almog Gavra
ScyllaDB
?
How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...
How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...
How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...
ScyllaDB
?
Field Device Management Market Report 2030 - TechSci Research
Field Device Management Market Report 2030 - TechSci ResearchField Device Management Market Report 2030 - TechSci Research
Field Device Management Market Report 2030 - TechSci Research
Vipin Mishra
?
Fl studio crack version 12.9 Free Download
Fl studio crack version 12.9 Free DownloadFl studio crack version 12.9 Free Download
Fl studio crack version 12.9 Free Download
kherorpacca127
?
Wondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 LatestWondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 Latest
udkg888
?
Build with AI on Google Cloud Session #4
Build with AI on Google Cloud Session #4Build with AI on Google Cloud Session #4
Build with AI on Google Cloud Session #4
Margaret Maynard-Reid
?
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Jonathan Bowen
?
UiPath Automation Developer Associate Training Series 2025 - Session 1
UiPath Automation Developer Associate Training Series 2025 - Session 1UiPath Automation Developer Associate Training Series 2025 - Session 1
UiPath Automation Developer Associate Training Series 2025 - Session 1
DianaGray10
?
Technology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptxTechnology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptx
kaylagaze
?
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptxUnderstanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
shyamraj55
?
UiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilitiesUiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilities
DianaGray10
?
UiPath Agentic Automation Capabilities and Opportunities
UiPath Agentic Automation Capabilities and OpportunitiesUiPath Agentic Automation Capabilities and Opportunities
UiPath Agentic Automation Capabilities and Opportunities
DianaGray10
?
FinTech - US Annual Funding Report - 2024.pptx
FinTech - US Annual Funding Report - 2024.pptxFinTech - US Annual Funding Report - 2024.pptx
FinTech - US Annual Funding Report - 2024.pptx
Tracxn
?
A Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin EngineeringA Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin Engineering
Daniel Lehner
?
DealBook of Ukraine: 2025 edition | AVentures Capital
DealBook of Ukraine: 2025 edition | AVentures CapitalDealBook of Ukraine: 2025 edition | AVentures Capital
DealBook of Ukraine: 2025 edition | AVentures Capital
Yevgen Sysoyev
?
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOTSMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
TanmaiArni
?
Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)
nick896721
?
Gojek Clone Multi-Service Super App.pptx
Gojek Clone Multi-Service Super App.pptxGojek Clone Multi-Service Super App.pptx
Gojek Clone Multi-Service Super App.pptx
V3cube
?
L01 Introduction to Nanoindentation - What is hardness
L01 Introduction to Nanoindentation - What is hardnessL01 Introduction to Nanoindentation - What is hardness
L01 Introduction to Nanoindentation - What is hardness
RostislavDaniel
?
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps
Safe Software
?
Replacing RocksDB with ScyllaDB in Kafka Streams by Almog Gavra
Replacing RocksDB with ScyllaDB in Kafka Streams by Almog GavraReplacing RocksDB with ScyllaDB in Kafka Streams by Almog Gavra
Replacing RocksDB with ScyllaDB in Kafka Streams by Almog Gavra
ScyllaDB
?
How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...
How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...
How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...
ScyllaDB
?
Field Device Management Market Report 2030 - TechSci Research
Field Device Management Market Report 2030 - TechSci ResearchField Device Management Market Report 2030 - TechSci Research
Field Device Management Market Report 2030 - TechSci Research
Vipin Mishra
?
Fl studio crack version 12.9 Free Download
Fl studio crack version 12.9 Free DownloadFl studio crack version 12.9 Free Download
Fl studio crack version 12.9 Free Download
kherorpacca127
?
Wondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 LatestWondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 Latest
udkg888
?
Build with AI on Google Cloud Session #4
Build with AI on Google Cloud Session #4Build with AI on Google Cloud Session #4
Build with AI on Google Cloud Session #4
Margaret Maynard-Reid
?
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Jonathan Bowen
?
UiPath Automation Developer Associate Training Series 2025 - Session 1
UiPath Automation Developer Associate Training Series 2025 - Session 1UiPath Automation Developer Associate Training Series 2025 - Session 1
UiPath Automation Developer Associate Training Series 2025 - Session 1
DianaGray10
?
Technology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptxTechnology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptx
kaylagaze
?
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptxUnderstanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
shyamraj55
?
UiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilitiesUiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilities
DianaGray10
?
UiPath Agentic Automation Capabilities and Opportunities
UiPath Agentic Automation Capabilities and OpportunitiesUiPath Agentic Automation Capabilities and Opportunities
UiPath Agentic Automation Capabilities and Opportunities
DianaGray10
?
FinTech - US Annual Funding Report - 2024.pptx
FinTech - US Annual Funding Report - 2024.pptxFinTech - US Annual Funding Report - 2024.pptx
FinTech - US Annual Funding Report - 2024.pptx
Tracxn
?
A Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin EngineeringA Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin Engineering
Daniel Lehner
?
DealBook of Ukraine: 2025 edition | AVentures Capital
DealBook of Ukraine: 2025 edition | AVentures CapitalDealBook of Ukraine: 2025 edition | AVentures Capital
DealBook of Ukraine: 2025 edition | AVentures Capital
Yevgen Sysoyev
?
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOTSMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
TanmaiArni
?

Dec2018 istanbul-2

  • 2. A Hackers Contemplation Where Do We Go From Here? Chris Roberts Chris@hillbillyhitsquad.com Sidragon1 (LinkedIn and Twitter)
  • 3. Agenda ? Quick intro slide C What IS the kilted hairy thing doing here? ? Transportation C Planes, trains, ships and things ? State of the union C Why¨s everything still broken? ? Humans C Evolution or dystopia ? How DO we fix this mess? C Taser the vendors IS one option´ ? Closing thoughts´ C Wise words from Martin Luther King, Jr.
  • 5. The Purple Goatee´ ? In the InfoSec/Cyber industry for too many years... ? Broke Nigeria, ISS, Mars Rover, airplanes, trains, etc. C Researched a whole lot more´ ? Working in the lab, consulting with Attivo, HHS, etc. C Why? Because I need to work out what I want to do´ ? Currently researching humans, AI, ML, and consciousness computing´ C Because there¨s better ways than passwords! C Because the future¨s not already scary enough ? C Because we¨re heading off the cliff´and we need to wake up ? Might also have a whisky collection that borders on the obsessive´ C Occasionally travels with the whisky football (thanks Inbar!)
  • 7. Planes History´ Never tweet about hacking planes WHILE in the plane
  • 8. 4 years of research BEFORE anyone listened.
  • 9. Planes Today´ ALL the data ALL the time ALL the locations 10,000 Sensors in wing 7-8TB data per day 5,000 data points a sec. (engines)
  • 12. Shipping, Make It Roll Over SATCOM C Navigation C RDP C Maintenance C Ballast Control
  • 13. Locomotives: What to do when you get banned from several airlines´
  • 14. Trains, Signals And Rail Yards´ Rail yard, run by 3rd party, manages freight across the entire country. TELNET access, ID=Admin PWD=Admin1 GE-EMD Locomotive Cellular, rail-line or network access to train ID=Admin PWD=000000 ElectroLogIXS switch (scattered ALL over the USA.) Allows signals to be interrupted AND changed´ Man NOT Present, bypassed. PWD=password Can change signals from RED to GREEN Etc.
  • 15. 3 years of research and NOBODY is listening yet.
  • 16. Why Can We Still Break Everything?
  • 17. Introspective´ ? So focused on red teams and breaking things we forget WHY we are truly here. ? Our charges who rely upon us to protect them are looking at us wondering WTF. ? We keep blaming our charges AND we keep increasing complexities. ? We spend more time building band aids than actually FIXING things.
  • 18. We have failed absolutely spectacularly.
  • 19. Why Have We Not Changed?
  • 20. Safety vs. Security ? Human¨s have evolved over the last 50-60,00 years. ? Humans have always been targeted, depending upon various circumstances. ? We UNDERSTAND safety. ? Security is NOT part of our language.
  • 25. Why Do We Still Ignore The Humans?
  • 26. Technology Is Sexier To Sell´
  • 27. And It Makes Money! We spent $90 Billion on Information Security related products in 2017´ You think we¨d be able to do better?!?
  • 28. Why Do We Have To Change?
  • 29. By The Numbers Because in 2017 we ^lost ̄ 2 - 3 BILLION records´ (ish...) Numbers are between 1.9B and 8B´ (Yea, we can¨t even work out the right numbers´)
  • 31. The Abyss Is Waving Back´
  • 32. The 9 Circles Of Hell´ ? Circle 1: Limbo: That age old Microsoft wait state´ ? Circle 2: Lust: The new tech´just like the old tech ? Circle 3: Gluttony: All those dongles, all over again, Apple! ? Circle 4: Avarice: Falling for another Nigerian prince´ ? Circle 5: Sullenness: Continually staring at that screen´ ? Circle 6: Heresy: Facebook IS evil and there is NO privacy ? Circle 7: Violence: Cyberbullying, no more words needed ? Circle 8: Fraud: Technology used against us daily´scams, etc. ? Circle 9: Treachery: Arguably all parties betraying the other´
  • 34. 2017´ Swimming nanorobots. Direction, motion and other functions can be changed based on the application of either heat (laser) or electromagnetic pulses. Nanorobots being taught how to code. In this case, recognize the differences in certain chemicals.
  • 35. Nano And Bio Technology 2018´
  • 37. Mapping The Brain´ Left: Recording my brain interacting with my test computer. Right: Replayed a heap of times along with phone and two other devices. The brain interacting with the various systems, get a baseline with some deviation
  • 39. So, recap´ We¨ve broken EVERYTHING Including humans InfoSec/Cyber is a bloody mess What the heck DO we do?
  • 41. Then!
  • 42. Options; Dystopia Or 京顎壊岳´
  • 43. The Revolution ? The industrial revolution went from 1712 to 1913 or so´ ? We went from steam to mass production of automotive transportation, aviation, and everything in-between. ? We¨ve had computing power for about 80 years and have changed EVERYTHING from transportation, communication, food, health, shelter, etc.
  • 44. The Consequences ? Technology usage is in the hands of the many. C HUGE gap between developing/developed nations. ? Fewer still understand how it works. C And fewer still understand how it¨s fragmented. ? Fewer still understand how to protect it. C And we have almost NO diversity. ? We are handing control over to machines. C We don¨t fully understand the repercussions. C We REALLY don¨t know who¨s got control´
  • 46. Back to Basics ? The human: C 1 hour of awareness training PER year C ? session of ^don¨t click shit ̄ C ? session of ^don¨t send shit ̄ C No understanding of balancing work and life security C P@ssw0rd1 used at work and on Facebook etc. C Thinks the ^S ̄ in HTTPS is for wimps
  • 49. Back to Basics (2) ? Your computers: C The ones on the FLAT network running W2k C The ones in the warehouse running XP C The ones the vendor said don¨t touch C The ones on the Internet with RDP!! C The ones on the Internet with 1433/3306/Etc. C The ones you don¨t even know about!
  • 50. Remove the easy ways in!
  • 51. Back to Basics (3) ? Your perimeter: C Accept it, you don¨t have one C The laptops, iPhones, IoT took your control away C Computer No1 on YOUR network is hacked C 2018¨s NGIPS/UBA/NGFW isn¨t going to help C Reactive, static defenses suck and don¨t work C There is NO cake, no fairy and NO simple answer C Start looking at preventative, proactive, predictive
  • 52. Get eyes inside your world!
  • 53. Back to Basics (4) ? Passwords (still) C Stop the re-use! C Teach pass phrases and password vaults. C Teach separation/segmentation C 2FA, it¨s NOT hard to integrate C All your users DON¨T need to be admin! C All your admins NEED to be separated C All your developers DON¨T need to hardcode
  • 54. Education and simpler integration
  • 55. Back to Basics (5) ? Get a plan C Face it, shit¨s going to hit the fan at some point. C Be prepared, simpler to reach for the IR forms than wonder WHAT to do´ C Have the communications plan in place ready to go´ C Have the humans prepared. (No, not cannibalism) C Practice makes perfect, headless chicken mode is NOT needed´ C Know the steps (OODA or NIST IR)
  • 61. Artificial Intelligence In Cyber´ This IS security!
  • 62. Want to REALLY embrace artificial intelligence? Give up on privacy.
  • 64. 5 million apps, 6 billion connected people, 26 Billion devices, 3 million shortfall in InfoSec´
  • 66. The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy. Martin Luther King, Jr. 66
  • 67. I will fail We will succeed
  • 68. We Succeed´ HUGE thank you to EVERYONE here´ And to everyone at Innovera !
  • 69. ^So long and thanks for all the fish ̄ Douglas Adams, you are missed.
AboutCopyright
? 2025 際際滷