St. Louis, April 22, 2016 – Alpine Security Principal and White Hat Hacker, Christian Espinosa, spoke yesterday at the Security Roundtable meeting at Washington University in St. Louis. Christian’s presentation “Decoding the Hack” started with a review of the “state of affairs” in cyber security, covering common vulnerabilities and tactics such as social engineering, identifying and exploiting unpatched systems & applications, and quick malware delivery methods for unlocked systems. Christian briefly covered the optimal, and often neglected, Top 5 critical security controls, based on the Center for Internet Security’s (CIS) Foundational Cyber Hygiene.
A simple hacking methodology narrowed down to four steps was reviewed and used as a framework for hacking demonstrations. Hacking methodology:
-
Objective Determination
-
Reconnaissance
-
Vulnerability Identification and Prioritization
-
Exploitation
Live hacking demonstrations were broken into three broad categories – Physical Access Attacks, Client-Side Attacks, and Server-Side Attacks. The live hacking demonstration covered the following areas:
Physical Access Attacks
-
Physical reconnaissance and vulnerability identification
-
Keyboard HID device attack demonstration
-
Hardware keylogger attack demonstration
Client-Side Attacks
-
Target email reconnaissance and acquisition
-
Man-in-the-Middle attack demonstration
-
Phishing demonstration
-
Credential stealing demonstration
-
Browser exploit demonstration
Server-Side Attacks
-
Public-facing server reconnaissance
-
SQL server enumeration and vulnerability identification
-
SQL Injection attack demonstration
Attacks were broken down to include methods used, tools used, and defenses circumvented.
A copy of the presentation can be found HERE.
About Washington University Security Roundtable
The Technology & Leadership Center Security Roundtable offers a dynamic group setting with timely, in-demand subject matter and presenters who are industry experts in their fields. Discussions include secure software, leveraging for threat assessment, cyber kill chain model implementation, STIK, TAXII and CybOX along with red team/blue team simulations. Presented by a wide range of speakers such as Washington University faculty members, other leading universities, management consultants and industry experts from around the country. The roundtables are designed to provide a collaborative environment for professionals across disciplines to share ideas and best practices on topics related to big data.
ABOUT ALPINE SECURITY
Alpine Security is a cyber security company that understands security is never a turnkey solution. Alpine Security takes a holistic approach, evaluating clients’ needs to develop a comprehensive solution with quantifiable results. Alpine Security provides services covering every facet of computer and network security, ranging from full assessments to incident response to specialized cyber security training, such as malware analysis training.