Abstract image of a woman sitting on books and studying on a laptop

Practical Cyber Defense

Paul Dutot IEng MIET MBCS CITP OSCP CSTM, profile picture
Paul Dutot IEng MIET MBCS CITP OSCP CSTM

The document outlines the practical aspects of cyber defense, emphasizing the need for organizations to prepare for attacks with staged approaches. It covers concepts such as reconnaissance, security awareness, and the importance of security measures like antivirus and SIEM systems. Additionally, it provides various resources for further learning and implementation in organizational cybersecurity strategies.

InternetTechnologyBusiness
1 of 19
Downloaded 27 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Practical CyberDefense By Paul Dutot
About me ● Co Founder of the CIISF Practical CyberDefense ● Employed as an Ethical Security Consultant @ Logicalis Jersey ● Practice Offensive & Defensive Security for businesses at all verticals
Agenda ● Concepts I and II Practical CyberDefense ● Stages 1-5 of a practical Cyber Defense with more demo's ● Resources Questions at the end please ● Reverse & Bind Shells Demo
Concepts I “Attackers have months to prepare, defenders have minutes to react” Practical CyberDefense “This is not a security control !!!!” vs
Concepts II “Security is a journey” Practical CyberDefense “What are the bad guys trying to achieve?
Reverse & Bind Shells Practical CyberDefense Demo
Stage 1 – Buy In ● Appoint a 'Cyber' champion ● 'C' level Buy In ● Maintain a 'Cyber' risk register Practical CyberDefense ● Do Security Awareness
Stage 2 - Reconnaisance Some Forgotten Ones Practical CyberDefense Demo
Reconnaisance Aims Practical CyberDefense ● To profile your organsiation ● In preparation for social enginering attacks and or email phishing
Reconnaisance - Mitigation Practical CyberDefense ● Undertake reconnaisance to find public information ● Mitigate risk by takedown and creating contray information ● Test your defenses and train your users
Phishing is a big deal !!! Practical CyberDefense
Stage 3 – Understanding AV Is AV really protecting us - the case for and against Practical CyberDefense
Stage 3 – AV Bypass Demo - The case against Practical CyberDefense
Stage 3 – The case for We still need AV to protect us ! Practical CyberDefense
Stage 4 – Think outside the box ● Databases – They are the end game Practical CyberDefense ● Web applications – Owasp Top 10 ● UC Communications – TDos / Toll Fraud ● Data Encryption – Laptops / Desktops / Databases
Stage 5 – It's not if but when SIEM – Security, Information& Event Monitoring Practical CyberDefense
Stage 5 – SIEM OSSIM SIEM – Free open Source SIEM Demo Practical CyberDefense
Resources Florida State ● http://www.cs.fsu.edu/~redwood/OffensiveSecurity/ Practical CyberDefense SANS Institute ● http://www.sans.org/critical-security-controls/controls/ OWASP Top 10 - 2013 ● https://www.owasp.org/index.php/Top_10_2013-Top_10
Thank you – Any Questions? Blog – http://cyberkryption.com Practical CyberDefense @cyberkryption paul.dutot@je.logicalis.com

More Related Content

PDF
The Risks of YOLOing-2.pdf
Hacken
 
PPTX
Incident response : the good the bad and the ugly or how to keep your face af...
theAluc
 
PPTX
Staying Safe Online for HR Professionals
Ben Woelk, CISSP, CPTC
 
PDF
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
Codemotion
 
ODP
A journey through an INFOSEC labyrinth
Avădănei Andrei
 
PPT
Virus Precautions
Bilal Arif
 
PPT
How you can become a hacker with no security experience
Avădănei Andrei
 
ZIP
Protecting Public Hotspots
Alex Payne
 
The Risks of YOLOing-2.pdf
Hacken
 
Incident response : the good the bad and the ugly or how to keep your face af...
theAluc
 
Staying Safe Online for HR Professionals
Ben Woelk, CISSP, CPTC
 
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018
Codemotion
 
A journey through an INFOSEC labyrinth
Avădănei Andrei
 
Virus Precautions
Bilal Arif
 
How you can become a hacker with no security experience
Avădănei Andrei
 
Protecting Public Hotspots
Alex Payne
 

Viewers also liked (20)

PDF
A Threat Hunter Himself
Teymur Kheirkhabarov
 
PPTX
44CON London 2015: NTFS Analysis with PowerForensics
Jared Atkinson
 
PPTX
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Danny Akacki
 
PDF
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
PPTX
Hunting on the cheap
Anjum Ahuja
 
PPTX
Building a Successful Threat Hunting Program
Carl C. Manion
 
PDF
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike
 
PDF
Blue team reboot - HackFest
Haydn Johnson
 
PPTX
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)
Jared Atkinson
 
PDF
Workshop threat-hunting
Tripwire
 
PPTX
SOC2016 - The Investigation Labyrinth
chrissanders88
 
PDF
Building an Analytics Enables SOC
Splunk
 
PDF
Threat Hunting Workshop
Splunk
 
PPTX
PowerShell for Penetration Testers
Nikhil Mittal
 
PPTX
I hunt sys admins 2.0
Will Schroeder
 
PPTX
Building an Empire with PowerShell
Will Schroeder
 
PPTX
Lateral Movement with PowerShell
kieranjacobsen
 
PPTX
The Travelling Pentester: Diaries of the Shortest Path to Compromise
Will Schroeder
 
PDF
Threat Hunting with Splunk
Splunk
 
PPTX
Abstract Tools for Effective Threat Hunting
chrissanders88
 
A Threat Hunter Himself
Teymur Kheirkhabarov
 
44CON London 2015: NTFS Analysis with PowerForensics
Jared Atkinson
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Danny Akacki
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
Hunting on the cheap
Anjum Ahuja
 
Building a Successful Threat Hunting Program
Carl C. Manion
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike
 
Blue team reboot - HackFest
Haydn Johnson
 
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)
Jared Atkinson
 
Workshop threat-hunting
Tripwire
 
SOC2016 - The Investigation Labyrinth
chrissanders88
 
Building an Analytics Enables SOC
Splunk
 
Threat Hunting Workshop
Splunk
 
PowerShell for Penetration Testers
Nikhil Mittal
 
I hunt sys admins 2.0
Will Schroeder
 
Building an Empire with PowerShell
Will Schroeder
 
Lateral Movement with PowerShell
kieranjacobsen
 
The Travelling Pentester: Diaries of the Shortest Path to Compromise
Will Schroeder
 
Threat Hunting with Splunk
Splunk
 
Abstract Tools for Effective Threat Hunting
chrissanders88
 

Similar to Practical Cyber Defense (20)

PDF
Cyber War, Cyber Peace, Stones and Glass Houses
Paige Rasid
 
PPSX
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
James Mulhern
 
PPTX
Webinar cybersecurity presentation-6-2018 (final)
AT-NET Services, Inc. - Charleston Division
 
PDF
MT 117 Key Innovations in Cybersecurity
Dell EMC World
 
PPTX
Cyber 101 for smb execs v1
NetWatcher
 
PPTX
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
PPTX
Emerging Threats to Infrastructure
Jorge Orchilles
 
PDF
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
PPTX
Cyber War, Cyber Peace, Stones, and Glass Houses
Cigital
 
PDF
A Cyber Security Review
Simon Moffatt
 
PPTX
Cybersecurity Awareness Overview.pptx
AfsanaMumal2
 
PPT
Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė
TEO LT, AB
 
PPTX
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
jaredcarst
 
PPTX
Cyber terrorism
Nihal Jani
 
PPTX
An An Exploration Into the Cyber Security
sivasakthin2022cse
 
PPTX
Blitzing with your defense bea con
Innismir
 
PPTX
SCADA Security Webinar
AVEVA
 
PPT
FBI And Cyber Crime | Crime Stoppers International
Scott Mills
 
PDF
Protecting Your Business From Cybercrime
David J Rosenthal
 
PDF
Basic Cybersecurity Services for Every Business presentation
Rosy G
 
Cyber War, Cyber Peace, Stones and Glass Houses
Paige Rasid
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
James Mulhern
 
Webinar cybersecurity presentation-6-2018 (final)
AT-NET Services, Inc. - Charleston Division
 
MT 117 Key Innovations in Cybersecurity
Dell EMC World
 
Cyber 101 for smb execs v1
NetWatcher
 
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
Emerging Threats to Infrastructure
Jorge Orchilles
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Cyber War, Cyber Peace, Stones, and Glass Houses
Cigital
 
A Cyber Security Review
Simon Moffatt
 
Cybersecurity Awareness Overview.pptx
AfsanaMumal2
 
Guillaume Lovet. Kibernetinių nusikaltimų daugėja: grėsmių įmonėms analizė
TEO LT, AB
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
jaredcarst
 
Cyber terrorism
Nihal Jani
 
An An Exploration Into the Cyber Security
sivasakthin2022cse
 
Blitzing with your defense bea con
Innismir
 
SCADA Security Webinar
AVEVA
 
FBI And Cyber Crime | Crime Stoppers International
Scott Mills
 
Protecting Your Business From Cybercrime
David J Rosenthal
 
Basic Cybersecurity Services for Every Business presentation
Rosy G
 

More from Paul Dutot IEng MIET MBCS CITP OSCP CSTM (10)

PPTX
Welcome to the #WannaCry Wine Club
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PPTX
Scanning Channel Islands Cyberspace
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PPTX
Incident Response in the wake of Dear CEO
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PDF
Logicalis Security Conference
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PDF
Letter anonymous-II
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
ODP
Exploiting buffer overflows
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
ODP
A Letter from Anonymous to the Jersey Finance Industry
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PDF
Infosec lecture-final
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PDF
Path to Surfdroid
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
PDF
WI-FI Security in Jersey 2011
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Welcome to the #WannaCry Wine Club
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Scanning Channel Islands Cyberspace
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Incident Response in the wake of Dear CEO
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Logicalis Security Conference
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Letter anonymous-II
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Exploiting buffer overflows
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
A Letter from Anonymous to the Jersey Finance Industry
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Infosec lecture-final
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Path to Surfdroid
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
WI-FI Security in Jersey 2011
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 

Recently uploaded (20)

PPTX
weathering-final for grade 12 students in any kind of school
KleivsonNeldridgeAsu
 
PPTX
DAY 1 - Introduction to Git.pptxttttttttttttttttttttttttttttt
sanskritig1705
 
PPTX
c_languagew_structure_and_functions.pptx
tkathrani
 
PPTX
Blue And White Modern Business Presentation.pptx
FrederrickHanz
 
PPTX
Talking Baby AI Video Generator by Revid AI
Avinash Vagh
 
PDF
B2B Marketing mba class material for study
um24025
 
PDF
Technical SEO Explained: How To Make Your Website Search-Friendly
cinzel communication llp
 
PDF
Salesforce-Proxy-Statement-Supplement-May-2025.pdf
pgunzenhauser
 
PPTX
DAT602-Database Design and Development-AT4).pptx
saxenautkarshus
 
DOCX
Audio to Video AI Technology Revolutiona
zhsjsiushsossushksis
 
PDF
Role of Data & Analytics in Modern Shopify App Development.pdf
CartCoders
 
PDF
THE UNTOLD STORY OF SWAMI VIJAY KUMAR DURAI BUILDING PRS INTERNATIONAL Contac...
MediaClipsPRSInterna
 
PPTX
Information and Network Security types of cipher
smitgandhi0703
 
PPTX
REE IN CARBONATITE EEPOSIT AND INCLUDE CASE STUDY ON AMBADUNGAR
bhagirathvadher234
 
PPTX
Network wired & wireless network ppt for
ishabhoyar89
 
PPTX
Internet_Addiction_Presentation_2025.pptx
anilrajps17
 
PPTX
日本横滨国立大学毕业证书文凭定制YNU成绩单硕士文凭学历认证
成绩单定购弗林德斯大学毕业证【Q微号:1954 292 140】
 
PPTX
Going_to_Greece presentation Greek mythology
openaai123
 
PPTX
امنية شبكات منهج (cisco networking).pptx
shar38fi
 
PPT
Expect The Impossiblesssssssssssssss.ppt
LAWRENCEJEREMYBRIONE
 
weathering-final for grade 12 students in any kind of school
KleivsonNeldridgeAsu
 
DAY 1 - Introduction to Git.pptxttttttttttttttttttttttttttttt
sanskritig1705
 
c_languagew_structure_and_functions.pptx
tkathrani
 
Blue And White Modern Business Presentation.pptx
FrederrickHanz
 
Talking Baby AI Video Generator by Revid AI
Avinash Vagh
 
B2B Marketing mba class material for study
um24025
 
Technical SEO Explained: How To Make Your Website Search-Friendly
cinzel communication llp
 
Salesforce-Proxy-Statement-Supplement-May-2025.pdf
pgunzenhauser
 
DAT602-Database Design and Development-AT4).pptx
saxenautkarshus
 
Audio to Video AI Technology Revolutiona
zhsjsiushsossushksis
 
Role of Data & Analytics in Modern Shopify App Development.pdf
CartCoders
 
THE UNTOLD STORY OF SWAMI VIJAY KUMAR DURAI BUILDING PRS INTERNATIONAL Contac...
MediaClipsPRSInterna
 
Information and Network Security types of cipher
smitgandhi0703
 
REE IN CARBONATITE EEPOSIT AND INCLUDE CASE STUDY ON AMBADUNGAR
bhagirathvadher234
 
Network wired & wireless network ppt for
ishabhoyar89
 
Internet_Addiction_Presentation_2025.pptx
anilrajps17
 
日本横滨国立大学毕业证书文凭定制YNU成绩单硕士文凭学历认证
成绩单定购弗林德斯大学毕业证【Q微号:1954 292 140】
 
Going_to_Greece presentation Greek mythology
openaai123
 
امنية شبكات منهج (cisco networking).pptx
shar38fi
 
Expect The Impossiblesssssssssssssss.ppt
LAWRENCEJEREMYBRIONE
 

Practical Cyber Defense

  • 2. About me ● Co Founder of the CIISF Practical CyberDefense ● Employed as an Ethical Security Consultant @ Logicalis Jersey ● Practice Offensive & Defensive Security for businesses at all verticals
  • 3. Agenda ● Concepts I and II Practical CyberDefense ● Stages 1-5 of a practical Cyber Defense with more demo's ● Resources Questions at the end please ● Reverse & Bind Shells Demo
  • 4. Concepts I “Attackers have months to prepare, defenders have minutes to react” Practical CyberDefense “This is not a security control !!!!” vs
  • 5. Concepts II “Security is a journey” Practical CyberDefense “What are the bad guys trying to achieve?
  • 6. Reverse & Bind Shells Practical CyberDefense Demo
  • 7. Stage 1 – Buy In ● Appoint a 'Cyber' champion ● 'C' level Buy In ● Maintain a 'Cyber' risk register Practical CyberDefense ● Do Security Awareness
  • 8. Stage 2 - Reconnaisance Some Forgotten Ones Practical CyberDefense Demo
  • 9. Reconnaisance Aims Practical CyberDefense ● To profile your organsiation ● In preparation for social enginering attacks and or email phishing
  • 10. Reconnaisance - Mitigation Practical CyberDefense ● Undertake reconnaisance to find public information ● Mitigate risk by takedown and creating contray information ● Test your defenses and train your users
  • 11. Phishing is a big deal !!! Practical CyberDefense
  • 12. Stage 3 – Understanding AV Is AV really protecting us - the case for and against Practical CyberDefense
  • 13. Stage 3 – AV Bypass Demo - The case against Practical CyberDefense
  • 14. Stage 3 – The case for We still need AV to protect us ! Practical CyberDefense
  • 15. Stage 4 – Think outside the box ● Databases – They are the end game Practical CyberDefense ● Web applications – Owasp Top 10 ● UC Communications – TDos / Toll Fraud ● Data Encryption – Laptops / Desktops / Databases
  • 16. Stage 5 – It's not if but when SIEM – Security, Information& Event Monitoring Practical CyberDefense
  • 17. Stage 5 – SIEM OSSIM SIEM – Free open Source SIEM Demo Practical CyberDefense
  • 18. Resources Florida State ● http://www.cs.fsu.edu/~redwood/OffensiveSecurity/ Practical CyberDefense SANS Institute ● http://www.sans.org/critical-security-controls/controls/ OWASP Top 10 - 2013 ● https://www.owasp.org/index.php/Top_10_2013-Top_10
  • 19. Thank you – Any Questions? Blog – http://cyberkryption.com Practical CyberDefense @cyberkryption [email protected]