InfoSec Updates

Cyber Security Trends, Vulnerability

Assessment & Penetration Testing,
Secure SDLC, Incident Response, Digital
Forensics & SIEM
v1.0

InfoSec Updates

WHOAMI
Semi Yulianto // semi.yulianto@sgi-asia.com
Information Security Practitioner
MCP, MCSA, MCSE, MCDBA, MCTS, MCITP, MCT, CCNA, CCNP, CCA, CIW-P, CIW-SA, CEH, CHFI,
ECSA, ECSP, EDRP, CEI, SSCP, CISSP, CASP, CSSLP, CISA, CISM
EC-Council Best Trainer Of The Year 2008 (Asia Pacific) & Instructor of Excellence 2010
(Asia Pacific)
1st Rank Distinguished Speaker @ SecureAsia 2008 (Asia Pacific)
CompTIA Security+ Subject Matter Expert (SME) 2013 / 2014
(ISC)2 Authorized Official Training Instructor 2014 / 2015
Technical Writer and Reviewer for Packt Publishing (UK), PenTest Magazine (Poland) & CISO
Magazine Indonesia
Author of Writing an Effective Penetration Testing Report @ PenTest Magazine
(Poland)
IS Security Auditor, Penetration Tester, Ethical Hacker, Forensics Analyst & Cyber Crime
Expert Advisor
Senior Technical Trainer with Regional and International experience (Indonesia, Malaysia,
Singapore, Thailand, Bhutan, Philippines, Saudi Arabia/KSA, Tunisia & South Korea, etc.)
Good track of record in delivering IT Security courses & consulting services to POLRI,
KEMENHAM, BMKG, BASARNAS, BI, CIMB Bank, Bank Danamon, BCA, QNB, PANIN Bank,
Astra International (Indonesia), Bhutan Royal Police (Thailand-Bhutan), TUNTEL (Tunisia),
SAAB & Atijari Bank (KSA), US Air Force (South Korea), HP Fortify Team (Philippines & USA),
InfoSec Updates
Page 2
DELL Asia Pacific (Malaysia) etc.

Agenda

Introduction

Cyber
Security
Trends

Penetration
Testing

InfoSec Updates

Hacking &
Pen-Test
Live DEMO

Page 3

INTRODUCTION

InfoSec Updates

Page 4

Introduction | Information
Information is the new currency of business, with instant accessibility
across international, corporate and organizational boundaries. Most of the
world is now connected via the internet. While this has enabled global
connectivity and business growth, it has also fostered cyber modification,
theft and destruction.
The increasing severity and number of attacks means that companies
without adequate protection programs and systems are extremely
vulnerable. Attacks on information assets, whether malicious or
inadvertent, can seriously disable or destroy an organization by damaging
operations, brand and financial stability.

InfoSec Updates

Page 5

Introduction | Information Security

Information security, sometimes shortened to InfoSec, is the practice of
defendinginformation from unauthorized access, use, disclosure,
disruption, modification, perusal, inspection, recording or destruction. It is
a general term that can be used regardless of the form the data may take
(e.g. electronic, physical).
Data theft, damage to databases and other types of cybercrimes pose an
immense threat to businesses and organizations of all kinds today. A
successful attack can cost huge sums of money and destroy reputations,
along with years of work. With so much at stake, it is imperative that
leaders acknowledge and respond to the new and intensified threats of
computer security flaws.
The best prevention is to have a strong defensive plan, communicate
the policies and provide risk training.

InfoSec Updates

Page 6

Information Security | Defense In Depth

InfoSec Updates

Page 7

CYBER SECURITY
TRENDS

InfoSec Updates

Page 8

Cyber Security Trends | 2013

In late 2013, most companies are devoting renewed energy to bolstering
their cybersecurity measures. The awareness that digital information is at
risk extends across businesses of all sizes as well as to private citizens,
who have become much less complacent over the past year.
A sense of urgency about digital security is fueled not just by the
widespread occurrence of data theft by hackers, but also via the ongoing
concern for privacy issues driven by disclosures of extensive information
gathering.
In response to these threats, companies are taking a variety of steps, and
the digital security industry is seeing strong growth and innovation.

InfoSec Updates

Page 9

Cyber Security Trends | Major Security Happenings in 2013

InfoSec Updates

Page 10

Cyber Security Trends | Advanced Persistent Threat (APT)

InfoSec Updates

Page 11

Cyber Security Trends | Malware

InfoSec Updates

Page 12

Cyber Security Trends | Attacks Types

InfoSec Updates

Page 13

Cyber Security Trends | Data Breach Investigation Report

InfoSec Updates

Page 14

Cyber Security Trends | Data Breach Characteristics

InfoSec Updates

Page 15

Cyber Security Trends | Web Hacking Incident Database (WHID)

InfoSec Updates

Page 16

Cyber Security Trends | Web Hacking Incident (Example)

InfoSec Updates

Page 17

Cyber Security Trends | TOR-Anonymized Crackdown

InfoSec Updates

Page 18

Cyber Security Trends | Heartbleed Bug (OpenSSL)

InfoSec Updates

Page 19

Cyber Security Trends | POODLEbleed (SSL v3)

InfoSec Updates

Page 20

Cyber Security Trends | Most Widespread Vulns in Web App

InfoSec Updates

Page 21

Cyber Security Trends | Vulnerability Origin (Web App)

InfoSec Updates

Page 22

Cyber Security Trends | 2014

Security firms across the industry reported the following trends in
2014 surrounding data protection and cybersecurity:

Enhanced use of encryption

Increased scrutiny of internal data use
Resistance to cloud technology
Risk assessment and software analysis
More destructive attacks
Rising levels of smartphone malware
Old fashioned phishing and hacking of individual users
More sophisticated malware
Active defense
Following up on network threats
Virtualization & cloud computing security

InfoSec Updates

Page 23

Cyber Security Trends | Infographics

InfoSec Updates

Page 24

Due Care- Due Diligent | Secure SDLC

InfoSec Updates

Page 25

Due Care- Due Diligent | Secure SDLC

InfoSec Updates

Page 26

Due Care- Due Diligent | Microsoft SDL

InfoSec Updates

Page 27

Due Care- Due Diligent | Incident Response

InfoSec Updates

Page 28

Due Care- Due Diligent | Digital Forensics

InfoSec Updates

Page 29

Due Care- Due Diligent | SIEM

InfoSec Updates

Page 30

PENETRATION
TESTING

InfoSec Updates

Page 31

Penetration Testing | Definition

A penetration test is a proactive and authorized attempt to evaluate the
security of an IT infrastructure by safely attempting to exploit system
vulnerabilities, including OS, service and application flaws, improper
configurations, and even risky end-user behavior. Such assessments are
also useful in validating the efficacy of defensive mechanisms, as well as
end-users adherence to security policies.
Penetration tests are typically performed using manual or automated
technologies to systematically compromise servers, endpoints, web
applications, wireless networks, network devices, mobile devices and other
potential points of exposure. Once vulnerabilities have been successfully
exploited on a particular system, testers may attempt to use the
compromised system to launch subsequent exploits at other internal
resources, specifically by trying to incrementally achieve higher levels of
security clearance and deeper access to electronic assets and information
via privilege escalation.

InfoSec Updates

Page 32

Penetration Testing | Purpose

Information about any security vulnerabilities successfully
exploited through penetration testing is typically aggregated and
presented to IT and network systems managers to help those
professionals make strategic conclusions and prioritize related
remediation efforts.
The fundamental purpose of penetration testing is to measure the
feasibility of systems or end-user compromise and evaluate any
related consequences such incidents may have on the involved
resources or operations.

InfoSec Updates

Page 33

Penetration Testing | Definition

Why Perform Penetration Testing?
Security breaches and service interruptions are costly
It is impossible to safeguard all information, all the time
Penetration testing identifies and prioritizes security risks
Benefit of Penetration Testing?
Intelligently manage vulnerabilities
Avoid the cost of network downtime
Meet regulatory requirements and avoid fines
Preserve corporate image and customer loyalty

InfoSec Updates

Page 34

Penetration Testing | Definition

How Often Should You Perform Pen-Test?
On a regular basis to ensure more consistent IT and network
security management by revealing how newly discovered threats
or emerging vulnerabilities may potentially be assailed by
attackers, or whenever:
New network infrastructure or applications are added
Significant upgrades or modifications are applied to
infrastructure or applications
New office locations are established
Security patches are applied
End user policies are modified

InfoSec Updates

Page 35

HACKING &
PENETRATION
TESTING LIVE DEMO

InfoSec Updates

Page 36

Hacking & Penetration Testing | DEMO

Network Infrastructure (Data Center)
Attacking Passwords on Multiple Hosts
Vulnerability Exploitation (Manual & Automated)

Web Application Hacking

Web Application Vulnerability Identification
Web Application Exploitation (Manual)

Client-Side (End-User) Hacking

Local Privilege Escalation
Phishing (Social Engineering) with Malicious Files

InfoSec Updates

Page 37

Summary | Q&A Session

Question?

InfoSec Updates

Page 38