2. TALLINN UNIVERSITY OF TECHNOLOGY
AIM
Introduce TalTech CERT
To discuss our Open Source INT and Pentesting
Programme
Overview of the exercise
Results so far….
Funky 2FA Demo and Challenge.
3.
4.
5. Established in 1918, Tallinn University of Technology
(TalTech) is the flagship of Estonian engineering and
technology education and research, where higher
education can be obtained at all levels in engineering,
technological, natural, and social sciences.
TALTECH UNIVERSITY –
CREATING A BRIGHTER FUTURE!
The mission of Tallinn University of Technology is to
be a promoter of science, technology and innovation
and a leading provider of engineering and economic
education in Estonia.
TalTech values professionalism and reliability,
entrepreneurship and innovation, openness and
cooperativeness.
10. TALLINN UNIVERSITY OF TECHNOLOGY
<BREATHE>
<SCREAM>
IT DOES NOT EXIST!
</SCREAM>
</BREATHE>
…IT IS HYBRID.WE HAVE MADE THIS AN
IT PROBLEM. IT IS NOT.
12. TALLINN UNIVERSITY OF TECHNOLOGY
THE MILITARY ARE AHEAD?
Same with Cyber Crime. It is just Crime, utilising cyber, with elements of physical, information, spying, opportunity,
internal threats, mistakes……. Just like everything else.
14. TALLINN UNIVERSITY OF TECHNOLOGY
<BREATHE>
<SCREAM>
HACKERS DO NOT REDUCE THEIR SCOPE!
</SCREAM>
</BREATHE>
TECHNICAL HACKS. PROCESS HACKING.
PHYSICAL ACCESS. POLICY HACKING……
16. TALLINN UNIVERSITY OF TECHNOLOGY
FOCUSING ON HE/FE AND MILITARY
Why? Both big organisations, that silo their cyber approach, and don’t
know what the other arm is doing.
All have policies that no one reads
All treat cyber security as an IT problem*
We don’t go active, unless you want us too.
Keep you in the loop at all times.
Spearphishing attack optional.
17. TALLINN UNIVERSITY OF TECHNOLOGY
EXERCISE MERCURY – OUR MILITARY PROGRAMME
(CONTINUATION FROM LAST YEARS REPORT)
Better tracking of ships than NATO has.
Used Port webcams to confirm findings
Cyber security? Pah, screw that. We found Electronic Warfare Compromises….
21. DD.MM.YYYY
Legacy systems being moved to cloud.
Not maintained.
Google hacking is great. Minutes with
confidential data exposed.
SQL injection resulted in embargoed
research being show. Medical Data.
65,000 Passport copies downloaded by
inject
Cloudflare bypassed in 12 minutes
Security walk….
22.
23.
24. TALLINN UNIVERSITY OF TECHNOLOGY
<BREATHE>
<SCREAM>
YOU ARENT PARSING LOGS
</SCREAM>
</BREATHE>
ALL OF THE GEAR, NO IDEA. ONLY
FOUND THREE TIMES. LATE.
25. DD.MM.YYYY
CONCLUSION?
THIS ISN’T STUPIDITY. THIS IS SCOPE LIMITATION.
THIS IS “SECURITY IS SECURITY’S” JOB. THIS IS SILO
CULTURE.
“NEED TO KNOW, WITH A RESPONSIBILITY TO SHARE”
26. TALLINN UNIVERSITY OF TECHNOLOGY
<BREATHE>
<SCREAM>
MAKE SECURITY WORK WITH YOU. MAKE
YOUR ORGANISATION EASY TO WORK
SECURELY. LOOK AT YOURSELVES BEFORE
YOUR THREAT DOES. DON’T SCOPE LIMIT
</SCREAM>
</BREATHE>
27. AN EXAMPLE OF HOW TO THINKING
DIFFERENTLY. A 2FA, THAT IS INVISIBLE.
THAT HAS NO APP. THAT WORKS WITH YOU.