SlideShare una empresa de Scribd logo

Update on Exercise Mercury and OSINT for good

Descargar como PPTX, PDF
Jisc
Jisc

A presentation at the Jisc security conference 2019 by Kieren Lovell, head of TalTech CERT at Tallinn University of Technology.

Tecnología
1 de 28
DD.MM.YYYY EXERCISE MERCURY & EXERCISE NEPTUNE LT CDR Kieren Nicolas Lovell RNorN RTD TalTech CERT Tallinn University of Technology
TALLINN UNIVERSITY OF TECHNOLOGY AIM  Introduce TalTech CERT  To discuss our Open Source INT and Pentesting Programme  Overview of the exercise  Results so far….  Funky 2FA Demo and Challenge.
Established in 1918, Tallinn University of Technology (TalTech) is the flagship of Estonian engineering and technology education and research, where higher education can be obtained at all levels in engineering, technological, natural, and social sciences. TALTECH UNIVERSITY – CREATING A BRIGHTER FUTURE! The mission of Tallinn University of Technology is to be a promoter of science, technology and innovation and a leading provider of engineering and economic education in Estonia. TalTech values professionalism and reliability, entrepreneurship and innovation, openness and cooperativeness.
DD.MM.YYYY KIEREN NICOLAS LOVELL @KIERENNICOLAS WWW.KIERENNICOLAS.COM
DD.MM.YYYY TALTECH DIGITAL SECURITY THE DREAM TEAM
DD.MM.YYYY CYBER SECURITY THE PROBLEM?
TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> IT DOES NOT EXIST! </SCREAM> </BREATHE> …IT IS HYBRID.WE HAVE MADE THIS AN IT PROBLEM. IT IS NOT.
TALLINN UNIVERSITY OF TECHNOLOGY DON’T BELIEVE ME?
TALLINN UNIVERSITY OF TECHNOLOGY THE MILITARY ARE AHEAD? Same with Cyber Crime. It is just Crime, utilising cyber, with elements of physical, information, spying, opportunity, internal threats, mistakes……. Just like everything else.
TALLINN UNIVERSITY OF TECHNOLOGY WHY IS THIS IMPORTANT? DO YOU DO THIS?
TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> HACKERS DO NOT REDUCE THEIR SCOPE! </SCREAM> </BREATHE> TECHNICAL HACKS. PROCESS HACKING. PHYSICAL ACCESS. POLICY HACKING……
DD.MM.YYYY SO…. WHAT DO WE DO? TWO EXERCISES. EXERCISE NEPTUNE AND EXERCISE MERCURY
TALLINN UNIVERSITY OF TECHNOLOGY FOCUSING ON HE/FE AND MILITARY  Why? Both big organisations, that silo their cyber approach, and don’t know what the other arm is doing.  All have policies that no one reads  All treat cyber security as an IT problem*  We don’t go active, unless you want us too.  Keep you in the loop at all times.  Spearphishing attack optional.
TALLINN UNIVERSITY OF TECHNOLOGY EXERCISE MERCURY – OUR MILITARY PROGRAMME (CONTINUATION FROM LAST YEARS REPORT) Better tracking of ships than NATO has. Used Port webcams to confirm findings Cyber security? Pah, screw that. We found Electronic Warfare Compromises….
DD.MM.YYYY WHATS THAT? WANT MORE?
DD.MM.YYYY RESULT? BETTER TRACKING THAN NATO. FULL ELECTRONIC WARFARE CAPABILITIES USING GOOGLE. NO STUDENT HAD MILITARY OR MARITIME KNOWLEDGE.
DD.MM.YYYY NOW THE ONE YOU ARE WAITING FOR…. EDUCATION
DD.MM.YYYY Legacy systems being moved to cloud. Not maintained. Google hacking is great. Minutes with confidential data exposed. SQL injection resulted in embargoed research being show. Medical Data. 65,000 Passport copies downloaded by inject Cloudflare bypassed in 12 minutes Security walk….
TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> YOU ARENT PARSING LOGS </SCREAM> </BREATHE> ALL OF THE GEAR, NO IDEA. ONLY FOUND THREE TIMES. LATE.
DD.MM.YYYY CONCLUSION? THIS ISN’T STUPIDITY. THIS IS SCOPE LIMITATION. THIS IS “SECURITY IS SECURITY’S” JOB. THIS IS SILO CULTURE. “NEED TO KNOW, WITH A RESPONSIBILITY TO SHARE”
TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> MAKE SECURITY WORK WITH YOU. MAKE YOUR ORGANISATION EASY TO WORK SECURELY. LOOK AT YOURSELVES BEFORE YOUR THREAT DOES. DON’T SCOPE LIMIT </SCREAM> </BREATHE>
AN EXAMPLE OF HOW TO THINKING DIFFERENTLY. A 2FA, THAT IS INVISIBLE. THAT HAS NO APP. THAT WORKS WITH YOU.
KIEREN.LOVELL@TALTECH.EE SUBJECT: EXERCISE MERCURY

Recomendados

The building of Collaboration
The building of CollaborationThe building of Collaboration
The building of Collaborationfejko
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
TTL Presentation.pdf
TTL Presentation.pdfTTL Presentation.pdf
TTL Presentation.pdfJemalynRafael
 
Assignment 1
Assignment 1Assignment 1
Assignment 1Jeewanthi Fernando
 
Hyper-Connectivity and Data Proliferation - Ecosystem Perspective
Hyper-Connectivity and Data Proliferation - Ecosystem PerspectiveHyper-Connectivity and Data Proliferation - Ecosystem Perspective
Hyper-Connectivity and Data Proliferation - Ecosystem PerspectiveEueung Mulyana
 
Cyber Defence East Africa Summit 2015 invitation
Cyber Defence East Africa Summit 2015 invitation Cyber Defence East Africa Summit 2015 invitation
Cyber Defence East Africa Summit 2015 invitation baipgroup
 
Blockchain Technology - Week 3 - FinTech and Cryptocurrencies
Blockchain Technology - Week 3 - FinTech and CryptocurrenciesBlockchain Technology - Week 3 - FinTech and Cryptocurrencies
Blockchain Technology - Week 3 - FinTech and CryptocurrenciesFerdin Joe John Joseph PhD
 
Isidroteam.pptx
Isidroteam.pptxIsidroteam.pptx
Isidroteam.pptxHanelynDZAmudio
 

Recomendados

The building of Collaboration
The building of CollaborationThe building of Collaboration
The building of Collaborationfejko
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
TTL Presentation.pdf
TTL Presentation.pdfTTL Presentation.pdf
TTL Presentation.pdfJemalynRafael
 
Assignment 1
Assignment 1Assignment 1
Assignment 1Jeewanthi Fernando
 
Hyper-Connectivity and Data Proliferation - Ecosystem Perspective
Hyper-Connectivity and Data Proliferation - Ecosystem PerspectiveHyper-Connectivity and Data Proliferation - Ecosystem Perspective
Hyper-Connectivity and Data Proliferation - Ecosystem PerspectiveEueung Mulyana
 
Cyber Defence East Africa Summit 2015 invitation
Cyber Defence East Africa Summit 2015 invitation Cyber Defence East Africa Summit 2015 invitation
Cyber Defence East Africa Summit 2015 invitation baipgroup
 
Blockchain Technology - Week 3 - FinTech and Cryptocurrencies
Blockchain Technology - Week 3 - FinTech and CryptocurrenciesBlockchain Technology - Week 3 - FinTech and Cryptocurrencies
Blockchain Technology - Week 3 - FinTech and CryptocurrenciesFerdin Joe John Joseph PhD
 
Isidroteam.pptx
Isidroteam.pptxIsidroteam.pptx
Isidroteam.pptxHanelynDZAmudio
 
Intro to ml lesson vincent
Intro to ml lesson vincentIntro to ml lesson vincent
Intro to ml lesson vincentVincent Tatan
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsLaili Aidi
 
Horizon STEM+ 2013 Presentation
Horizon STEM+ 2013 PresentationHorizon STEM+ 2013 Presentation
Horizon STEM+ 2013 PresentationNew Media Consortium
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
IoT in Public Sector
IoT in Public Sector IoT in Public Sector
IoT in Public Sector Bessie Wang
 
ICT and computer ethics
ICT and computer ethicsICT and computer ethics
ICT and computer ethicsRabindra Raj Ojha
 
Enterprise visit presentation Telin Taiwan
Enterprise visit presentation Telin TaiwanEnterprise visit presentation Telin Taiwan
Enterprise visit presentation Telin Taiwannurtayak
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsMphasis
 
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdf
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdfmodule-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdf
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdfJanetLipataPajuelas
 
GPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-OutlookGPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-OutlookHolly Richards
 
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...innovationoecd
 
project2.pptx
project2.pptxproject2.pptx
project2.pptxkishankarn
 
ICT Policies and Issues.pdf
ICT Policies and Issues.pdfICT Policies and Issues.pdf
ICT Policies and Issues.pdfShieAnneGarcia
 
Ultrahack Tech Talk
Ultrahack Tech TalkUltrahack Tech Talk
Ultrahack Tech TalkJyrki Kasvi
 
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021Francesco Flammini
 
Emerging techonology presentation bw
Emerging techonology presentation bwEmerging techonology presentation bw
Emerging techonology presentation bwBridgetteWilliams15
 
Tallinn Tech and Silicon Valley
Tallinn Tech and Silicon ValleyTallinn Tech and Silicon Valley
Tallinn Tech and Silicon ValleyAlar Kolk
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_finalChristopher Wang
 
Why e safety
Why e safetyWhy e safety
Why e safetyTFT
 
Why e safety
Why e safetyWhy e safety
Why e safetyTFT
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 

Más contenido relacionado

Similar a Update on Exercise Mercury and OSINT for good

Intro to ml lesson vincent
Intro to ml lesson vincentIntro to ml lesson vincent
Intro to ml lesson vincentVincent Tatan
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsLaili Aidi
 
IoT in Public Sector
IoT in Public Sector IoT in Public Sector
IoT in Public Sector Bessie Wang
 
Enterprise visit presentation Telin Taiwan
Enterprise visit presentation Telin TaiwanEnterprise visit presentation Telin Taiwan
Enterprise visit presentation Telin Taiwannurtayak
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsMphasis
 
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdf
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdfmodule-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdf
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdfJanetLipataPajuelas
 
GPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-OutlookGPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-OutlookHolly Richards
 
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...innovationoecd
 
ICT Policies and Issues.pdf
ICT Policies and Issues.pdfICT Policies and Issues.pdf
ICT Policies and Issues.pdfShieAnneGarcia
 
Ultrahack Tech Talk
Ultrahack Tech TalkUltrahack Tech Talk
Ultrahack Tech TalkJyrki Kasvi
 
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021Francesco Flammini
 
Emerging techonology presentation bw
Emerging techonology presentation bwEmerging techonology presentation bw
Emerging techonology presentation bwBridgetteWilliams15
 
Tallinn Tech and Silicon Valley
Tallinn Tech and Silicon ValleyTallinn Tech and Silicon Valley
Tallinn Tech and Silicon ValleyAlar Kolk
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_finalChristopher Wang
 
Why e safety
Why e safetyWhy e safety
Why e safetyTFT
 
Why e safety
Why e safetyWhy e safety
Why e safetyTFT
 

Similar a Update on Exercise Mercury and OSINT for good (20)

Intro to ml lesson vincent
Intro to ml lesson vincentIntro to ml lesson vincent
Intro to ml lesson vincent
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Horizon STEM+ 2013 Presentation
Horizon STEM+ 2013 PresentationHorizon STEM+ 2013 Presentation
Horizon STEM+ 2013 Presentation
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
IoT in Public Sector
IoT in Public Sector IoT in Public Sector
IoT in Public Sector
 
ICT and computer ethics
ICT and computer ethicsICT and computer ethics
ICT and computer ethics
 
Enterprise visit presentation Telin Taiwan
Enterprise visit presentation Telin TaiwanEnterprise visit presentation Telin Taiwan
Enterprise visit presentation Telin Taiwan
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdf
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdfmodule-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdf
module-2-ict-policies-and-safety-issues-in-teaching-and-learning.pdf
 
GPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-OutlookGPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-Outlook
 
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
 
project2.pptx
project2.pptxproject2.pptx
project2.pptx
 
ICT Policies and Issues.pdf
ICT Policies and Issues.pdfICT Policies and Issues.pdf
ICT Policies and Issues.pdf
 
Ultrahack Tech Talk
Ultrahack Tech TalkUltrahack Tech Talk
Ultrahack Tech Talk
 
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
 
Emerging techonology presentation bw
Emerging techonology presentation bwEmerging techonology presentation bw
Emerging techonology presentation bw
 
Tallinn Tech and Silicon Valley
Tallinn Tech and Silicon ValleyTallinn Tech and Silicon Valley
Tallinn Tech and Silicon Valley
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_final
 
Why e safety
Why e safetyWhy e safety
Why e safety
 
Why e safety
Why e safetyWhy e safety
Why e safety
 

Más de Jisc

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 

Más de Jisc (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 

Último

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

Último (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Update on Exercise Mercury and OSINT for good

  • 1. DD.MM.YYYY EXERCISE MERCURY & EXERCISE NEPTUNE LT CDR Kieren Nicolas Lovell RNorN RTD TalTech CERT Tallinn University of Technology
  • 2. TALLINN UNIVERSITY OF TECHNOLOGY AIM  Introduce TalTech CERT  To discuss our Open Source INT and Pentesting Programme  Overview of the exercise  Results so far….  Funky 2FA Demo and Challenge.
  • 3.
  • 4.
  • 5. Established in 1918, Tallinn University of Technology (TalTech) is the flagship of Estonian engineering and technology education and research, where higher education can be obtained at all levels in engineering, technological, natural, and social sciences. TALTECH UNIVERSITY – CREATING A BRIGHTER FUTURE! The mission of Tallinn University of Technology is to be a promoter of science, technology and innovation and a leading provider of engineering and economic education in Estonia. TalTech values professionalism and reliability, entrepreneurship and innovation, openness and cooperativeness.
  • 6.
  • 10. TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> IT DOES NOT EXIST! </SCREAM> </BREATHE> …IT IS HYBRID.WE HAVE MADE THIS AN IT PROBLEM. IT IS NOT.
  • 11. TALLINN UNIVERSITY OF TECHNOLOGY DON’T BELIEVE ME?
  • 12. TALLINN UNIVERSITY OF TECHNOLOGY THE MILITARY ARE AHEAD? Same with Cyber Crime. It is just Crime, utilising cyber, with elements of physical, information, spying, opportunity, internal threats, mistakes……. Just like everything else.
  • 13. TALLINN UNIVERSITY OF TECHNOLOGY WHY IS THIS IMPORTANT? DO YOU DO THIS?
  • 14. TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> HACKERS DO NOT REDUCE THEIR SCOPE! </SCREAM> </BREATHE> TECHNICAL HACKS. PROCESS HACKING. PHYSICAL ACCESS. POLICY HACKING……
  • 15. DD.MM.YYYY SO…. WHAT DO WE DO? TWO EXERCISES. EXERCISE NEPTUNE AND EXERCISE MERCURY
  • 16. TALLINN UNIVERSITY OF TECHNOLOGY FOCUSING ON HE/FE AND MILITARY  Why? Both big organisations, that silo their cyber approach, and don’t know what the other arm is doing.  All have policies that no one reads  All treat cyber security as an IT problem*  We don’t go active, unless you want us too.  Keep you in the loop at all times.  Spearphishing attack optional.
  • 17. TALLINN UNIVERSITY OF TECHNOLOGY EXERCISE MERCURY – OUR MILITARY PROGRAMME (CONTINUATION FROM LAST YEARS REPORT) Better tracking of ships than NATO has. Used Port webcams to confirm findings Cyber security? Pah, screw that. We found Electronic Warfare Compromises….
  • 19. DD.MM.YYYY RESULT? BETTER TRACKING THAN NATO. FULL ELECTRONIC WARFARE CAPABILITIES USING GOOGLE. NO STUDENT HAD MILITARY OR MARITIME KNOWLEDGE.
  • 20. DD.MM.YYYY NOW THE ONE YOU ARE WAITING FOR…. EDUCATION
  • 21. DD.MM.YYYY Legacy systems being moved to cloud. Not maintained. Google hacking is great. Minutes with confidential data exposed. SQL injection resulted in embargoed research being show. Medical Data. 65,000 Passport copies downloaded by inject Cloudflare bypassed in 12 minutes Security walk….
  • 22.
  • 23.
  • 24. TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> YOU ARENT PARSING LOGS </SCREAM> </BREATHE> ALL OF THE GEAR, NO IDEA. ONLY FOUND THREE TIMES. LATE.
  • 25. DD.MM.YYYY CONCLUSION? THIS ISN’T STUPIDITY. THIS IS SCOPE LIMITATION. THIS IS “SECURITY IS SECURITY’S” JOB. THIS IS SILO CULTURE. “NEED TO KNOW, WITH A RESPONSIBILITY TO SHARE”
  • 26. TALLINN UNIVERSITY OF TECHNOLOGY <BREATHE> <SCREAM> MAKE SECURITY WORK WITH YOU. MAKE YOUR ORGANISATION EASY TO WORK SECURELY. LOOK AT YOURSELVES BEFORE YOUR THREAT DOES. DON’T SCOPE LIMIT </SCREAM> </BREATHE>
  • 27. AN EXAMPLE OF HOW TO THINKING DIFFERENTLY. A 2FA, THAT IS INVISIBLE. THAT HAS NO APP. THAT WORKS WITH YOU.