SlideShare a Scribd company logo

ISACA Scholarship Competition.pptx

Download as PPTX, PDF
J
Junho Lee

This document summarizes two case analyses of hacking incidents at ABC company and provides recommendations. Case 1 involved a phishing attack that obtained admin passwords. Case 2 detailed how hackers used Airmon-ng to access the internal network, nmap to scan servers, and Metasploit to steal passwords and access the SQL database. Recommendations included updating security awareness training, implementing SPF, monitoring networks for malicious activity, disabling LM hashes, enabling account lockouts, and testing disaster recovery plans.

1 of 12
ISACA Scholarship Competition E-Squared Junho Lee Jongmin Lee Wookyung Youn Sol Han
Agenda • Case Analysis 1 – Phishing Attack • Case Analysis 2 – Metasploit Attack • Recommendation
Case Analysis 1 • The hackers obtained ABC company’s Windows server’s Admin Password by Phishing Attack (Possibility 1)
Problem & Suggestion • Problem -Based on the security assessment report: • Security awareness training for employees is outdated • Suggestion -Updating Information Awareness Training (User education) + Additional Suggestion - SPF (Sender Policy Framework)
• Hackers gain an access to ABC company’s internal network using Airmon-ng • Hackers scanned ABC company’s Windows server’s IP Address by nmap • Hackers exploit Hash table in order to snatch Admin Password by Metasploit • Hackers accessed ABC company’s admin user account through remote desktop • Hackers exploit Hash table again in order to snatch SQL server’s password • Hacked ABC company’s database to compromise information Case Analysis 2
Proof Hackers access internal network by using Airmon-ng
Proof Hackers scan Window Server’s IP Address by using nmap
Proof Hackers snatched Windows Server admin password by using Metasploit
Proof Hackers access Admin user account through remote desktop
Problem & Suggestion • Problem • The security assessment report indicates that the company does not keep eyes on the network for malicious activities • Suggestion •Human Resource The system administrators should be informed of the specific tasks which they should carry out. • Vulnerability Testing • Back up Procedures • Configuration Documentation • Monitoring the systems
Problem & Suggestion Additional Suggestion • Prevent Password Cracking • Disable LM password hashes - Make the password at least 15 characters long • Enable Account Lockouts - Set the account lockout threshold - Set the account lockout counter after - Set the account lockout duration • Disable LAN Manager / NTLM authentication
Disaster Recovery Plan • Based on the security assessment report: • Disaster recovery plan has been provided but not tested yet • Solutions •Prepare contingency organization chart, showing the name of the contingency manager and coordinator • Develop customized up-to-date recovery plan and test it • Provide security copies of vital records and store these off-site • Nurture the ability to restore critical information within acceptable time period

Recommended

Opmanager technical overview
Opmanager technical overviewOpmanager technical overview
Opmanager technical overviewManageEngine, Zoho Corporation
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyAmazon Web Services
 
Network Configuration Management - Mumbai Seminar
Network Configuration Management - Mumbai SeminarNetwork Configuration Management - Mumbai Seminar
Network Configuration Management - Mumbai SeminarManageEngine, Zoho Corporation
 
Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3ManageEngine, Zoho Corporation
 
Leading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerLeading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerManageEngine, Zoho Corporation
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2ManageEngine, Zoho Corporation
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacksgocybersec
 
Jsm computer solutions
Jsm computer solutionsJsm computer solutions
Jsm computer solutionsJason Mast
 

Recommended

Opmanager technical overview
Opmanager technical overviewOpmanager technical overview
Opmanager technical overviewManageEngine, Zoho Corporation
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyAmazon Web Services
 
Network Configuration Management - Mumbai Seminar
Network Configuration Management - Mumbai SeminarNetwork Configuration Management - Mumbai Seminar
Network Configuration Management - Mumbai SeminarManageEngine, Zoho Corporation
 
Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3Server and application monitoring webinars [Applications Manager] - Part 3
Server and application monitoring webinars [Applications Manager] - Part 3ManageEngine, Zoho Corporation
 
Leading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerLeading American Entertainment Company implements OpManager
Leading American Entertainment Company implements OpManagerManageEngine, Zoho Corporation
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2ManageEngine, Zoho Corporation
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacksgocybersec
 
Jsm computer solutions
Jsm computer solutionsJsm computer solutions
Jsm computer solutionsJason Mast
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Chicago
 
Secure IT 2014
Secure IT 2014Secure IT 2014
Secure IT 2014ADGP, Public Grivences, Bangalore
 
Free Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingFree Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingManageEngine, Zoho Corporation
 
5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...ManageEngine, Zoho Corporation
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightManageEngine, Zoho Corporation
 
[Season - 3] OpManager Training - Network Maps,Reports and Best Practices
[Season - 3] OpManager Training - Network Maps,Reports and Best Practices[Season - 3] OpManager Training - Network Maps,Reports and Best Practices
[Season - 3] OpManager Training - Network Maps,Reports and Best PracticesManageEngine, Zoho Corporation
 
TSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesTSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesAhmad Sharaf
 
[Season - 3 OpManager Training] Monitoring Network Performance
[Season - 3 OpManager Training] Monitoring Network Performance [Season - 3 OpManager Training] Monitoring Network Performance
[Season - 3 OpManager Training] Monitoring Network Performance ManageEngine, Zoho Corporation
 
5 reasons to use OpManager Plus
5 reasons to use OpManager Plus5 reasons to use OpManager Plus
5 reasons to use OpManager PlusManageEngine, Zoho Corporation
 
Dashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreDashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreManageEngine, Zoho Corporation
 
[Free OpManager training] Part 4- Network fault-management & IT automation
[Free OpManager training] Part 4- Network fault-management & IT automation[Free OpManager training] Part 4- Network fault-management & IT automation
[Free OpManager training] Part 4- Network fault-management & IT automationManageEngine, Zoho Corporation
 
Network fault management and IT automation training
Network fault management and IT automation trainingNetwork fault management and IT automation training
Network fault management and IT automation trainingManageEngine, Zoho Corporation
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
Cloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceCloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceSoumitra Bhattacharyya
 
5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A DisasterManageEngine, Zoho Corporation
 
DevSecOps: Security and Compliance at the Speed of Continuous Delivery
DevSecOps: Security and Compliance at the Speed of Continuous DeliveryDevSecOps: Security and Compliance at the Speed of Continuous Delivery
DevSecOps: Security and Compliance at the Speed of Continuous DeliveryDag Rowe
 
Becoming a better pen tester overview
Becoming a better pen tester overviewBecoming a better pen tester overview
Becoming a better pen tester overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Free OpManager training_ Part 2-server monitoring
Free OpManager training_ Part 2-server monitoringFree OpManager training_ Part 2-server monitoring
Free OpManager training_ Part 2-server monitoringManageEngine, Zoho Corporation
 
DevOps for Windows Admins
DevOps for Windows Admins DevOps for Windows Admins
DevOps for Windows Admins Rex Antony Peter
 
Financial Aid Presentation
Financial Aid PresentationFinancial Aid Presentation
Financial Aid Presentationmrsjmincey
 
Scholarships Canada Presentation - April 2012
Scholarships Canada Presentation - April 2012Scholarships Canada Presentation - April 2012
Scholarships Canada Presentation - April 2012Pathways to Education - Lawrence Heights
 

More Related Content

What's hot

Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Chicago
 
Free Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingFree Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingManageEngine, Zoho Corporation
 
5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...ManageEngine, Zoho Corporation
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightManageEngine, Zoho Corporation
 
[Season - 3] OpManager Training - Network Maps,Reports and Best Practices
[Season - 3] OpManager Training - Network Maps,Reports and Best Practices[Season - 3] OpManager Training - Network Maps,Reports and Best Practices
[Season - 3] OpManager Training - Network Maps,Reports and Best PracticesManageEngine, Zoho Corporation
 
TSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesTSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesAhmad Sharaf
 
[Season - 3 OpManager Training] Monitoring Network Performance
[Season - 3 OpManager Training] Monitoring Network Performance [Season - 3 OpManager Training] Monitoring Network Performance
[Season - 3 OpManager Training] Monitoring Network Performance ManageEngine, Zoho Corporation
 
Dashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreDashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreManageEngine, Zoho Corporation
 
[Free OpManager training] Part 4- Network fault-management & IT automation
[Free OpManager training] Part 4- Network fault-management & IT automation[Free OpManager training] Part 4- Network fault-management & IT automation
[Free OpManager training] Part 4- Network fault-management & IT automationManageEngine, Zoho Corporation
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
Cloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceCloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceSoumitra Bhattacharyya
 
DevSecOps: Security and Compliance at the Speed of Continuous Delivery
DevSecOps: Security and Compliance at the Speed of Continuous DeliveryDevSecOps: Security and Compliance at the Speed of Continuous Delivery
DevSecOps: Security and Compliance at the Speed of Continuous DeliveryDag Rowe
 
DevOps for Windows Admins
DevOps for Windows Admins DevOps for Windows Admins
DevOps for Windows Admins Rex Antony Peter
 

What's hot (20)

Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
 
Secure IT 2014
Secure IT 2014Secure IT 2014
Secure IT 2014
 
Free Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshootingFree Netflow analyzer training - diagnosing_and_troubleshooting
Free Netflow analyzer training - diagnosing_and_troubleshooting
 
5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings right
 
[Season - 3] OpManager Training - Network Maps,Reports and Best Practices
[Season - 3] OpManager Training - Network Maps,Reports and Best Practices[Season - 3] OpManager Training - Network Maps,Reports and Best Practices
[Season - 3] OpManager Training - Network Maps,Reports and Best Practices
 
TSS - App Penetration Testing Services
TSS - App Penetration Testing ServicesTSS - App Penetration Testing Services
TSS - App Penetration Testing Services
 
[Season - 3 OpManager Training] Monitoring Network Performance
[Season - 3 OpManager Training] Monitoring Network Performance [Season - 3 OpManager Training] Monitoring Network Performance
[Season - 3 OpManager Training] Monitoring Network Performance
 
5 reasons to use OpManager Plus
5 reasons to use OpManager Plus5 reasons to use OpManager Plus
5 reasons to use OpManager Plus
 
Dashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centreDashboards, widgets, business views & 3D-data centre
Dashboards, widgets, business views & 3D-data centre
 
[Free OpManager training] Part 4- Network fault-management & IT automation
[Free OpManager training] Part 4- Network fault-management & IT automation[Free OpManager training] Part 4- Network fault-management & IT automation
[Free OpManager training] Part 4- Network fault-management & IT automation
 
Network fault management and IT automation training
Network fault management and IT automation trainingNetwork fault management and IT automation training
Network fault management and IT automation training
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
Cloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceCloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform Service
 
5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster5 Ways NCM Can Save You From A Disaster
5 Ways NCM Can Save You From A Disaster
 
DevSecOps: Security and Compliance at the Speed of Continuous Delivery
DevSecOps: Security and Compliance at the Speed of Continuous DeliveryDevSecOps: Security and Compliance at the Speed of Continuous Delivery
DevSecOps: Security and Compliance at the Speed of Continuous Delivery
 
Becoming a better pen tester overview
Becoming a better pen tester overviewBecoming a better pen tester overview
Becoming a better pen tester overview
 
Free OpManager training_ Part 2-server monitoring
Free OpManager training_ Part 2-server monitoringFree OpManager training_ Part 2-server monitoring
Free OpManager training_ Part 2-server monitoring
 
DevOps for Windows Admins
DevOps for Windows Admins DevOps for Windows Admins
DevOps for Windows Admins
 

Viewers also liked

Financial Aid Presentation
Financial Aid PresentationFinancial Aid Presentation
Financial Aid Presentationmrsjmincey
 
English grammar book
English grammar bookEnglish grammar book
English grammar bookRushabh Vora
 
Improve-Your-Punctuation-and-Grammar
Improve-Your-Punctuation-and-GrammarImprove-Your-Punctuation-and-Grammar
Improve-Your-Punctuation-and-GrammarSantosh Mote
 
A comprehensive grammar of the english language quirk greenbaum leech svartvik
A comprehensive grammar of the english language quirk greenbaum leech svartvikA comprehensive grammar of the english language quirk greenbaum leech svartvik
A comprehensive grammar of the english language quirk greenbaum leech svartvikIvana Jovanovic
 
Oxford practice grammar intermediate
Oxford practice grammar intermediate Oxford practice grammar intermediate
Oxford practice grammar intermediate Betty Ingrid
 

Viewers also liked (6)

Financial Aid Presentation
Financial Aid PresentationFinancial Aid Presentation
Financial Aid Presentation
 
Scholarships Canada Presentation - April 2012
Scholarships Canada Presentation - April 2012Scholarships Canada Presentation - April 2012
Scholarships Canada Presentation - April 2012
 
English grammar book
English grammar bookEnglish grammar book
English grammar book
 
Improve-Your-Punctuation-and-Grammar
Improve-Your-Punctuation-and-GrammarImprove-Your-Punctuation-and-Grammar
Improve-Your-Punctuation-and-Grammar
 
A comprehensive grammar of the english language quirk greenbaum leech svartvik
A comprehensive grammar of the english language quirk greenbaum leech svartvikA comprehensive grammar of the english language quirk greenbaum leech svartvik
A comprehensive grammar of the english language quirk greenbaum leech svartvik
 
Oxford practice grammar intermediate
Oxford practice grammar intermediate Oxford practice grammar intermediate
Oxford practice grammar intermediate
 

Similar to ISACA Scholarship Competition.pptx

Applying Vistara Runbook Automation
Applying Vistara Runbook AutomationApplying Vistara Runbook Automation
Applying Vistara Runbook AutomationVistara
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
Detecting Insider Threats with Multi-layered Security Webcast
Detecting Insider Threats with Multi-layered Security Webcast Detecting Insider Threats with Multi-layered Security Webcast
Detecting Insider Threats with Multi-layered Security Webcast Compuware
 
Network management
Network managementNetwork management
Network managementMohd Arif
 
Christian Bk Hansen - Agile on Huge Banking Mainframe Legacy Systems - EuroST...
Christian Bk Hansen - Agile on Huge Banking Mainframe Legacy Systems - EuroST...Christian Bk Hansen - Agile on Huge Banking Mainframe Legacy Systems - EuroST...
Christian Bk Hansen - Agile on Huge Banking Mainframe Legacy Systems - EuroST...TEST Huddle
 
Resilience Planning & How the Empire Strikes Back
Resilience Planning & How the Empire Strikes BackResilience Planning & How the Empire Strikes Back
Resilience Planning & How the Empire Strikes BackC4Media
 
RuSIEM overview (english version)
RuSIEM overview (english version)RuSIEM overview (english version)
RuSIEM overview (english version)Olesya Shelestova
 
4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM:APNIC Vulnerability ...
4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM:APNIC Vulnerability ...4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM:APNIC Vulnerability ...
4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM:APNIC Vulnerability ...APNIC
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
OWASP Poland Day 2018 - Ralf Kempf - SAP Security - Detecting the hand still ...
OWASP Poland Day 2018 - Ralf Kempf - SAP Security - Detecting the hand still ...OWASP Poland Day 2018 - Ralf Kempf - SAP Security - Detecting the hand still ...
OWASP Poland Day 2018 - Ralf Kempf - SAP Security - Detecting the hand still ...OWASP
 
Dream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management SystemDream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management SystemSalesforce Engineering
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 

Similar to ISACA Scholarship Competition.pptx (20)

Applying Vistara Runbook Automation
Applying Vistara Runbook AutomationApplying Vistara Runbook Automation
Applying Vistara Runbook Automation
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Cyber Security # Lec 4
Cyber Security # Lec 4 Cyber Security # Lec 4
Cyber Security # Lec 4
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
 
Detecting Insider Threats with Multi-layered Security Webcast
Detecting Insider Threats with Multi-layered Security Webcast Detecting Insider Threats with Multi-layered Security Webcast
Detecting Insider Threats with Multi-layered Security Webcast
 
Network management
Network managementNetwork management
Network management
 
Christian Bk Hansen - Agile on Huge Banking Mainframe Legacy Systems - EuroST...
Christian Bk Hansen - Agile on Huge Banking Mainframe Legacy Systems - EuroST...Christian Bk Hansen - Agile on Huge Banking Mainframe Legacy Systems - EuroST...
Christian Bk Hansen - Agile on Huge Banking Mainframe Legacy Systems - EuroST...
 
Resilience Planning & How the Empire Strikes Back
Resilience Planning & How the Empire Strikes BackResilience Planning & How the Empire Strikes Back
Resilience Planning & How the Empire Strikes Back
 
RuSIEM overview (english version)
RuSIEM overview (english version)RuSIEM overview (english version)
RuSIEM overview (english version)
 
4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM:APNIC Vulnerability ...
4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM:APNIC Vulnerability ...4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM:APNIC Vulnerability ...
4th ICANN APAC-TWNIC Engagement Forum and 39th TWNIC OPM:APNIC Vulnerability ...
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil Refineries
 
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
OWASP Poland Day 2018 - Ralf Kempf - SAP Security - Detecting the hand still ...
OWASP Poland Day 2018 - Ralf Kempf - SAP Security - Detecting the hand still ...OWASP Poland Day 2018 - Ralf Kempf - SAP Security - Detecting the hand still ...
OWASP Poland Day 2018 - Ralf Kempf - SAP Security - Detecting the hand still ...
 
Dream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management SystemDream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management System
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 

ISACA Scholarship Competition.pptx

  • 1. ISACA Scholarship Competition E-Squared Junho Lee Jongmin Lee Wookyung Youn Sol Han
  • 2. Agenda • Case Analysis 1 – Phishing Attack • Case Analysis 2 – Metasploit Attack • Recommendation
  • 3. Case Analysis 1 • The hackers obtained ABC company’s Windows server’s Admin Password by Phishing Attack (Possibility 1)
  • 4. Problem & Suggestion • Problem -Based on the security assessment report: • Security awareness training for employees is outdated • Suggestion -Updating Information Awareness Training (User education) + Additional Suggestion - SPF (Sender Policy Framework)
  • 5. • Hackers gain an access to ABC company’s internal network using Airmon-ng • Hackers scanned ABC company’s Windows server’s IP Address by nmap • Hackers exploit Hash table in order to snatch Admin Password by Metasploit • Hackers accessed ABC company’s admin user account through remote desktop • Hackers exploit Hash table again in order to snatch SQL server’s password • Hacked ABC company’s database to compromise information Case Analysis 2
  • 6. Proof Hackers access internal network by using Airmon-ng
  • 7. Proof Hackers scan Window Server’s IP Address by using nmap
  • 8. Proof Hackers snatched Windows Server admin password by using Metasploit
  • 9. Proof Hackers access Admin user account through remote desktop
  • 10. Problem & Suggestion • Problem • The security assessment report indicates that the company does not keep eyes on the network for malicious activities • Suggestion •Human Resource The system administrators should be informed of the specific tasks which they should carry out. • Vulnerability Testing • Back up Procedures • Configuration Documentation • Monitoring the systems
  • 11. Problem & Suggestion Additional Suggestion • Prevent Password Cracking • Disable LM password hashes - Make the password at least 15 characters long • Enable Account Lockouts - Set the account lockout threshold - Set the account lockout counter after - Set the account lockout duration • Disable LAN Manager / NTLM authentication
  • 12. Disaster Recovery Plan • Based on the security assessment report: • Disaster recovery plan has been provided but not tested yet • Solutions •Prepare contingency organization chart, showing the name of the contingency manager and coordinator • Develop customized up-to-date recovery plan and test it • Provide security copies of vital records and store these off-site • Nurture the ability to restore critical information within acceptable time period