11. #44CON 2016NETSQUARE
"Nakatomi space", wherein
buildings reveal near-infinite
interiors, capable of being
traversed through all manner of
non-architectural means
http://www.bldgblog.com/2010/01/nakatomi-space/
12. #44CON 2016NETSQUARE
It was different 12 years ago!
Individual effort.
1 week dev time.
3-6 months shelf life.
Hundreds of public
domain exploits.
"We did it for the
fame. lols."
14. #44CON 2016NETSQUARE
Haroon Meer
"For a few hundred K,
could you put together
a team that would
break-in just about
anywhere?"
CCDCOE Conference on
Cyber Conflict - 2010
16. #44CON 2016NETSQUARE
Attacking is (much) cheaper
than defence.
Attacker toolchains
are far more complex
than the public
demonstrations
we have seen so far.
26. #44CON 2016NETSQUARE
The more sophisticated the technology,
the more vulnerable it is to primitive attack.
People often overlook the obvious.
Doctor Who, "Pirate Planet"
XKCD 358 "Security"
36. #44CON 2016NETSQUARE
UNREALISTIC TESTING SCENARIOS
• Wait for new production release
• Don't test on production
• Don't perform intrusive testing
• X is out of scope
• Test during off-peak hours