Spotlight on “All your data belongs to us.” workshop speaker Chris Roberts
“All your data belongs to us.”
This simple statement is becoming more of a reality as both technologies accelerate and we (the soggy human element) get left behind. The variety of means and methods for storing and transmitting data have increased exponentially over the past few years and the tidal wave that is the Internet of Things (or IofE) is set to continue that trend. We have found ever-inventive means for distributing our data and our very lives across the electronic spectrum that we no longer really understand the extent of the saturation. This trend is not constrained to our personal lives as those delineation marks between personal and “work” have significantly blurred with both society and technological shifts. It is these traits among others that make the art of human engineering and intelligence gathering so much more involved.
Outline:
- We have simply become walking attack vectors…
- Digital footprints, what are they, why are we talking about feet and what use are they to us as we work through the masses of data?
- We are going to take a look at the core of an organization…its data. We will strip away the misconceptions that the data still is in the control of the organization and begin to understand WHERE the data is, HOW it got there and how WE can access it, learn from it and ultimately use it against our intended targets.
- Targeting and attack vectors, looking beyond the perimeter. Reviewing an organizations structure, it’s VAR’s, partners, suppliers and other entities that are either trusted or shared resource entities.
- We all love the IT department, the developers and the resources they use without thinking.
- When YOU and YOUR work bleeds into your personal life…and the reverse. Why your E-Mail is one of the best fingerprints you leave behind. Why your HOA or your kids soccer team should never have your company mail address.
- Targeting it outside of the borders, how much easier it is to attack in certain territories.
- What public tools are out there, how GoogleFu is good, but not always adequate.
- CLEAR/LEXIS NEXIS, what data can you gather from there vs. other entities, what works and what needs supplemental sources. At this point we’ll take a look at the other options open to individuals doing their own research.
- The Darker side of the Internet, what it is, how to get to it and how useful it CAN be (if only the Feds would stop closing down sites!)
- Making sure the DarkNet doesn’t follow you home, HOW to search, what tools to use and when to throw the computer away… The art of the VM and how to anonymize yourself.
- All this and we’ve yet to actually “touch” the company, no CFA violations, no laws bent and nothing that’s going to show up on the radar…all this legally done, above board and simply piecing together the jigsaw. We now have our target, our attack vectors and our plans, what’s next?
- Reversing the mindset, how we can take ALL of this and use it in a defensive manner, how to actually be PROACTIVE in security and start to consider the preemptive capabilities of intelligence gathering in the commercial world.
This session will be offered as a pre-conference workshop on Tuesday, October 13th at
NY Seminar and Conference Center
71 West 23rd Street
Chelsea Center
New York City, NY 10010
Register here this will sell out and no walking will be allowed.