Lessons from the Security Trenches

Liam will be presenting a talk titled, Lessons from the Security Trenches.

Abstract

Attackers use OSint to identify high value targets and unauthenticated endpoints such as account sign-up and email to spam, phish and whale. These indicate room for improvement.

Shared architecture services or hardware allow attackers to slip inside the system boundary and gain access to what they could not from the outside. Spectre example where speculative execution can access system memory that processes do not have permission to.
DMARC can be bypassed via Mailsploit on the client side or via shared email services that are included in SPF records.

Users receive phishing attempts via SMS. Shotgun approach, e.g., messages to non Luno users about their accounts.

Defender responses include burning attacker investments and infrastructure, e.g., reporting phishing sites, uploads to VirusTotal and giving companies being impersonated a heads up, in order to drive up attacker costs.

We already known that impersonation is a big problem for biometrics and only really useful as a username. Whaling attacks, rely on impersonation whether voice impersonation software, forging an email or other messaging deception to achieve their goals. While it is broken it can be address, e.g., processes can be modified to include checks that prevent mere impersonation of authority as sufficient for attackers to exploit, for example through pre-agreed one time passwords.

After a defender has educated their user base, configured DMARC, implemented multiples layers of email protection systems employing rules based filtering and machine learning, that is when you figure out that one of your regulatory organisations is spoofing email from your domain...

Speaker

Security was fun so I studied it, now it is my day job.

Venue

Unit L6
5 Howe Street
Observatory
Cape Town
7925