Breaching the External Network Security Perimeter
Network security device vendors have done a good job of preventing or minimizing external attacks on enterprise network infrastructure by adding a range of capabilities to their products, such as access control, IPS, VPN, DLP, antivirus, and other threat prevention measures. Now attackers are looking for innovative ways of gaining access to valuable enterprise data. We will explore various techniques attackers employ to bypass protections and gain access to an internal network—having no special resources other than information publicly available over the Internet.
In this on-demand webinar, we’ll discuss Open Source Intelligence OSINT - intelligence collected from publicly available - its importance and applications. We will talk about how attackers obtain OSINT data, identify potential targets, and craft targeted attacks against them, demonstrating how seemingly harmless data can be used to compromise critical infrastructure. Finally, we’ll discuss various protection mechanisms an enterprise can use to prevent attacks and to defeat attackers with malicious intent.
About this On-Demand Webinar:
The problem – why do we care about such attacks?
Open Source Intelligence (OSINT)
What is OSINT?
Why is it important?
How to perform effective data gathering?
Vertical vs horizontal brute-force attacks
Identifying publicly accessible targets
Attacking the infrastructure
Remotely taking over a vehicle
Unlocking, stealing and tracking a vehicle, etc.
What can be done to prevent this from happening?
Defeating 2-factor authentication
Malicious Outlook Rules
Citrix application access and breakout
Gaining and maintaining access to the internal network
Escalating access on the internal network
The solution – what can we do to protect our infrastructure against such attacks?
15-minute live Q&A session with Spirent security experts
Saurabh Harit, Managing Consultant SecurityLabs
Saurabh Harit is seasoned security professional and has delivered countless penetration testing & security consulting services to organization across the globe. Prior to joining Spirent, he had worked at several reputed security consulting firms such as Trustwave, Security Compass, Sense Post and Honeywell. During his industry experience of over 12 years, Saurabh has worked across diversified industry verticals such as Banking, Aerospace, building solutions, Process & Control Systems and has developed expertise is various aspects of Information security. Saurabh specializes in web application & network penetration testing, with a secret crush on binary reverse engineering. He has contributed towards proof-of-concept exploits and white papers in the InfoSec domain as well as delivered security trainings to various fortune 500 clients globally and at reputed security conferences such as CansecWest and Black Hat USA. Saurabh has presented his research at several security conferences including Derbycon, Toorcon, BSides Toronto, Hack3rcon & Black Hat Europe and is author of the open-source tool, Yasuo ().