6. 6
incognitolab
incognitolab.com
Lacks of incentive at global scale
• Security software
• Undergroundeconomy
• Bug
• Cybercrime
Cybersecurity
Economics
Ref: DelftX: Secon101x Cyber Security Economics [edX]
7. 7
incognitolab
incognitolab.com
A WRONGMINDSET
"Good engineering involves thinking about how things
can be made to work; the security mindset involves
thinking about how things can be made to fail.”
-Bruce Schneier-
A wrong mindset
Ref: https://www.schneier.com/crypto-gram/
17. 17
incognitolab
incognitolab.com
Extra reading: DEFCON24: Six Degrees of Domain Admin
User:
Eve
FILESHARE
SERVER
Group:
Local
Admin
ERP
Server
1
User:
ITadmin
User:
ERPadmin
Group:
Domain
Admins
DOMAIN
CONTROLLER
Can
access
to
Member
of Admin
to
Has
Member
of
Has
session
Can
access
to
ERP
Server
2
ERP
Server
3
Can
access
to
GRAPH THEORY
23. 23
incognitolab
incognitolab.com
Privilege
Escalation
Protect against mimikatz
•Disable cleartext password in memory
Set DWORD value = 0
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet
/Control/SecurityProviders/WDigest/UseLogonCredential
• LSASS.exe protected mode
Set DWORD value = 1
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet
/Control/Lsa
• Protect your privilege account
Use LAPS (Microsoft’s Local Administrator Password Service)
25. 25
incognitolab
incognitolab.com
What should I pay?
Reference: SANS:IT SECURITY SPENDING TREND
• Firewall to segregateyour internal network
• 2 Factors authentication for administrative
accounts and remote access
• Local privileged account management
26. 26
incognitolab
incognitolab.com
MONEY WITHOUT BRAINS
IS ALWAYS DANGEROUS
-Napoleon Hill-
• Spend more money on your
people, otherwise let
professional do it for you.
• Consulting companies also
spend money on marketing,
select them wisely