Subtitle: I should buy a boat
Leakware, leaked data bases and leaky applications. Leaks are all around us and here to stay it seems. Almost every day, a new story about a data breach from the comical to the scary. Worse, a new exploited vulnerability leaking or locking data. Many protocols are in widespread use, if they are vulnerable and can share data or information inadvertently. Larger numbers of systems, businesses, infrastructure and people are at risk. When a risk is identified, how can threat intelligence be shared? In the land of NDAs, different laws, jurisdictions and regulations. What is good intel or sharable information and to who?
If your organisation's security posture is reactive not proactive, chances are easy to pwn systems can be exposed without visibility. Avoid making it easy to perform mass exploitation. Utilizing the new OWASP Top Ten 2017 and the information gathering checklist. You’ll learn how to discover leaky and vulnerable assets, websites, protocols. The presentation uses sanitized real life data. All information gathered passively. Examples are an unnamed big bank, major IT vendors, multimedia platform, powerplant and other fun..for attackers. A brief update on the leak underground economy and how valuable data can be. How much is that leaky data worth? The good, bad and ugly of sharing. Protection strategies, sharing options and takeaways to justify testing time, budget and sharing options.
