Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hackcon 11 - Protecting our people

Laura Bell
February 17, 2016

Hackcon 11 - Protecting our people

Laura Bell

February 17, 2016
Tweet

More Decks by Laura Bell

Other Decks in Technology

Transcript

  1. Laura Bell Founder and Lead Consultant - SafeStack @lady_nerd [email protected]

    http://safestack.io Protecting our people the awkward border
  2. In this talk The Problem The need for and lack

    of human defense The Tool We built AVA… and we think you might like it The Challenges Building human security systems is hard…
  3. AVA

  4. Location Time stamps Sender Receiver User agent friends contacts frequency

    aliases profiles Last login Pw Expires? Disabled? Influence Admin?
  5. Email attacks that go beyond phishing Email phishing Internal request

    social panic Direct request External request favour authoritative
  6. The URL may be different on different messages. Subject: Security

    Alert: Update Java (*See Kronos Note) Date: February 22, 2013 ********************************************************** ************** This is an automatically generated message. Please DO NOT REPLY. If you require assistance, please contact the Help Center. ********************************************************** ************** Oracle has released an update for Java that fixes 50 security holes, including a critical hole currently being exploited in the wild. The IT Security Office strongly recommends that you update Java as User generatedand publicly sourced attacks
  7. Technologies •Django •Postgresql •Celery •Redis •Bootstrap •Open source •GPL •docker

    •Integrates with exchange, Office 365, ad and google apps for business
  8. yeah, if you could just give me access to all

    the information you have… that’d be great
  9. No.

  10. TL;DR We have a people problem Attackers will choose the

    path of least resistance and we are not prepared AVA is an early alpha prototype We want a future of continuous human vulnerability assessment The road ahead is hard Privacy, ethics, momentum, security, scaling and much more
  11. Learn more or get involved https:/ /github.com/SafeStack/ava now with docker

    build @avasecure http:/ /avasecure.com http:/ /ava.rtfd.org/ [email protected]