Microsoft

foreign [Music] end up there's still enough into our emergency which I want to show you guys so I don't call the new version we just rub about the uh 3.0 uh it doesn't actually runs now in a different platform and also the Json Json attack so you can use a different format type attacking where you're running new coach and and at the moment how to detect all of the you know the way it's running I'll show you guys basically how how we detected time permits if not just giving it above and I'll show you guys um are we are we running okay so from there let's quickly connect to my reminder [Music] this is probably the best thing that you can get here that's the first thing you always use in my bag you need to have my cell phone and you need to be in proximity of close to me to get those certificate you know number of verification [Music] okay so this is Advanced thread protection what I was talking about basically so in Europe if I go to a device in my environment it will see you basically it looks like a water it's supposed to be Warzone because we did something okay um so in a moment we're testing a little uh put a lot of limit coming at the moment and we're doing testing so how to detect all these stuff and stuff but one of them was Jericho okay so I just want to check which one like that so zero cool looking process machine um let me run along the reason when it was here that you got some members from what movie it was Packers yes okay so it's running back one of them we actually run a hacking device on I'm actually going to show you guys how it detects that the bicycle television device there we go so when you plug it in our system it will instantly tell you that I can divide is running and it's not making a keyboard device or it's meant anything so you can try and run any of the half powerful monsters in our environment you plug it in it will go into the screen it's going to kill it and it's going to say it cannot be run now for you as I get administrator for instance you need to run to that machine up and because it's a physical device right so physical somebody on a network somewhere in the company it is this so a lot of our competitors sometimes you can't see that because I go on top of windows so that I have API travel we don't have that it's both in operating system so there's a big difference between How We Do detection and behavior detection versus our comparedness and that's probably the only marketing I can tell okay what I know about it but a cool thing is what we've also do is how do we test that whatever you run your organization is action active right are you on the GPO policy or something like that how do you actually know that um how do you know that you can run it without actually um running a hacking device or you can also really with a company called great Connecticut so I'm a spokesperson of foreign [Music] GitHub now the curriculum is broken into two organizations one is that they do at one street hunting housework and I actually thought um there's well you can say it's an attacking place to go but there's a difference dude I mean when I go down to inside so what they did is they've they've run something that you wanted to know about this is your Bible what do you know that is the show okay so if you want to run the test you can actually choose what you got from the next Mac or Windows if you click on Windows you will see all these states around it there's this that you can run so the t12118 for instance that is currently you might attack framework that will be there so you can basically run all of these tests in your window in your windows environment now there's something that let's see if you run it there's a code that's running and this is where our great team comes in the microsoft.com okay one of them is not security so when that code is running globally Microsoft don't know that that's a hacker not a hack so it never Act if you are part of our licensing system okay if you want it here it's Central code up that code goes back into system that says okay it's what I have don't worry about it it's a text so that they just making sure that they don't um they don't act on app let's see if they can actually run out here I lost a lot of um are familiar with the lasagna project um let's see if the football line over here there's a whole there's a whole uh there's supposed to be how you run this make sure everything is turned off okay when you when you run Red Canary you can reset for your machine to run you need to run files you have to say exclude directories okay you have to run prerequisites before you run everything up otherwise the fender is going to scream nothing was going to work okay so you have to tell me everything of everything running then turn everything back on again okay certain things is just going to scream doesn't matter if you turn it on or not but it can happen in any variation there's over six thousand okay it's going to screen okay because it has a bit of a code of that in it okay so let's see if this is the one that oh yeah so let's see if we can look how much time do I play 30 minutes and that is the actionable foreign [Music] [Music] [Music] it's going to take everything and then but it's just too much to actually go through all the work you're going to get what has happened so you want to run them one give them a day see how it looks in the sock run the next one and the next one and the next one and so you go make sure you've got a clear view of what you what you want to test because like I said you can either test you can either taste it to see it on functionality it's only for other things you can see even action breaks into my system and then you also want to see cbes and stuff like that so while let's assuming on the back end of our system we actually want to see detections so if you go to our looks so much different ones the probability that your that's your recommendations are people yeah so you want to see in your environment what is all the updates that you need to do in your moment so you've got to replace for instance first of all materials going back you will see virtualbox Firefox so that point system under that's the most weaknesses in my environment if I actually Pickering it that's going to tell me what is the device exposed installed and what is the associated cves for the uh for that the most when it's running okay so you really want to go deeper in to make sure whatever you're running because when you run the testing you can run it against it you just got you don't check what it is it's going to tell you what it what is the actual effect that it's got foreign if you're not a bad option what is your licensing fee for your yeah you also apply something as a hacker what does that feed for you give it about three people what do you think what is how much how much will it cost to be a hacker right here excuse me normal like that kind of cloud fishing Suites that they do to be like five minutes about 500 a month and that's only just literally okay someone else ten thousand you know because they need to run all those machines at the same time 35 to 120 grams yeah that's one that's what I need to do a lot of so what do I do love hanging fruits like ransomware and stuff get cashing pay for my license for next year um if you actually go via my Professional Services but um because educational purposes right um but I really wanted to um it's a super hacking program um that's what I said I like that type of thinking I'm curious right now that I could find out that on my answers let's see if there's some governments that program's about three thousand dollars a month you're right however it's it's extremely effective okay the codes of these guys will run are not generated every little code you want is newly generated it runs in the back end it's super super clear on how it does it and it bypasses a lot of security stuff if you're logging them online if you're not running the right stuff in your environment I could almost guarantee you it's gonna fast okay um okay so um so I'm running to make sure that you don't run it okay so it's different there um so yeah we run all of those type of steps okay from a regularly perspective on that energy if this will work out uh you can run a lot of testing and making sure you're acting environment at home with your own machines on your own stuff don't run this in a company because it won't open up games okay uh there we go okay so I run I run a video subscribed okay so the program I was wanting to run those couplings you can go play with it it's very cool so lasagna project will for instance go and this is a talk we had a few weeks ago um it will grab anything in your browser and it will actually all the passwords that that's cached okay from not age what's the difference credential manager you will see all of these on the time there is no I don't know what you call it there's no LinkedIn or anything up here you still know that you can get the LinkedIn password you know you know that if you logged it okay I'm going to change my LinkedIn password okay so I want to show you actually if you go in over here and you just go is I'm not going to throw my name so let's try let's try something something oh yeah okay let's do this something I'm a musician so let's go to a place where maybe you guys don't conversation software um show you a quick a quick and easy trick that you can grab basically any password or get interested in about just particular secret injection let's see if the dog's name for just you can do LinkedIn we won't tell them because in your credential manager you've got two keys that's such a good credentials and this is the energy credential that you will connect with which is the artist application and you can't actually get the password see you can't pick the password but if you go to your windows credentials it's a show but click show it's going to do an artist's technician and then let's turn it down unless I force it to do it in the face so if you are a web programmer or anything like that I since I will say also to do and I think you can do that because it won't inject it in here that key will be injected to the DPM processor or you can deliver a class of VPN you're going to get that right into the deep end processor and because it's in the deep end nobody has ever had to keep you in you guys know how long tickling has been available since nobody really utilize it we import the Ukrainian version of it and we have a division uh 1.48 so uh anything that doesn't it you can process a basically a fraction if it goes into the cloud as well so you need to have the different process that you need to have to talk to you to get your key [Music] um so we want to see that password so if you go into any system so your I want to suggest that your mom drops away from a machine unless you're coming basically what you can do is you can actually just go to the system in the browser go down to the key [Music] and [Music] so okay what's up in the browser you look very confused everything is Cash especially when you're in this browser that I'm using over here okay so the lasagna project was specifically designed for them so once you're on the lasagna project it will go and get every little thing out of your browser and I will give it to you now if you want to go and check if you've been hired okay this is a pretty cool place to go um you can go to a place called um I need to make sure because otherwise it's Microsoft scissors and my close my machine but sometimes if you run it in a description machine and then I need to send a little email address so if you're actually going to do that and you type in um is it you can actually run the Wi-Fi hack the decryption of TeamViewer whatever you want to run you can run this in an environment that's actually checked if you're just if a Defender is going to pick it up or your security platform the community is going to detect it and stop it from the execution okay so the thing is one should run all of these things you can go back to recover to back to your company or really work or whatever you do it's hey you've done these steps we um we are protected against us but be very clear of what you want to test and how you want this okay so um there's over 200 tests that you can run over here once it is once it says contributing a text like this is not being bold yet you could say anticipate credentials and contributing tests so what what what uh regularly does as I open it up to the public so anybody wants coaches and then they review it to check it out they taste it and making sure it's not doing something that should not do because believe I don't mark okay I can say this so there's a company the renders let the machines open and just let it run on the servers and stuff like that hackers hacked assistant and oh we have we have the machines running and our company because they knew it's they're going to test right so because it was running on the system and I knew it was going to test I thought it was the security guards just doing this organization and then rather information be careful further others so what are we doing is if we do if we run into the virtual machine we kill the virtual machine and it becomes concern as well the virtual machine because if you're an active virtual machine and you want to run it on another machine what it's going to ask for Ms magnet it's going to ask for the deep clean process of you because once you enable the typical processor key it injects that now I don't know if you guys know this but I only happened to beat us none of the competitors there okay I said what you do is you right click on it go to settings and other security enable trusted platform module okay now let's inject it into the key and into this machine if any hacker or any company or when somebody leaves the organization fences and they X foreign the system that's another way of doing it I found this is much more effective to do it because it's not bind to this machine here comes the problem if you run it on servers making sure that your server have a TPM processor okay in the new servers have have been so difficult if it's on premise if it's in the cloud and you write anything in Azure make sure from Azure security you turn on at the average security okay you just have to say NFL and Azure security it will not expect the panel because it's a global account password you do it okay so assuming the enabler is we're just going to say sorry I don't care who you are broadcast make sure that is if you run Global accountant anybody has access so what hackers do now is is that by doing testing we just put RDP Happening Here um can I do okay that's okay yes okay um this is very effective okay so if you if you if you run this um this way of the uh um did you want to run it there's a certain One You're Gonna Miss This video but there's there's a certain one that you want to learn which is called um which is called it's it's exactly actually there is only one confusion because it's not until half three days until uh so it's finished yeah okay so uh give me the booth if you want to check more stuff up because the the RDP happening that we live here is really effective if you don't do injection into your um like I said you actually put it again you can actually use it but it does is it jumps in it it makes you to think that the certifications if there's a command the the remote use the wrong thing anything goes well I get it in clear protection not good forces and you can utilize and use everything but the gentleman is up here um yeah thank you [Applause] um [Music] thank you we're already I sure will be awesome this is an easy room right now I know one of them already he's my boss you're out of here okay yeah it couldn't it couldn't hurt me it's gonna leave it here are you staying for participation whatever's needed um yeah exactly yeah is it jungle it's a lips right are you running this no no no James come James comes in is tending it he hasn't given us any instructions and we should get you instructions to manage it yourself okay I think it's streaming right now so that's good so you might have to keep the chicken with the shape the most because it goes to sleep you're gonna get locked out okay right okay perfect so he's got it set up so we just come here and move the mouse once in a while yep and so um he will present once he shares his screens they'll show up across here and you can click on it so that it shows up in the Stream and it'll show up side by side on the street okay right okay cool um it's up to the speaker whether or not he's going to monitor chat right so yes if you could facilitate in this room please I gotta run in like an hour for a call but um yeah no worries absolutely right um is I don't I don't know I don't know let's see yeah let's see if we can turn it off and save ourselves oh there we go [Music] perfect [Music] we set the screen timeouts to never yeah that's beautiful that dongle stays here that's our secret dongle um foreign [Music] I'm getting there floating through trying to give you extra pressure though just lean over the back room yeah [Laughter] we could try um this worked um for the last speaker for some reason does USBC um [Music] well there you go excellent all right all right okay [Music] but what I was going to do is talk to you guys around the dark protection and uh [Music] in 2020 it's uh kind of scary how much uh stuff that businesses so has everyone knows security breaches uh a big and huge stupid system a really big one from one of my life in Australia massive I suppose people's uh details including mine so they bank accounts credit cards passports driver's license is data breach and it's been quite interesting because it's been in the news for the last month which is uh unheard of for uh Australia to talk about Security in that kind of way so so data is is obviously uh it keeps the council in most organizations so your reputation what you hold on your customers what what patterns all those type of things are key and in your business and how are you guys do a good operate so obviously having that exposed to the bad guys or having a diet exposes and critical as our brand so with the world has changed a lot around the machine some of us change the way data moves throughout the organization and uh and obviously if you're still with us so what what uh you need to do in that to put out a picture plant is obviously understand how your data goes to your organization understand what your data is and then start the process of classifying to start an approach yourself data protection is it's a it's a process it's a business it's a business tool this it might run it and manage it and keep the bikes on but it is uh fundamentally driven through your business and reverse applications components so part of a successful diet protection plan is going off the top 50 business units understanding they'll typically say all of our data is important and you'll say well here's a big fat dollar sign that uh you need to start going in a bit more rationalizing your data kind of flow through organization what data is and then obviously supports the processes and control from the high today is not just about technology it's also around how you manage about how you basically delivered on how you purchase one of the biggest things you can do as an organization is Project data so your data has a life cycle of whatever it may be five years two years depending on audit applies requirements and you should be approaching that data once it's on exposure of something better does happen and also you don't need companies don't need internet data so there's certain things that they need from a regulatory and police point of view but getting rid of data is just as important particularly so typically how uh so I've done a number of Erp projects over the years and uh when you go to having success with the LPS acce