Presentations - Demyo, Inc.

Presentations

Download presentations

Detecting System Intrusions

Demyo, Inc. capabilities:

Founded in 2011
All we do is 100% InfoSec
We speak: English, Spanish, Portuguese, Russian, Ukrainian, Lithuanian
Web Application Penetration Testing
Host Based Audit
Incident Response
Vulnerability Assessment
Social Engineering
Network Penetration Testing

Team members have the following top level Information Security certifications: CISSP, GSNA, GSEC, CEH, LPT, CISA, CISM, GCIH, CCNA, GCIA, CCNP
Consists of HIGHLY experienced team
Digital Forensics
Threat Intelligence
Source Code Review
Security Training

Web Application Penetration Testing:

OWASP methodology
Vulnerabilities are rated High, Medium, and Low according to risk

Commercial, Open Source, and proprietary tools are used
Highly technical report + executive summary 1 pager report

Network Penetration Testing:

Internal LAN pen testing
External WAN pen testing
Enumerating Services

Finding Holes
Exploiting Holes

Host based audit:

Security Configuration Review
Policy Compliance Review

Antivirus Antimalware Review
LDAP Policies Review
Logs Audit

Digital Forensics:

Who, What, When?
Making Forensic Copy
Memory analysis
Threat Intelligence

Selective files analysis
Full HDD image analysis if needed
Building the time line

Vulnerability Assessment:

HIPAA, PCI, SOX, GLBA, ISO compliance
Merge and Acquisition support

Security Best Practices
Post Incident Support

Source Code Review:

Greping through code for high risk functions and methods
Manual source code review

Automatic source code scanning tools
Checking input validation

Incident Response:

Preparation
Identification
Containment

Eradication
Recovery
Lessons Learned

Social Engineering:

Will bypass all firewalls / Intrusion Detection Systems / Intrusion Prevention Systems / Full Packet Capture Devices and any technical means in between

Weakest factor is still human
How do we prevent SE?

Training:

Instructors are HIGHLY experienced InfoSec Analysts
Penetration Testing training

Security Awareness training
Technical and Managerial InfoSec training