So, I just recently built out a Kali NetHunter Instance on a nexus 7. I was catching this video regarding backdoor factory. All i can say is its pretty slick. Be sure to check it out.
After just a little time with nethunter, the badusb and all the hid attacks seem to be my favorite thus far from light use. The wireless stuff is cool, but still havent found the right need for my personal use that the nexus/otg/usb wireless adapter beat out laptop yet. I hear the nexus 9 supports full monitor mode with the build in device wireless, thats a game changer if it does.
I want to start making some custom actions for the HID attacks, the powersploit reverse meterpreter shell is pretty slick, just thinking of a few others i may want to use myself (all of which will probably derive from that).
I was asked by a buddy that is a teacher to give a talk to school kids at the middle school he teaches at. Its in the Ferguson Florissant school district. So you know i’m not a walking egoist, i was asked to talk through what I do, and pick some things to engage the 13 year old population. I picked the Sony breach because of the relationship to Lizard Squad (whom surprisingly a lot of the 13 years recognized due to the xbox live/psn ddos of christmas personally impacting their ability to game).
Also, you’ll see a slide called The House. Its an exercise/game i did with the kids where i ask them to think about a house. Its got doors, windows, and even sometimes a chimney. How do you protect it? They would say things like locks, alarms, bullet proof windows, chimney blocks, dogs, etc. I’d then take each one and ask them to now try and think like an attacker and how would they get past that thing they just threw out. Then, i’d ask ok, how would you prevent someone from doing whatever that thing was. I stopped at that level. Then i told them, thats what we do when we threat model at work. And instead of a house we do it for the systems we are trying to protect.
Anyway, slide decks embedded. Not going to change your world, but side note did it all on google slides (their ppt tool) and was able to pull it up on any of the machines at the school tied to a projector AND it played animated gifs so it worked out well.
As an information security architect, you rely on past experiences and any resources available to you to guide the recommendation, guidance and designs you create. While there are resources out there, they are less than most disciplines. I just wanted to throw out a few that I highly recommend and have seen in my travels. (Also to have a quick place for myself to find them in a aggregated place). In no way the end all be all list, but some good info.
SecureArc Reference Architecture
The OpenGroup: Open Enterprise Security Architecture (O-ESA) & TOGAF
Open Security Architecture
Disclaimer-I’m not a fan of ISACA so linking to this must show that it clearly is a well written article. Security Architecture One Practitioners View
TISN (Trusted Information Sharing Network out of Australia)
Lenny Zeltser’s Security Architecture Cheat Sheet for Internet Applications
Cliff Notes from Securityarchitecture.com regarding different Security Architecture Frameworks
ArcTecGroup’s Security Architecture Blueprint