Hacking the Machine: From the Outside In presented at SourceDublin 2015

by Owen Pendlebury,

Summary : This talk will discuss the common pitfalls/security misconfigurations made when deploying physical devices (laptops, tablets and ATMs) within organisations.
I will outline what a malicious attacker can accomplish;
(1) as an unauthenticated user with no rights to access the device (lost or stolen)
(2) as an authenticated trusted user (rogue employee) attempting to exfiltrate/ infiltrate data in and out of an organisation.
In addition, I will highlight what drives attackers to do this;
(1) Trophies - financial, sensitive information that can be sold on the black market
(2) Further exploitation - information that could allow an attacker to further exploit an organisations network (cached VPN credentials)
(3) Reputation - cause reputational damage and in turn financial loss
(4) Revenge - disgruntled (ex)employees.
Furthermore, I will identify what fixes can be implemented to harden these "secure" device configurations.