USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers

Подписаться 8 тыс.

Просмотров 175 тыс.

50% 1

Rob Joyce, Chief, Tailored Access Operations, National Security Agency
From his role as the Chief of NSA's Tailored Access Operation, home of the hackers at NSA, Mr. Joyce will talk about the security practices and capabilities that most effectively frustrate people seeking to exploit networks.
A transcript of this talk is available:
www.usenix.org...
Sign up to find out more about Enigma conferences:
www.usenix.org...
Watch all Enigma 2016 videos at:
enigma.usenix.o...

Опубликовано:

30 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 70

@uniquelycommon2244 8 лет назад

Whoever convinced the head of TAO at Ft. Meade to give a conference presentation on thwarting nation-state attacks is the person I want handling booking if I ever hold a conference on anything. Damn. One very slight ding: from a news report re. this talk (that actually led me to look for this clip in the first place) it appears that there was a bit of Q & A after the end of the presentation that isn't shown here. Still, thanks very much for uploading this, as well as other presentations from the conference.

@DavidBrumley 8 лет назад

+Stephen Allen USENIX does a great job of getting awesome speakers. The slides and talk are available open access, but you have to go to the conference to hear Q&A.

@OhDearBabajan 5 лет назад

maybe he convinced himself.

@buddydaturtle1726 5 лет назад

Having been to a couple of security conferences the best talks/aftertalks are the one's that they don't record, for obvious purposes.

@SKDYCAT 8 лет назад

Difficult != Impossible

@thorodinsun7140 6 лет назад

HAHA at 30:40 he mentions Steam games and this was 2 years before the Steam RCE was found ! Don't give away our secrets accidentally Rob :)

@waverley41 5 лет назад

wow good catch

@joeskinny3480 8 лет назад

Just finished watching. A great presentation covering a host of topics everyone responsible for IT security should consider.If you want a technical "how to" manual this is not the presentation for you. If you're not a techie and especially if you are actually vested with security responsibility and authority beyond clacking on a keyboard, this is a must see for you.

@robyee3325 9 месяцев назад

Do you recommend any videos for technical side of this? Thanks

@callmebigpapa 2 года назад

Am I the only one @11:38 who immediately thought "Reddit?"

@Arctific 7 лет назад

Know Thyself: it is an olympic ideal to either become or sustain competitive greatness. This use of Know Thyself for InfoSec Defense is spot on. The model of three attackers: opportunist, advanced persistent and destructive is excellent also. From this talk alone, a world class InfoSec program could be built.

@tanyaka 8 лет назад

The process and remediations the guy presents are nothing new, any good pen testing outfit will be doing the same, difference is the NSA have virtually unbounded resources to do it. That said, still an interesting talk, shame about the q & a

@SpeakerCraft-q9m 8 месяцев назад

Old but still fundamental.

@unholykill333u9 2 года назад

Try hacking a Brick House and an Iron Stove when/If my computer gets hacked throwing it in the fire, because I'm not sure why my cousins wanna Fuck with me, but I'm not playing and extremely on Edge with just about everything in modern Society.

@TomBrennan973 8 лет назад

Thanks for posting this talk and content from the conference.

@jagadeeshakanihal 7 лет назад

Nothing concrete, just generic hmm I mean bullshit.

@shinkurt 2 года назад

NSA TAO seems pretty fun and interesting place to work. Their expensive tools probably make it a joke to break into anything. He only talked about how to defend against common attacks though - not zero-days ;P - he said they aren't important.

@detective5253 Год назад

of course he didn't and he technically will not, look at Stuxnet malware and their recent incident of hacking the chinese university this year, some chinese IT guys who've been working on analysing their trojan that pulled off about 140GB successfully of stolen data confirmed the TAO team has had used more than 40 of cyber weapons! can you imagine? now you're saying he didn't talked about 0-day vulns..

@cristianv7441 4 месяца назад

@@detective525340 it's not that much for the amount of operations they are doing plus we don't know how large of a team they are, you need to put in perspective, the response is not always a zero day, but sometimes can be a lot easier than that

@billunmuth3396 3 года назад

until they go after you.

@larry_ellison 6 лет назад

I swear we don't use zero days they're not efficient enough... Um bruh.

@salvadorvargas4716 8 лет назад

Great presentation...very good

@rahulramteke3338 9 месяцев назад

Imagine if 'PLA Unit 61398' members gave exact talks exactly like this (no diff), ameriKKKans would loose their marbles

@lower_level_gee-mah-tree-ah_TV Год назад

In my small nobody opinion, at this point, anybody that is actually capable of the variety of all this shit, already has immunity committing cyber crimes right under their nose or with this blessings , and if that is completely off, it won't be long before these guys get em on their team with immunity from prosecution, for the simple fact, they just are not cut like that, never been thru anything more than likely, and know very lil about anything outside of a keyboard and screen. If anyone cares to add or subtract to this, I'm all ears, I'm willing to absolutely accept that I'm not entirely correct, respectfully 👈

@lower_level_gee-mah-tree-ah_TV Год назад

Safe to say , if these are the "guardians of the internet" or "protectors against cyber criminals" then how fun must it be to send all other departments, people, and nobody apart of their group/gang on wild goose chases 😭 👋 👏 I'll rate the scareware around 4 outta 10, come on guys y'all gotta get this scareware score up "god damit"

@icarustheother8591 2 года назад

Sounds like a pretty decent program I like to be a part of that unfortunately I'm just puke civilian duct tape and bailing wire don't know much more Love gas and gas ladies and gentlemen thank you so much for the advice exponentiate that to fight the f****** bottom line starting so willingly about my language and my nomenclature however this is the way I feel this is the way it goes in gold

@patrickjsteed 8 лет назад

Great talk and information!

@jewelbennett7325 3 года назад

www is the life line of the social engineering experiment going on currently. All of it is very hard for some to take day after day

@youlikeicecream 8 лет назад

That screen in the background; fuck epileptics right?

@xG33Kx 7 лет назад

youlikeicecream it's a full sized LED array, much cheaper to make very big

@zohirchowdhury 8 лет назад

Great presentation

@WorldRecordRapper 3 года назад

haha hey Rob nice to see ya

@harrjd514 8 лет назад

wondering if anyone is rethinking this presentation?

@amandamate9117 5 лет назад

incident response my ass bois

@doktormcnasty 8 лет назад

'King Guy!

@michaelmulligan0 3 года назад

I understand very little of this but interesting! Would a good use of AI be in cyber & IT security ?

@birdman1393 3 года назад

It's in use. He brought it up a little bit, basically software that watches for irregular activity on networks

@mohamedfouad2304 6 лет назад

Donald??

@PosiP 7 лет назад

this dude is a manager, not a hacker. Snubs, you let me down.

@Baigle1 7 лет назад

It wouldn't get as many clicks if it were worded manager does it really matter? good talk anyway. we know its different to look thru code to find out of date stuff to break... the developers of many programs don't see half the problems in their software as its a feature not a bug after so many false bug reports what matters is actually taking the time to dig in and be meticulous, it takes good teams to do blue and red

@Wolf-sd8fr 6 лет назад

Posi P He has to understand hacking to be a manager of TAO hackers

@h0ney_r0ze 7 лет назад

🤦🏻‍♀️

@beatsoulify1 8 лет назад

Zzzzzzz.... Zzzzzzz...

@RR123 8 лет назад

So... how and why should we believe this is not a psyop?

@NistenTahiraj 8 лет назад

+RR123RR How? By laying off whatever is tripping you out and applying some clear logic. Why? He says it. Most often they don't even need to use 0-days because security in most corporations and government is so relaxed that anyone can hack in. And he is giving this talk because government/banks/corps today keep loosing money for example to bitcoin ransom-ware that some kid wrote. It's happened to the FBI, it's happening right now to banks in India, it's happened to regular people in Australia... the cyber-criminals keep getting paid-off because companies don't update their software/protocols. At the end of the day, even if you fix everything, the NSA will still be able to hire the best people to reverse engineer security , find 0days, or even just buy off every zero day on the darknet. So you're still screwed lol, but that method of operation is expensive and not used at scale. It requires time, good engineers are rare and not cheap, many new exploits become useless atfer being detected once, so they're best used in special cases (i.e. Iranian nuclear plant). Most of the time (as he said), they don't even need to do that, they can easily break in through publicly known methods.

@sergec3539 8 лет назад

@newsletter4826 8 лет назад

+RR123RR It effectively conditions people to think that the NSA's crimes are all shits and giggles, and to be expected.

@rodeocyclone 8 лет назад

You're wasting your time. Their tinfoil hats will block out your false flag, or something like that.

@lower_level_gee-mah-tree-ah_TV Год назад

We are computers and computers are us, bios, wake up boot up start scans viruses malware storage motherboards mother earth, etc etc, computer motherboards pretty much Mirror how ancient civilizations are laid out, although it's much deeper than a bunny's dooty shoot in it's entirety, that is what seems to be the jist of the jiggy , in my opinion, but I know absolutely nothing so I'll leave grains of salts and 2 cents just to be on the safe side in the event of disagreement or conflict 😂 so take what I say with a grain of salt and there's my 2 cents Gracias compa mai frenn

@DirkKuepper 8 лет назад

I never trust about what he is talking about. NEVER! If security is your business, you don´t talk about how you do it! NEVER!

@FrozenSkiller 8 лет назад

+Dirk Kuepper Wrong secure encryption is only secure if everyone knows how it is implemented and still cant find a way to crack it.

@theyruinedyoutubeagain 5 лет назад

Yo Dirk. Sit down

@PosiP 7 лет назад

this is a load of crap. No government man knows more than the developers. Code writers are not developers. All I can say is honey pot

@SpeakerCraft-q9m 8 месяцев назад

My experience is there is turnover in companies so who built the app is now gone and in his place is someone who is seeing a black box. Good luck getting support. I suspect the NSA has a team who know the code line by line and advanced tools to examine it for every Firewall, IPS, VPN and the underlying tech.