In this 26th episode of the TECHunplugged Podcast we welcome Shay Nahari, Head of Red Team Services at CyberArk. This episode was recorded live at CyberArk Impact in Amsterdam, in May 2019.
Podcast co-hosts Max Mortillaro (@darkkavenger) and Arjan Timmerman (@arjantim) talk with Shay about the CyberArk Red Team activities, adversary simulation services, identifying critical assets and protecting them.
CyberArk is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 500, to protect against external attackers and malicious insiders.
CyberArk pioneered the market and remains the leader in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done.
Shay Nahari is the head of Red Team services at CyberArk, where he specializes in targeted cyber operations, malware evasion and offensive research. With nearly two decades of cyber security experience, he’s on the front lines in helping global organizations improve their ability to detect and react to targeted attacks using adversary simulation and advanced real life tactics, techniques and procedures.
Nahari previously founded and served as CEO of Red-Sec Inc., a Red Team and consulting services provider, and as a commander in the Israel Defense Forces (IDF) communications unit. With a passion for hacking, he’s won multiple capture the flag competitions – including at Black Hat 2018, where he received the Specter Ops Black Badge.
- 00:00 Introduction & Presentation
- 00:48 Activities in focus for the CyberArk Red Team
- 01:35 Differentiating between adversary simulation services (Internal vs External adversaries)
- 02:30 Two questions customers should ask themselves: what are their crown jewels, and what risks are they trying to protect against
- 03:00 Are Red Teams our friends?
- 05:35 Helping customers focus on protecting the right pieces of their infrastructure
- 07:10 Identifying the attack surface, and defining privileged access
- 08:15 « Each employee is an attack surface, identities are the new perimeter »
- 09:05 Privileged access goes way beyond admin rights
- 10:20 How the shift to cloud and containers is impacting the security landscape
- 11:10 « Ansible access is the new domain admin »
- 11:50 Cloud makes undetected data leakage possible
- 12:45 Talking about vulnerabilities and privilege escalation mechanisms – credential abuse is the most common way to get inside a network
- 14:30 Protecting credentials and isolating sessions as a way to reduce the attack surface
- 15:00 How do the « bad guys » in the Red Team work with the « good guys » in the Blue Teams? What does the collaboration looks like, and how do the teams interact together?
- 16:00 « When we get hired, our job is to make our customers more secure »
- 17:00 Red Teams can be influenced by the creativity of Blue Teams
- 18:05 Conclusion: words of advice, shifts in the industry, and supply chain attacks
- 20:30 End