Open Source Massively Multiplayer Hacking Prevention with Philippe Humeau Cybertraps 51
Thursday, June 17, 2021 by jethrojones
Philippe Humeau graduated in 1999 as IT security engineer from EPITA (Paris, France). He founded his first company right after school and dedicated it to red team penetration testing and high security hosting. He was also deeply involved in Magento’s community creation & animation in France and versed into eCommerce (wrote 4 books on the topic).
After selling this first company (NBS System), his eternal crushes for Cyber security and entrepreneurship led him to create a new company in 2020. CrowdSec was born, an open-source software editor behind the eponymous massively multiplayer firewall, leveraging both IP behavior & reputation to create a community and tackle the mass scale hacking problem.
- Real-world hacking learning experiences.
- Hacking is about the size of 4th or 5th largest country’s GDP.
- Hacking is organized, industrialized, and professional.
- Wardriving - cruise through neighborhoods looking for open or weak wifi signals and being untraceable.
- Education is key in security. [[cybertraps heather stratford]]
- Red Team penetration - hacking into places with permission to validate security.
- SQL Injection to the search bar on TV!
- CrowdSec - big companies are trying to defend themselves with lots of money, and they are failing.
- A super soldier is not the answer.
- If you want to take on an army, you have have a bigger army.
- One vulnerability - hackers don’t like getting woken up by FBI.
- Behavior logs says what happened.
- How does a normal consumer get involved.
- Exposed IPs (IPs that people use for ) need to be protected.
- Poisoning the network by sending bad information.
- Gaining trust.
- Whitelist
- Automation
- Goal is to cripple the hacking community.
- We gave up on human validation.
- One IP is scanned 1000 times per day.
- Most hackers are used to people protecting them.
- Consumers: use a linux box to filter internet.
- Use privacy tools to keep their information private.
- Tools that allow you to decline cookies automatically.
- DNS that protects privacy
- Cloudflare 111 app.
- VPN - multi-factor authentication
- Update your devices.
- WPS - deactivate that.
- password ideas - 3 levels
- Garbage: music_tuning for tuning
- Middle Level: mozart&&NameofSite
- High security level: 20 characters with characters and phrases
1/ Hacking, globally, where do we stand?
2/ Why do you think collaborative security is key to solving the mass hacking problem?
3/ Why is Hacking, a 30 year old problem, not solved?
4/ Is there a risk that someone can break this kind of reputation system?
5/ How to deal with IPV4 NAT addresses?
6/ What technologies are CrowdSec already compatible with?
7/ IP reputation had a dubious reputation in the past, why will it succeed now?
8/ Why is Open source so obvious for cybersecurity space up to you?