Saturday, September 3, 2016

2016 Security Awareness Training

The videos of this year's security awareness training are now available online at

This year's training begins with a discussion on ransomware, and includes a video demonstration of ransomware actively infecting a computer, all because a user enabled macros on a malicious Word document.  It continues with a fun discussion on the "Internet of Things". We make fun of it and show a bit of its creepy side, and also discuss the serious side of having everything connected.

Part 2 includes a hacking demonstration, where we talk about how modern Windows management tools are being used by bad guys to easily bypass a computer's defenses.  We demonstrate the hack using a special USB key that emulates a keyboard, and gives us (the bad guys) easy access to our victim's computer.  We steal some passwords, install a keylogger, and laterally move over to a computer on the service desk, just in time to spy on our service desk superstar.

Part 3 discusses how to defend against this hack and emphasizes that, as humans, the best anti-virus we have is our brain.  We then review passphrases and password management, with an emphasis on using password managers.  A great video by 1Password shows us just how useful they are.

Part 4 completes our discussion by looking at more tools and techniques we can use to protect ourselves.  We review Andrew Case's browser compartmentalization that helps us defend against scripting attacks.  We discuss quite a few must-have browser plugins for both FireFox and Chrome that will greatly enhance our browsing security.

1 comment:

  1. Hi Dan,

    Am I able to show your trainings to my staff? Or do you publish them for purchase anywhere? Thanks!