Get Hacked! Inside A Mind of a Hacker: Live Hacking Demo

[Music] good morning hello a few minutes ago this room was empty so I think Kenyans have a thing for time eh um let me just make sure that I have internet okay you know what I like about um RIS and blue Network you keep on finding the same thing most of the time and everybody who comes here every other conference that come here they connect to the wireless so it's my slide okay so um I have exactly one hour uh so my my name is Bri gab maudo um co-founder and found of of Africa haon

I'm also the founder of a company called cyber guard Africa we basically help you to be able to understand how cyber security works in your organization and also how to be able to change things um recently joined a company called Crystal blockchain which I'm going to show you something how many of you feel that blockchain transactions cannot be tracked down anyone yes okay great so today I want to be able to show you exactly how we can track down you know there uh this ransomware group called Conti ever heard of that before so I'm going

to show you how we can track down every transaction that is going on right now as we speak where the money is moving what they're stealing from when they do run somewhere and I take your money where is the money going to I'm going to show you how cyber criminals are actually working so if you look at the news right now there's a lot of things that are going around um a few things that have been picking out uh say ubiquity router Router surge um devices um there's quite a I pick this randomly from my

email just from my email these are some of the things that I'm picking out thre intelligence platform integration is necessary we're looking at the fact that back doors are becoming a thing um Anonymous Sudan and everybody thinks Anonymous Sudan is actually Invincible they're not that Invincible they can actually be found with with some of the activities and I'm going to show you what we can find on the Deep Web or telegram groups and what can be extracted that we don't even know about we can see um remote access to kind of things that are going

out they diff there zero days that are actually working and ways that people are actually doing fishing attacks fishing attacks are becoming quite easy to be able to infiltrate a lot of networks and currently most people don't even know that the fishing attacks that you've been doing by clicking on links is not happening that way anymore you know the new method just browsing a website and I'll show you some of the things that I've been collecting from various countries so please volunteer um countries that I don't know if the mic can be um taped cuz

falling off a little bit um this some of the fake website that they actually getting to pull off and some of the trends that we're looking at is the regulatory regulation and enforcement is getting to be um On The Rise uh secure by Design is a is a concept or rather um a focus of area that we're looking at right now and incident reporting has becoming a core part of businesses right now ransomware threats are not slowing down and ransomware actually is becoming one of the areas where people are trying to really focus on and

ransomware actors are changing tactics before they have to be able to Ste encrypt your files and tell you to pay right now what are they doing they basically steal your file and tell you pay me or I will expose you right or wrong they're trying to do that kind of a thing and we're trying to see how they're changing AI based social engineering is becoming quite a thing back in the days social engineering will be um um cyber criminals making mistakes they make mistakes by sending emails that have Dramatical errors they send emails that have

um some slight change on details that they don't now we all have to just use Char GPT to write the perfect email right or wrong so they are doing that um then we look at the fact that the things that I think are going to be the focus in 2024 BC attacks are going to be on the rise almost every business business is going to get compromis one way or the other via uh business email compromise we're going to see and so the silent passw Steelers iow to show you today what has been happening to

some people which is the BC attacks that they don't even know about we have automated attacks by AI engines um cyber criminals are automating the way they actually get to compromise uh networking systems the fully undetectable malwares that have been created they are not that difficult to create anymore they will see API exploitation so I would like some of you to even volunteer today to show you how some of the apis can be exploited in this country uh I take a very simple one so just to show you how that has been working nation state

attacks are are something we are not going to run away from so there countries that are attacking Kenya they focused to get some some sort of intelligence from Kenya and the thing is the more information they get about the country the more they actually be able to know what to bring to the country so nation states attacks are going to there what I want to talk to today is about what we call expense in depth how many of you have a firewall at at your at your workplaces does it work does this work hello how

you how many of you have a a security incident and event management tool only one okay 1 2 3 4 how many times have you ever monitored to know that the right attacks are even coming to your network so you know how to actually stop them I'm asking this question for you to just juggle your mind how many times have you ever caught anybody internally or somebody's machine unintentionally siphoning information out of the out of the company that you have no idea about how many you have an EDR okay three four a few of them

and those edrs are they really catching the right malware do they even work because I have seen a lot of fake edrs in this continent and it's is becoming a very I mean people tell you oh our EDR Works in Dubai our EDR Works in this country our Ed works for for this company here and there you try it in Africa it doesn't work we've been seeing some of those happening so expensing de what I wanted to discuss before I go into the demo session of things is what is security spending so security manager ciso

is fighting CFO will tell you guys why are we spending more money right or wrong and you have to defend why you are spending more money to buy another tool the CEO is also saying are we do we we've not been attacked in 5 years why do we need to actually hire cyber security engineer or cyber security Personnel then we're looking at board members who want to understand exactly what is going on the reason why we're trying to have the importance of having expense in depth is because you want to understand your environment understanding your

environment is really important for you to understand the asset identification is important what is a threat awareness you want to know the compliance standard that you have to conform to to be able to know what tools you're buying or what services you're subscribing to we're also looking at the fact that what is your risk appetite some of you don't calculate a risk appetite so you don't even know what to start from what is the industry Benchmark you're a banking institution you are in the fintech space you are in the insurance space what is your what's

what are the industry benchmarks you have to look at and and ask yourself what are other people doing that you want to actually try and and match yourself against right however all of us in this room could not fit in the Next Room right or wrong because we are many so the AWS event that is happening there if they come here there's too much space for them to cover are we together so you need to know exactly what works for your environment and not just what another person is buying somebody buying Cisco doesn't mean Cisco

is going to work for you another another person buying 40 Sim or whatever it is or 40 net Solutions doesn't mean it to work for you so you have to understand exactly what works for your environment the the technology advancement that are there antiviruses are there so if somebody brings for you an antivirus please throw it away we're going to to edrs right now and that's what you should start looking into and then there's a thing that I've been seeing a lot of vendors sorry for vendors who in the room they come and tell you

we are selling it for you zero trust right or wrong FR you're laughing cuz I know FR have gotten that many time we have a zero trust solution it's not a solution it's a framework it's a whole journey zero trust is not thing you just wake up today and say I've bought a zero trust solution and when I plug it in it will work Plug and Play doesn't work in this industry you cannot have a plug and play and of course we looking at operational resilience so I'm not going to spend too much time on

this but this is how to be able to calculate I'll share the slides with you so that you can all have access to it you have to look at the various threat types that are there malware fishing ransomware inside of threads that you talked about and of course we're looking at d does that is happening so you know how to be able to actually measure that for your organization so again if you look at this what are you spending on what are you buying should you buy that right now or that can go to quarter

4 are we together hello okay then we get to see so these are some of the things that you want to actually put in place who will Target us why would it Target us the feeds that you have to get for for cyber security strategy your your risk mitigation uh strategies and of course you have to be have make sure that you have informed decision making as to what you have been saying I know people have been buying security incident and event management tools and they don't have the right kind of logs so they don't

even know what they're looking at yet you go buy one tool to see AWS and your gcp are instances and they don't even conform to the your your your cicd pipeline you don't even have one so what are you monitoring what are you pushing out there you need to be able to understand that oh and then you have to do what we call threat modeling and also understand the business Revenue points where is the business making money if you're an API service giving that service to other people and making money out of that I'll spend

more time on the API endpoints than trying to focus on the general generic firewall for the office hello hope you're getting that so we try to understand exactly what the business Revenue point so that you know where you have to put your money prioritization what are you buying first should we buy an ed first or to we get a ciso for the organization somebody the other day tweeted and said most of these uh uh blockchain and uh virtual asset service providers don't even have any ciso in place so they don't even understand cyber security so

we're trying to look at all of those and then the determine of their Roi of the security expenditure or investment how to look at the cost benefit analysis you have to do that your incident reduction because you always want to reduce the number of incidents you have you also have to look at how do you enhance your reputation so those are some of the areas to look at the kind of people you're facing right now is not your typical um how do you call it this I want to put this on I wanted to I

usually change the AC whenever I come on here I forget where they are with this little device you have facing a whole set of not just hackers but it's an ecosystem people know exactly what email to type for procurement they know how the lawyers have to work they know exactly how they're going to move around who's going to cash out the money they know who to send to the offices to be an intern in your organizations to be able to actually plug in a device or two to fish out things out of your systems so

don't think that the kind of hackers you're facing these days is a typical hacker who just sits behind his desk at home and be able to do that and the thing is you are facing a whole lot of wealth of hacking now this entire tool kit uh we have all of them this one is my favorite it's called The Flipper zero how many of you have seen this before Let's do an experiment please take out your phones just take out your phones I want to do something very simple so if you look at your phone

and I press this according to the range you should be able to see start seeing popups on your phones asking you to connect to your Bluetooth device right or wrong right this can control AC TV monitors this TV if I want to put it off I can put it off with this digital signs some part of traffic light Tesla cars can be open with this you can um plant mwes on a on a laptop so if I connect the cable to your phone I can try to even try to brute force your PIN I've been

trying that out somehow you can basically control so much with just this little device it's about $200 anybody can buy one you can ship it in with a Quanto or whichever services that are there it's becoming readily available this is is a very simple device now this is a Swiss Ami KN for most hackers and these days such things you don't have to you don't have to actually do so much if you look at the crazy radio crazy radio if I was to put it here anybody with a wireless mouse you can intercept the traffic

between The Mouse and the keyboard and type whatever on their laptop when I say type whatever on their laptop what I mean by that is I'll disable your keyboard disable your antivirus then now down connect you to a fake Wi-Fi very fast download a malare to your lapt top and make sure that I'm persistently in your laptop forever hello it's just a it's just script it's just the normal commands you type but now A system can type it faster for you so you don't need physical access to the person the other one which is the

USB ninja is one of my favorite um and I think Fraser has that somewhere it's a cable it's a charger cable and most of you go to coffee shops you tell somebody can you charge the phone for me what do they do you charge because you're a very nice person because the ladies is smiling at you because a gentleman has a strong cologne it works because we have tried them before and that's the easiest way to be able to actually compromise some of you that the author can disable this entire wireless network as a watch

um and there's quite a number of tools that are out there so I want to just take you through a few demonstrations I'm going to do open source intelligence um email hacking to just show you some of the email hacking that is coming up right now um and how to com an account compromised by cyber Criminal then we can look at the remediation processes as well and then look at a few things so I will Ex exit this I'm trying to timee myself so that you can um so the first thing that I want to

do I need to move a few things around is usually the first thing that anybody will use to hack which is what Google so you're looking at Google um I'm looking for can you please volunteer companies it doesn't have to be yours and please don't say Safari com I don't like Safari com always being the choice for demos anyone myti rolling Mills great mrm so if you look at mrm you try to see is this my this this is a website right any other so things you look at is finding how the domain looks like

um and I'll see something like this so what I want to find out is um first of all is details about uh their domain I want to find out details about how the website used to look like I want to find self domains and the likes or I want to see if the email is secure I'm not targeting them but you will get what I mean so for example I'll put this here and say if I check mrm mati.com to see if the email is secure the moment I see anything that has to do with

with uh red that means the SPF and dmar records are not set properly so check for yourself and see what will happen if your Demar and SPF records are not set properly I'll go to somewhere like criminal IP and say hey find out details about mrm to see if the website is even vulnerable so if you use if a subdomain you can put on this website you can find a details about them it's nothing they don't have anything okay there's nothing really there but this can show you uh criminal IP can help you to be

able to find out details about your web server if they have cves that are actually uh available or I want to find out what do the emails look like so clearly I know that there's sales there is Nairobi there Technical Institute washira what does it tell you about the emails everybody's email is just their first name are we together so you can start profiling them to understand exactly how the company works and I know I can now send an email from any of these people to another person but what would I do first I'll first

of all try to find out exactly who works at the organization so I will say I'll put this to be one second myti rolling males um say I want to see exactly who says they work there so I can now see Elizabeth K her email should be just Elizabeth I don't think it's anything it's rock sence so I don't know how what to do if there's another Elizabeth but if you look at the emails you can tell that it's usually some of the emails are first name and then the second name the the first letter

of the first name and the second name are we together right are we say have your profiling I'm just trying to take you through the a normal whatever it is so you basically started see an area sales manager will open anything but I'll an email to sales or procurement because or HR because somebody will reply to me it's a group email when that person repli they reply with what a signature are we together and a signature is just an HTML so I can copy that HTML and use it to fake an email from one of

them to the other person hello great but Google is quite a quite uh very very there's a lot you can do if you say site I I like using this one here salary saying you want to find out every uh on every. ke website every Microsoft Excel sheet that has the worst salary in it and you basically can download Teta qual County you want to profile to see exactly how those financial statements look like so um if you look at something like this you know exactly how much excuse me they've been processing and the likes

you're just collecting basic inform information about them are we together Google again is EMP powerful that there are some systems you can find in Kenya where when you put something like this it shows you people who have the folder backup right people keep a lot of fast in backup so this Gava website oh goodness uh so if you go to this folder you might be able to find even the Kuru website you basically they're not anyway let's not go into it but again it can also specify another one like say um you want to find

on every. G.K website all government projects or website that have an error in it I'm only looking for PHP errors and if you profile all of them you can realize they're all just word they either WordPress or pH basic PHP that has been written so when I see a databased error like this for HPT dashboard uh you all know what that means SQL injection you can dump the entire database you know how the server has been set up you know what to look for you know where to be able to plant anything are we together

but what I'm interested in is something like called Shan Shan is very important for me to be able to find an information if you actually put say um I like location you can put you can first of all search Cisco um devices and um Cisco and then you say country let me zoom in a little bit K I'm just looking for Cisco devices in the country so I want to see what are people actually using you can put fortunet you can put any any kind of vendor um or you can put a geographical location saying

you want to see devices or services or systems that are around this GPS this is KC that GPS location is KC and you find out quite interesting um results CU what I usually do is I come to the left and I see not the service providers I look at the what the products most of the products they've not been updated they've not been patched and that's how easily it is for you to be able to compromise them but the one that is very interesting to me and I hope this is safe space here hello okay

if you type authentication disabled which is Port 445 for the for SMB which a lot of people have internally and say country output ke is a lot of people who have put the erps on the web right now don't ever secure them after covid majority of them have moved where to the cloud internally they think it's internal for them to be able to use however externally other people can see them so can we pick a random one here this ones looks very ah this ones looks very interesting can we try to log in noost guys

guys don't blame me I'm not doing anything illegal I'm doing everything that all of you can do hello so you use something called SMB client and I'll put four slashes because I want to escape it and I'll put say e-recruitment live I'm praying this goes through what do you think the password is there's no password ah error okay I'll pick another one um documents path maybe that one is not protected let me look for another Target on the Fly um ah this one this the one that I like Hotel Master great I saw this one

the last time I was trying out and hotel master we we can look at users or the folder Hotel Masters and let's see what we can find if it doesn't go through then it's the Wi-Fi that is connected I'm going to just share my Hotspot cuz I know that must be the Wi-Fi blocking me this is why I wanted to show something on the Radison Network later that's why I was connected to the Radison Wi-Fi but try that out again great and we're in so you basically can now see folder for administrator and these are

2024 details so you can go to guys desktop desktop or documents pictures no pictures doesn't usually have do guys even save stuff in pictures anymore no I'll go to things like say downloads actually yes and clearly this a techie so your system your system admin in that company is the one who is basically making the company vulnerable this is how easily ransomware actors take over your servers and by by the way it's not that difficult if you take others like this one there some of them even see ah pay lips God this is not important

let's go to SMB client can we download that P slep I'm so sure we should be able to um let's go to the folder pay slips I don't but I don't know who these clients are I've not checked I don't want to check uh do you know why I just want to protect myself from being itchy and it's in again so if you want to download them what do you do you copy this and just say mg get and I'm so sure if I say why it downloads where are we I'll copy is uh to

whatever it is August copy it to my folder desktop and I'm pretty sure if we go there so we know somebody's salary just because of such simple vulnerability that's how easy it is to break into system how long did it take a few seconds right so are we really protecting our systems from suchar hacks this is me randomly picking a very a query on shun to be able to do that other things you want to be able to look at is also seeing exactly um this you guys somebody might hate me for this but um

in our boardrooms that we have there are boardrooms that don't have protection so you want to look for polycom devices that are in most boardrooms that have not been configured properly so Kenya School of government Technical University um aan I have reported this enough times but let's see if this goes through and guess what I don't think you need a password to get in so basically you can join the zoom calls you basically know the entire network you basically this is the boardroom de's boardroom and from this you can actually get to map out the

entire network from this you basically can take over all their calls and every confidential details they're discussing silently without you even being there are we together these are basic devices that are connected to systems and they're all in the same network so if I was to click on this uh Hey dialing sorry that wasn't supposed to dial you basically can actually start picking out all of these so those are basic ways of hackers being able to actually get to details but what I like the fact that when you find such details we want to find

out how can we be able to actually see details about you can I borrow a Gmail account please please now this is the point somebody just have to volunteer or or Fraser you'll be the one to fall for it Gmail account anyone yes info at your you want your company email info dot commande like that John like that okay so so I want to find out details about John I have no idea who he is there are various ways to be able to find out first of all um there's something which I would have to

find out is to see if your former password you ever use has been no let me see at gmail.com uh to see if your password has been comp romis before it's not there but emails work in very interesting ways this the way we want to pass a bottle of water from here to the back or anything so we will see how we can be able to send an email from you to another person I can use myself in this case um oh sorry and this particular thing works against um at gmail.com right is that the

correct email or command oh like d like that at gmail oh sorry at gmail.com come let me just copy that cuz I want to find out if you're a runner or not so as that is working I'll go to something called ENT Industries ENT Industries allow me to be able to actually find out every publicly available information about you um out there that most people will not be able to find so you can profile your Instagram Pages your social media profiles if you have straa you're Runner I would know if you've been running and stopping

or you've been running continuously right so we want to find out that information about you so I want to just run that as I this cannot fail today come on oh great oh no I need to sign in if this fails then you are very lucky all right right so command John a Gmail so as that is searching I'm sending this email from you to my Gmail brightz gmail.com what do you want the subject to be subject pardon pay rise kindly find attached the invoice for the payment no the for for salary review yeah the

the the Excel sheet for the salary review so in a second he's checking his phone it's not in your outbox you won't find it relax so in the next 5 Seconds an email is being sent from you to myself and actually this affects most um most organizations so if you check your value mail and you see a red that means email can be spoofed if I go to my Gmail here um there it is an email has come from him and if he try to even reply if if you look at it I use send

GD API just to be able to atast prove the email to make it look like it came from him and usually if you had a picture that will have a picture he will only see that after I have replied that's the only time he can able to see however I need to collect enough information about him to be able to see his enre lifestyle there's nothing do you ever use this email oh there we go so when account was created all the airbnbs he's been to but there some of the accounts will show you on

a map when you BN went to that Airbnb the time that you checked in whatever you doing there all of that when um all the account that it's been linked linked to then we go to things like uh spoko spoko can also do a lot of information about you um spoko even without actually registering on spoko if I put brightz gmail.com which is my email John I'll not use your email this time relax it tells you how old I am right it tells you details about your age and the details and there are so many

other open source intelligence that you can use things like say Pim eyes.com Pim eyes is able to actually profile you because of pictures and do a reverse image search so if I pick say this network here today is slower um this supposed to be able to give me a place to to upload a picture oh there I think I'll do a live one and just take a picture of myself just to find out where has bright pictures been used for we actually used this in a in an investigation some time back when a lady woke

up only to find out that people are using her the some her ex-boyfriend uploaded her pictures to pornography website and the people are calling her for services right so we only actually found out because of using what pis so you can actually do a reverse image search about yourself to find out where your pictures have been used CU there's some articles that I've seen about myself even I never knew they existed right so there are ways to be able to actually profile people and then send such emails about them if we had a very good

email anybody else can vot volunteer you'll find so much more YouTube accounts details about the person ah my good friend is here now you're my next Target Michael just give your email address oh because he doesn't want to give me his email address you actually can find that from what tra and I have his have his phone number so from from so from from that why not we we here to check we here we're doing fact finding today so you can actually use True caller to find out details about the person so remember you can

fake an email from one person oh did you get the the reply great that's how people are trying to scam people say making an email look like it came from your boss to another person and you know that email will come from HR email will come from somebody else uh and saying that we you have been um uh your new position is this or salary salary review always works but I'll show you exactly how it works in the Practical demonstration um I think I'm forgetting something I'm not too sure whatever I have forgotten I wanted

to do a deep fake um detail sorry yeah so um the other way of doing things is to use something we called um Seeker but it's all publicly available tools so you can actually download it download it yourself and Seeker people are I'll use uh let me use a Google Drive account um so a drive let me put say uh something to do with pictures this are award pictures so as you can see I'm using Google Chrome right so I'll copy this folder and I'll say I want to share that folder with somebody else this

is how I caught a scammer some time back I really wanted to know where he he he lives so when it takes a a thing what you want to do is to use something like bit.ly to shorten the link to make it look very believable are we together because anybody will click that they don't even know what is behind it and nobody checks the details so I will not put it here for now just because of time so youa um 8081 run it so you can either use a Google Drive you can use a customized

link so like a Google form or any website you can put um Zoom link as well excuse me most people fall for the zoom link because they think it's an error uh when they try to open but here I'll do a demo with Google Drive put that link a real link for a Google Drive and say it has started I hope it works great then I'll copy this redirection link I've paid for a premium version which is not too expensive and I'll use a different browser this case I'll use um uh what you call Safari

and paste that link there so assuming I sent that to John and John want to open that basically what he's going to see is a usual content where you say what you need permission remember it's a very juicy information about your boss right of pictures that are leaking somewhere and they say look at the pictures I found about your boss you go to click on request access but before next thing you know what do you do you click on allow if you click on if you don't click on allow it to refresh the page and

give you the same thing until you click on the right thing now you open this it shows you the real pictures of that folder are we together however in the background you have details about the person's laptop wait laptop types details about the GPS location and I can actually copy this to find out where is this guy actually communicating from and it shows you exactly where we are this is one of the most accurate tracking kind of a thing and guess what there's no antivirus that or EDR solution that will be able to prevent this

so how many times are we clicking on links that we don't even know and the forms actually come very clean so you'll think everything is actually okay so these are some of the ways of being able to actually um get details now when I get you into API um details uh let see why API security has become a problem so may I borrow an ID number anyone yes ah now you can volunteer thank you yes 29 one two 20 Michael why are you faking this ID well that's true so because of the fact that some

of the services in this country are not safe you're able to pull out almost all of these details this is just one of the many if I wanted to find out his bank account details if he's been registered to a business how much the business is making if there are any invoices he has ever submitted you can actually find out API security is going to become one of the areas that we have to critically look at just because of security mechanisms not put in place now these services or request are actually posting as a normal

request meaning their threat intelligence platforms are not going to pick this up are we together many we have to start thinking of how we're doing API security um in this country now the last but not the list of things that I wanted to show oh by the way um if I wanted to show you a few other things some of the systems because of API can let you download people's private information uh but I'll clear that quickly you can pull out people who have been paying for parking and the likes in the country just because

of API you can get to see a lot of other things um one of them which I was shocked about this an old database is the person left a GitHub repository which had a lot of information for one of the companies in Kenya which you guys know about and these are some of the databases because when when the loan company wants to get information about you what do they what do you get them access to call logs SMS and your and your other details right so please can we pick a random number par um 1

199 okay so we go to 199 it has one device that one device has SMS loss contact list and call can we see sms's can we promise to keep it here it's a person's entire SMS database but morning dear and you can find details about the what you basically have a profile of them imagine somebody grabbing all of that detail and building a database you can actually build a whole lot of intelligence around it are we together so so those are some of the things the last but not the least is is to show you

um what has been what what my team and I my research team is one of my team members are here a few of us are coming later what we have been picking from um how do you call it telegram groups even I was shocked so I call it shock never mind so we go for many countries we wanted to find out exactly what the password Stealers have been stealing from the the the telegram groups that we have so we can pick Kenya for example do we go another country first paron just go Kenya all right

so if you look at Kenya we can see um go websites that have been password leaking and these are all their passwords I'll clear that quickly because I don't want you to see but this is a username and password in PL text um people who have even you know the Essa portal the B2B portal the password stealer has been stealing those portal passwords as well right now at least there's tofa so you can't be able to bypass you can't bypass that maybe I'm not too sure but it's been stealing all of those password all of

these are from Telegram and if you see other countries like say or even Instagram accounts so this got us a lot of Instagram accounts um and most of them don't have any kind of two-step verification to it um you can see for even what South Africa which I find quite interesting um you basically be able to find for most of these websites every account that is actually been compromised very nice and easy when Malawi was being hacked I actually won them aot a few about I think last year November December there about because the eov

website was the one that was being attacked the most so cyber criminals are collaborating when they say collaborating they actually sharing some of these passwords very cheap in the dark web or the Deep Web or even in telegram groups to be able to actually get that information this information in the groups that they part of they just basically if you ask for a particular company you can get it out but what we did about to expose it to the entire group of thousands of people so what we wrote a script is to be able to

actually ask for it behind the scenes and we're able to collect much uh much more information so those are some of the intelligence that you can actually find um from such groups which have been able to um of how people are able to actually exfiltrate data um so some of the things want to I want to ask a question when you look at all the things I've just shown you where do you put your final Kenya Shillings where do you put your money prevention of a cyber incident mitigation of an impact of the incident or

recovery off from the incident pardon prevention anyone else with a different answer recovery why resilience part of it okay can you mitigate all of them but okay so great so this answer differs for every organization depending on your environment so there's no right or wrong answer depend on how your organization is set up you find out where do you put your money because what I talked about again this relates to what I talked about at the beginning expense in depth know exactly how your environment is like and know where you want to actually put your

money and things I want to look at in the way forward is basically capacity building through University programs there are so many young people who are so skillful and we don't even invest in those talents um collaboration with other organizations in your domain so if you're in the fintech space in the backing space in the health care sector try to see exactly how can you collaborate with other people and share information saying if you been compromised by one means trust me another person is going to be compromised the other way we saw Kaa got hacked

what does that mean KQ was the next are we together because there's a relation between the two so they are doing there the same kind of methods they actually use it to be able to compromise networks we need to do a lot more more R&D we don't do a lot of R&D in this country yet there are ways that we can actually be able to see such patterns if I was to show you some of the things that I would see I just can't show because of where I am hello but there's a lot of

R&D that to be done on a lot of systems and the way hackers or cyber criminals are actually operating public and private Partnerships is necessary involvement in government um details is really necessary the last thing I wanted to show you before I leave this is an address of a blockchain network and I want to show you what can be seen in the blockchain space is is the last presentation I promise um where is it I want to close this so at Crystal blockchain you all know the country run somewhere I told you about so cont

rans somewhere you basically we did an investigation to see where all the money has been moving to so they they've been moving money from ethereum to bitcoin and they use actually some of the mixers and you can be able to find out details about them um so you know how these guys are rich look at the amount of money they have been moving like this is a lot of cash as of last year and you basically can track down some of these details if you look at the dashboard any any kind of address that you

put on this I can find out details about exactly how much money these guys have been moving it's one of the exchanges around I'll not mention which one it is and you can see how much money they have been moving moving and you can find out more information about them in terms of say you want to visualize that entire maybe I want to do by by transactions and you can see are they going into say um how do you call it um pornography are they going into gambling are they going to money laundering um and

you basically can actually find out more details about the transactions and how much guys are rich people have money out there um then if you have virtual asset providers so the financial services that are here or telecommunication companies you can actually plug in into something like this I was trying to do to see how binance have been moving money in the various countries and I can put a risk score according to each of them saying if they move about between 50,000 and 500,000 in the last few days I can be able to actually see that

transaction or investigate further to know which transaction that was for me to be able to investigate then you can put alerts I don't put any compliance alerts uh right now they can track them of course there a normal Explorer um you can do this for every country So eventually I think I want to do a report for Kenya to see exactly how does Kenya look in the blockchain space and also when it comes to digital assets because the blockchain is supposed to be transparent right so basically you just need the right information to be able

to know how to do the right information you can go to the risk insight to see all the risky transactions that are there and where they're actually going to and be able to see like this woi attack that happened I think a few weeks ago we actually were the on alerted them for the first 5 minutes of seeing that attack and you can see the transaction IDs um of all of those and see exactly how has that money been moving and where are they going to um are they going VI are they been being withdrawn

by ATM um and the likes so I think with that I will stop there I I have spoken for an hour I believe and I'll say thank you very much and I welcome questions fastic team M so as we wait for the tech team to actually Clear the Stage for the next speaker no plenaries open do we have any questions for Dr bright I think he made it very fun and engaging but I the point is home like it's uh when it comes to the real critical stuff it wouldn't be funny anymore right so do

you have any questions for for Dr brto his team are we Shell Shocked are we there's a question at the back at the back yeah jamesa from Westcon uh so my question is so how do you road map right so I'm a bank service provider or whatever uh in this day and age how do I road map to where I'm actually secure right because I don't have an endless budget so what would be your recommendation there's something we have to do we call a gap analysis and risk profiling you want to understand how your business

is like you know to identify assets of greatest risk in the organization and asset I mean not just databases asset is me the cfo's laptop could be your asset of greatest risk right then I have to list that down to be able to know how to be able to actually break that down in terms of should I start focusing on this or not you find an organization that their asset of greatest risk is the product that they have developed if that product is not out there they're done they're down completely right so you start focusing

on all of those details and then now start attending to those so budget one could be say you have 2 million Kenya Shillings right for the quarter you say I'm going to do a security assessment or Gap analysis the risk profiling of that program however the department which is sales who are going out there are also at risk because of the way they've been conducting business do they need a specialized laptop or a particular kind of a phone so you can actually budget properly if you don't do the Gap analysis and risk profiling you will

not be able to actually know where to focus on some company there a university we attended to some time back and guess what the asset of greatest risk was the databases of the students so when you look at that the most important things to do at that point is to invest in backups and also monitoring because while they get to be attacked or anything we have to now startop priori izing a lot of the time we don't prioritize so we start firefighting some of these things and it's more expensive for you to actually respond to

an attack then actually fixing it when you're do it gradually yeah fantastic one last question hi bra Joshua here from Smart hi um what's your take on organizations adopting Management Systems like isms pims as compared to you know the everchanging methodologies that attackers are having does this still make sense for an organization to adopt controls that maybe ISO 27001 you know specifies yet uh these standards do not um adapt as fast as you know the tactics being used are changing does it still Mak s in this modern day and age yeah thank you Joshua I

tell people I've seen so many organizations who claim they have ISO 270001 yet you walk with their front door and there's no there's no key to even there's no lock or the applications are not even there so so I tell people before you even get to those those kind of details again the similar thing do a gap you can do a gap analysis and risk profiling by yourself or you can contact any other company to be able to do that service provider to do that for you or us I'm I'm marketing here nice and easy

but before those adoption and everything the guidelines are there you have to be able to follow through of all of them but you see those Frameworks is it's good to have it's nice to have it's a guide but sometimes you have to go to level three before you go to to the first part of things to actually fix some companies will tell you um we've done an audit of your systems you don't have a lock on your on your how do you call it on your front door yet you don't keep any service any servers

or systems in there if anybody breaks to that office right now they'll get nothing are you together so should I put put money putting Biometrics first or should I put money securing the databases in the server room your data center or in the cloud so you have to prioritize so some of those Frameworks can come in later but you can do some bare minimum basics of being able to identify what you have cuz you know the business better before you start following those yeah fantastic I think round of applause as we wrap up that session

[Applause] [Music]