Next Generation Enterprise Security

hello everyone uh good evening and welcome to bides Las Vegas this is our last talk for the session and uh so my name is Hasan nikar and this talk is being presented by Josh bres um and the topic is sorry my screen turned off next Generation Enterprise security uh before we begin I have few announcements to make I would like to thank our sponsors especially our Diamond sponsor Adobe and our gold sponsor Prisma Cloud blue cat toota and it's with their support along with other sponsors donors and volunteers that make this event possible these talks are being streamed live and as a courtesy to our speaker and audience we ask that to for we ask you

to make sure that your cell phones are on silent mode and if you guys have any question please use the audience microphone so that YouTube can hear you as well and with that let's hear our last Talk of the session please welcome Josh awesome thank you thank you be care for some what TR what is TR oh wait that's the um um original Star Trek it's the one with the little kid right if you're offering I would love one thank you okay so for everyone who can't hear what just happened those of you in Internet land uh I was offered a drink called tro which is from the Star Trek the Original Series which I am not

talking about today because this is obviously Next Generation but let's see holy cow that's strong okay all right Next Generation Enterprise security this talk I feel like will be the high point in every presentation I give from this point forward because I I thought of the title before I realized what I got myself into so let's start with who I am my name is Josh bressers I work for company called Anor we do what we call Next Generation supply chain analysis and our open source tools are sift and gripe which some of you may have heard of it's a sbom generator and vulnerability scan they're very fun but I also have two podcasts I host one is

called the open source security podcast and the other is the hacker History Podcast now the hack oh thank goodness the hacker History Podcast is a podcast where I invite a guest and I say to them tell me your hacker story I'll get to this in just a minute uh I say tell me your hacker story and then people tell stories everyone has an amazing story to tell every guest I've had said no one wants to hear my story so please if any of you would like to be a guest on hacker history get in touch I would absolutely love to hear your stories it is the most amazing thing I do and I absolutely love it so a Gentleman Just

Walked In in a Star Trek uniform not everyone knows this but when you submit a talk to bsides there is a text box that says please request a ridiculous speaker well request that whatever and I said I would very much like someone in the front row in a Star Trek uniform to Heckle me throughout the talk and so I totally got it and you have made my day sir so thank you so much I'm very excited about that okay now now and this this slide speaks most to you is many of us have spent our lifetimes watching Star Trek memorizing lines memorizing obscure details and the people in our lives have said you are wasting your time none of this is ever

going to be useful until today so this is it nerds this is your data shine and because of that point I have a ridiculous number of slides more than I'm going to get to and that's on purpose there will be no questions at the end if you have questions either go to the microphone and just talk or yell them out and I'll repeat them this is the slides you're looking at right now they're open to everyone if you want to use this deck ever in anything please do like you have my permission consider this public domain except for all the copyrighted images all over the deck so but by all means it's a fun deck it was

fun to put together so what did I do I watched a lot of Star Trek so I thought of the talk and I thought okay how long could this really take and it turned out it took a really long time I'm probably three or four years in at this point because you think you can just watch an episode and maybe write down some notes except you realize you have to watch things again and something happens later and then you go back and you start writing the presentation you're like oh I don't remember exactly what happened and so this I I I suspect I probably watched 3 or 400 hours of the Next Generation just to put this talk

together and the question I always get from people is will you do this for Deep Space 9 or Voyager or something else absolutely not no just Heckle no no don't raise your hand just Heckle you married yes I'm the question was no the question was if I'm married and yes yes awesome yes I am married my my wife is is lovely and I have made her watch a lot of Star Trek and now she I basically there's a rule that when I turn on Star Trek she leaves the room and we're all cool that's fine that's the way it is and that's okay I I understand I understand why you do this with some of

the why wouldn't I do this for the better Star Treks because there aren't better Star Treks and also it just takes too long like it was so much more work than I expected because at first I thought oh I could do it for other things but no and honestly the other things won't have a good title right Next Generation Enterprise security come on that's as good as it gets right do you like strange new worlds okay the question was do I like strange new worlds I am I find it pleasing up to this point but I'm going to hold my judgment until the end because sometimes they get better sometimes they get worse but at the moment I find it acceptable

so we'll seeyon 5 is my second favorite world uh Babylon 5 is very good but this is a talk about Star Trek okay all right we'll just skip this part yes all right so here's what I did I watched all the Star Trek and I noted threats and mitigation right and and oh we'll get to that I the miter attack framework is in all over this thing it's fantastic but basically I recognized 178 threats uh 54 of them were insiders everything from the robot to the intern to the actual ship itself Dr Mor Ari there's a ton of them and there's Nine episodes like those horrible bottle episodes we all hate that I couldn't identify

anything reasonable as a threat but there's probably data missing here's the part I like so I put all this data into elastic surge cuz I'm a data nerd and this is the it's hard to read what this is so the top is just alien this is where you have a bucket there's tons of threats in Star Trek that show up one time and only one time right and so that's why that looks like that but then we've got Romulan second Klingons third and data the robot is basically the third most dangerous thing in the Star Trek universe and we'll we'll we'll talk about him a lot lot a lot a lot but then the other one I really like is Wesley

Wesley's way down here right with the actual ship itself and the Kardashians so basically data and Wesley are by far the two most dangerous Insider threats would you say for the Kardashians uh how do you break that down between Courtney and Chloe and well like fantastic or are they just all lumped under like and and and and how about the Jenners or are they just lumped together under alien I have a confession I have to make I literally don't know any of the names of the Kardashian you're talking about but I that's that's well done though sir well done all right all right so we'll start out with some quick observations right the ship has no authentication

apparently there's a next slide we talk about that there's a reason for it uh no two Factor off sand boxing doesn't work at all and Warf I don't know what warf's job is that that is uh from Twitter which it may be gone now I don't know but I love that so much like that made my day when I saw it well actually that one's pretty easy uh warf's job is to be an early detection mechanism it's uh you know basically he he's uh like a a human Honeypot or actually a Kling on Honeypot could be you know that's how you know that you have an actual threat is somebody beats the snot out of Warf and

they like oh this is a credible threat we should might be able to do something that that could be that could be awesome okay so why does the ship have no authentication right in the episode the last episode of the first season the neutral zone this guy in the blue he calls the captain at one point because he's getting annoyed that the captain isn't talking to him on the computer screen and then the captain's like who is this why are you talking to me and then the guy's like well if you don't want people using it you should put authentication on it and the captain was basically like we don't need authentication because we're future

dwellers who don't need such trivialities and that was a lie okay so what you're telling me is that we're still going to be running passwords Con in the 24th century sadly maybe well no they just aren't passwords right passwordless they solved it they cracked it it's fine okay so now is this relevant that's the other thing I thought of is this Star Trek's from 1987 right like what from 1987 no that's from 1987 like that's how old this is right but but but it's very relevant even today in 2023 right they have a primary focus on running an Enterprise and no one knows how to secure it they have generative well done generative AI right right right now this

one as well in this episode the blind man taught the robot to paint so that's extra cool virtual reality right with paint or hate I couldn't hear what you know paint paint paint we have social networks additive manufacturing right 3D printing they have those fancy replicators which I would die for reusable launch Vehicles like it's relevant completely relevant okay now here's the meat of it here's where we start tablet topping our examples and here's what we're going to talk about so I'm starting with this one because I'm very proud of the title so for for Star Trek nerds right yeah yeah yeah you got to think about it for a second so for Star Trek nerds this episode has a

supply chain attack but it is the most convoluted ridiculous attack in the history of the supply chain so the guy there that's commander data for anyone who doesn't know and the guy next to him is a fellow named fjo so fjo wants to steal data and he creates this scenario that will bring data to him so there's a planet called B and I can't pronounce any of this stuff correctly so you like Heckle away man so there's a planet called beta Agy 2 which has the water contaminated with something called tricin Thank tric cinate has to be treated with something called Hyrum this is all very real and then Hyrum thank you thank you see this is why the heckling is

important Hyrum but Hyrum can't be transported so the Enterprise cuz because plot because why not right because your story is bad and no one wants to watch it that's why like so they can't transport it so they have to move it in a shuttle and they of course decide that the one-of aind Android they have on the ship should be the one to move it because obviously why not and so this guy basically knocks Theta out puts his stuff like the things he's made of his bill of materials as we would say bill of materials and then they put it in the shuttle shuttle explodes and Enterprise is like oh no data dead what are we going to do now

and like that's a pretty someone has set us up the s bomb but that someone has set us up the set us up the s bomb that's right they did okay so now here's the other thing I did um this is the miter attack framework under Lessons Learned so every one of these I apply miter attch framework too and the datal exfiltration over physical medium I thought was like chef's kiss that was really really good and then obviously a supply chain compromise and then I have suggested mitigations for everything obviously you could fill your own in if you ever wanted to do something like this and I have a lot of these a lot of

them to go through so that's what we're going to do we'll start at the beginning I'm not going through them in order okay so encounter at Far Point this is the first episode of Star Trek the Next Generation it's not very good if you watch it but that's okay and they run into a guy named q q is an omnipotent being in the Star Trek universe he's not the first he's probably not the last and my favorite scene from this is when Q is like kind of giving them a hard time on the ship peard says every everyone should use printouts to communicate so their adversary can't detect what is being sent and that amuses me to no end

that first of all it's not the paperless office so we escape that travesty but then like why would printouts be any better or worse than a screen I don't know whatever and then they Save the Alien and that's a typical CEO move right there anyway right just I don't want to read my just print my email for me is yes exactly that's right exactly exactly okay so I couldn't find anything about I'm impotent threat actors I I couldn't map this one to anything but they are there are more than one omnipotent thread actors in The Star Trek universe so for anyone who likes it Dr morard so there are two episodes with this guy in them he's a holiday de character that

becomes self-aware and then takes over the ship so this is why the holc needs sandboxing because it obviously doesn't have any they let him do it twice because they're not smart people you think after the first time they do something anything to solve this but no they never solved their problems they had a really bad prompt engineer they they had a really bad prompt engineer that's true probably that's true that's true he says can he beat data that's true and he does technically beat data I suppose if you look at it that way that's a good point I love it I love it okay now now I mean putting something in the backlog is doing something it's just

not effective that's true they they never got back to that epic right yeah yes put it in my back I'll get to it later yes okay what did you say already he did fish him yes yes and and so I I I actually ran out of there's there's so much he does and his attack is so brilliant like I I just basically stopped writing them down because I was going through threat framework or attack but like if you look at the way morot actually attacks a ship it is fascinating the writers did a good job of detailing like good real attacks and a brilliant threat actor so this one like specifically I I truly adore for

like real honest to God security measures right and then for my suggested mitigations uh obviously sandboxing is a big one but then also I think like in the Star Trek Field Guide they they really need like a your so your Starship has become self-aware this happens more than once right this is not the first time or the last it will keep happening uh this one is one of my favorites there's an early episode called Evolution Wesley is doing a science experiment and he doesn't clean up after himself as no children ever do and then his science experiment becomes life because yeah I mean we've all seen our kids' rooms right that that's not surprising at all but then my favorite

part is they're trying to communicate with this unknown life form and what do they do they let it take over the robot so they can talk to it Android Android yes you're the first one to correct me on that like I was waiting for it it doesn't sound too different than some of the stories I've heard about Kevin mnik actually where like oh let's just maybe we can talk to the guy on the system you know it kind of it it definitely feels like that for sure so yeah they they they let the life form talk through the Android and so this one I I struggled with the attack framework like is that a hardware edition if you

have the life form like take over the robot I don't know maybe it is you got Andre well done yes yes thank you I think it's actually just a Microsoft update is what that is it could be I mean that's right no it installed too fast it wasn't from Microsoft all right yes so like in internal spear fishing I don't know you figure you had a a an internal adversary that tricked them into doing something incredibly stupid of course it then squandered its attack status but that's okay uh is it software deployment I don't know but I think fundamentally like whatever the Android safety manual is like it's not very good and I think this is definitely something

they should cover because it happens again I mean all this stuff happens more than once it's insane okay this one is special for the arrow there is an episode called Brothers where data suddenly like something happens to him he takes over the ship that's probably what warf's email was about to Jordy he takes over the ship and he locks the ship with a password a pretty good password that's his password on the screen right there like that's not bad right that's not I bet if you type that into your password prompt it would say pretty good password right and so like this is one of the few times we actually see passwords show up in the Star Trek

universe which I think actually would say it needs a symbol and maybe uh a couple of letters it does not no it's long we all know now long is better than symbols it's fine and he has he has number he does have but that's not what the prompt would say maybe okay maybe it depend it depends which prompt I won't argue make your password worse to comply I think that's too long vcry I think vcry would actually trun at like half it okay it okay so Jonathan just said it's too long for bcrypt because vcpt has a maximum what like 80 some characters or something I think maybe it's notso but but now here's a question so

it says like 163 does the computer treat that as a word or does it turn the one into the numeral one I don't know you Star Trek Heckler what do you know I know nothing just like you so anyway anyway so much longer than the self-destruction I that's true because those are usually like three characters long absolutely and and I should also add as part of this data mimics the captain's voice so obviously this is one of those situations as well that if you have an Android on your ship like maybe voice prompts aren't the answer to your security because it turns out like they can abuse that so like this is where like just if they bought everyone

yubi keys they could solve this problem you know like that would have that would have totally it it solved a lot of their problems honestly if they did that maybe I mean they're obviously not did you say use the sensors to see who's speaking yes well but unfortunately that violates gdpr which is why you can't find anybody on the Enterprise with the sensor is Because unless you've consented as a Starfleet officer you have to have uh the ignore that person now on on that note if they take off their Communicator they can't find them on the ship and which is a hilarious plot point because they can they can detect an alien spaceship light years

away but they like right they can't find like the intern running around without his communicator on so got that's that's that do not track setting that's right maybe yeah that's right probably that's what star star regulations say you have to honor that I I get ites data have a robot. text file does data have a robots. text file that is an don't want to know where he keeps it brilliant brilliant okay I'm also very proud of this particular description where in there's an episode called The Best of Both Worlds it's two-parter it's very good two-parter for those of us who lived through the Next Generation they ended it on a cliffhanger and we had to

wait for the next season to come out before we knew if everything would go back to normal at the end which it did thank goodness but so in this one the uh Borg social media Network run by Mark Zuckerberg probably they they capture captain peard and they wanted to use him as their spokesperson to convince Humanity you should all become Borg and so this is obviously like for the cool Android gadgets yeah oh for sure right they got those I'm pretty sure that is actually a Google project product right there it might be he's an influencer it might that's right that's right exactly influencer I like it perfect so in this case we had you know

a competitor poach the senior leadership and they gain access to their Insider knowledge which what do you do in a situation like that but then this one's a two-parter because they put him back in charge literally the next day like they got them back and they're probably like it's all fine you're you can run the ship again it's all it's all good right the hash checks out yeah it does there's no Collision here that's right in all of Star Trek in all of Star Trek it's fine it's all good okay so what do we do this one was fun to think about because you've got the board Gathering victim organizational information right they had to know Captain Bard was the

one they wanted because you can't just kidnap any random person off the street you got to get a good one said a good one you probably I mean he would have messed it up for him like the Borg would be gone if Wesley was there yeah yeah yeah uh trusted relationships right you've captured senior leadership you're using it to convince them that they should come and help out I like it transferring the data to the cloud account everything Bard knows the Borg knows which of course never comes up at a plot Point ever again in the story but why not uh yeah yeah and and I like I say that they should they should rotate their

credentials when an executive unexpectedly departs the organization except there are no credentials to rotate so it's fine so think about that no credentials passwordless solve that problem right was using credentials in the last one that was just to lock the ship right that's right yeah data used the credentials in the last one to lock the ship not not General that's right yes he Ransom the ship exactly yes I love it okay this is another favorite I have there's an episode called Birthright this is a crossover with Deep Space 9 yep yep and the episode itself isn't great but it has this scene in it where they say they found this thing in a cave on a planet and then they said

let's turn it on and see what happens and data stands directly in front of it when they turn it on in main engineering that's right in main engineering right next to the warp drive exactly totally fine everything's fine this is normal this is turns out there's a lot more similarities between a USB drive and a warp drive than you think it apparently yeah yeah I like it that's perfect that's perfect so they hook it up they data Get Zapped and he dreams for the first time this is the episode where data learns to dream which does create some interesting other story lines and they're very good but then my favorite part is data's like I Dre and they're

they're talking about it and trying to figure out what to do and their solution was to do it again later so they literally Zapped the robot twice with a thing they found in a cave Android thank you and I love that I love that so much right so now you've got a hardware addition to the Android maybe I don't know replication through removable media I would say that was removable media yes maybe I don't know could be but I think uh uh mitigations right in the in the Star Trek officer manual I would hope they have a chapter on like not turning on things you found in a cave but they don't what's that restore from backups

yes restore from backups well actually I've got the there's a I don't know if I'll get to it cuz I have a lot of slides but I've got that in there at one how much how many terabytes the backup I don't know that is that is covered at some point um in the episode with the Vulcan Ambassador what's that yes Giga quads whatever that is g and you had a question comment just saying yeah and they should have safety protocols for what should be turned on around the work uh yeah yes that's right safety protocols for what's turned on around the warp drive I agree that seems like it would be I'm also hearing they might

want to migrate to Apple instead of Android yes I love it all right this is another good one there's a this there we go that's on me okay so there's an early episode called contagion and there is a sistership to the Enterprise that's not the Enterprise in the upper picture that's the Yamoto which looks just like the enterprise wait wait wait I'm sorry the yam call it right Yamato right but but like the the Space Battleship Yamato is there a Space Battleship Yamato this is a star BL thing I was told this was a Star Trek talk I like wor the uniform and everything I'm feeling a little ridiculous I didn't write this all right

all right all right so anyway Yamato looks just like the Enterprise I'm sure that cut down in the model budget and it like all the all the systems are freaking out the Enterprise finds them and then it explodes and then the Enterprise starts freaking out and they downloaded their logs and it turns out they downloaded some sort of malware when they downloaded the logs from the other ship I mean this is just classic air gap right I mean come on when you're download data from another ship that you know has been compromised in some meaningful way you've got to air gap that stuff and also the the robot catches it because I why not Android I

love it well done I appreciate I appreciate that and then a Romulan ship catches it also and then now every time he says Android he has to take a shot yeah he's gonna be really drunk the data comes up a lot but then then the solution to fixing everything was to turn it off and turn it back on again which I was like just chef's kiss of it it's the most realistic thing in the series I agree I agree yes how do you turn off your life support system in space without how do you life support system in space yeah yeah no it's fine they they they lose life support multiple times you've got a couple hours before

everyone dies probably I don't know take shallow breaths yeah that's right that's right that's right okay Lessons Learned right exploiting a public facing application I don't know they use a scanner maybe I'm not sure but there's def client execution on the ships right 100% and again air gap environment do your analysis that's how it works uh this episode as binary code yep the binars are the weird looking people this is a marvelous episode because the binars are fixing the ship because they're binary people or something and they can do it faster and they apparently we found out at the end they're Planet which is a computer or something the computer got wiped out by a supernova I believe and they needed to

restore the backup and so the binars steal the ship and use the Enterprise as their USB drive to then go and fix the planet that they're from and they also create some holck lady for Captain rker you look like you want to say something like come onap did I say captain Oh Commander rker ah interesting well done good catch see this is why I need hecklers at these and this is why I need a TR to there is a trumbone I'm sorry your your your thesis is automatically incorrect because you said this was a good episode but there's no beard I didn't say it was good I didn't say it was good you said great

but there was no beard it can be great okay right Lessons Learned exfiltration over alternative protocols is a Starship an alternative protocol I don't know maybe we'll say we'll say that is and obviously like you got to background check your contractors like you'd think that the Federation would have been aware that the planet those people were from had just like collapsed that that feels like an important data point right uh this is another episode that I don't particularly care for but it has a good lesson at the end for all of us Wesley saves the day in this episode which is very rare this is the episode where he takes his Communicator off and they

can't find him as he's like sneaking around the ship so commander reker brings back a game and that's what the game looks like it doesn't look I for 1980 whatever that probably looked really cool but now like if I showed that to my kids they'd be like Dad I'm not playing this game but Commander Riker brings back a game that like hooks everyone like a drug and it gives them mind control and they have to disable data because apparently it doesn't work on Androids and then Wesley saves the day with Ashley Jud that is not a joke and and then they fix data of course because you have to do that and this is one of those examples where maybe a

knowledgeable Insider could help if you have everyone turning evil at your corporation right like who knows I don't know but but this one was good you had fishing right you had someone tricked Commander rker into clicking the button essentially you have removable media they have to put this weird thing on their heads when they play the game you've got impaired defenses because they're the the idea was the Enterprise would be taken over by this game and then this inferior like like group of people were going to come in and like take the Enterprise and probably sell it or something and so obviously there were no defenses because all of the people were zombies and my mitigation is my favorite

part of this slide and in fact I move this one up to here to make sure we got to it right mind control Tech yearly fishing training happens again blame the users right that's pretty classic fishing training well done all right here here's another title I'm very happy with so insertion of malicious data this episode there is this thing the ship finds It's the weird thing in the middle middle picture it's in a like like snowball asteroid thing Comet I don't know what you call it out in space and they scan it and of course because the scanners are hooked up to everything with super user privileges when they scan this thing it takes over the ship

and it starts turning the ship into an ancient Temple of some sort and it of course takes data over because why wouldn't it that seems very normal and there are snakes on the ship which makes I love that part snake snake Jazz yeah from Rick and Morty well done okay okay so what do we have drive by compromise yeah I agree although they kind of went to it I don't know if that count to drive by compromising but then you got tainted shared content right they Scan they scan the thing it messes up the ship and then again I think this is a good section for you know when something takes over the ship what are we going to do about it

add it to the manual uh yes the previous issue do you think better segmentation theise systems I mean one would hope so so the comment was would better segmentation have prevented this attack I would think so they clearly have no segmentation they have no privileges for any of the processes running because things just take the ship over constantly that is a good point I do not have a slide about that does the section about what to do include uh bringing Samuel L Jackson onto the spaceship I you know I was thinking that I was thinking that that would have been epic I should have I should have put a picture in but but the the comment prior to the marvelous

Interruption was there's an episode where some of the characters become children and they can't use the children's computer in the school to look up like ship schematics but then gynan saves a day by saying show me a picture of the Enterprise and then they get their picture of the Enterprise CH GPT that's right all right uh dhw this is just a good episode anyone who watches Star Trek you know this episode it's marvelous before uh you go too much further would you mind if we just get a photo taken I have to go annoy other people for a little bit Yeah there's other people requested a guy in a Star Trek uniform

fantastic awesome you made my day thank you thank you so

much Elon when the Twitter fell oh my goodness okay so this episode oh my goodness that's so good

yes yes right maybe maybe but yes he points out they so this is a species that speaks of metaphors and the thing they keep saying is dhok and galad at tanagra but yes the aliens are using English words to describe something we can't comprehend they kidnap the captain they fly the cap or they transport the two captains to the planet surface and through the power of friendship they learn to communicate right and it's like the real treasure was a friends we made along the way but yeah I I don't know I don't know to think of this one is this fishing like I don't know how how does that work obfuscation yeah could but is

it obfuscation because their intent wasn't to obfuscate but I don't know it's just good episode so I left itday that's fair that that's true that's true right the comment was you shouldn't have been able to transport him off in the first place and I want but but in Star Tre they don't raise the shields as like a sign of Goodwill so there is that piece of it so I don't I don't know I don't know I I don't have a good mitigation I just really like the episode so I'm going to leave it in all right time Arrow this is one of my favorite episodes of Star Trek it's a two-parter I think I don't know if this one was a

season um jump I don't remember anymore it's been too long but in time Arrow they find AA head in San Francisco in a cave because you find things in caves obviously they they do also turn it on later but that's part of the story they then they end up traveling back in time and they stop an alien stealing souls and we find out Mark Twain's a giant and it's just a good episode all around and then they they take data's old head and they put it on data's body and it's all very confusing but it works fine and so everything's cool so this one I I found I thought about two attack threat or not threats um uh uh controls

here right you got user execution where you have Mark Twain is why did I put user oh Mark Twain is I don't remember why I wrote that down now I didn't I didn't write a note for that anyway whatever but the native API this one I like from Captain Bard Captain Bard takes a little iron filing and he like Taps out Morse code into data's head while it's disconnected in a cave in San Francisco and then data wakes when they reattach to the head he wakes up he's like oh don't shoot the the planet because Captain Bard needs to come back to the future and it was very amusing and so anyway my the only mitigations I

could think of is just like maybe add an ashole column to notable historical figures because Mark Twain um he he was not a nice guy uh fist full of datas this is a great episode in this episode they hook data up to the computer because that's a good idea and then they say it's so he could be a backup in an emergency except most of the computer emergencies are caused by data so I don't know why they would do that and of course nothing is going to go wrong if you hook the robot up to the computer right well done right right nothing could go wrong and of course data then corrupts the computer's memory he takes over the Hol

deck and Warf and warf's son and uh Deanna Troy who's a ship's counselor have to basically fight the Clancy gang from the Deadwood story like Tombstone the movie or well it's a real story but it it is an error in data replication I put replication through removable media I think defacement could could classify here as one of the things and then for more corruption probably I mean he corrupted all kinds of stuff on the ship it wasn't just the hollow deck and then the only thing I can think of is like they just they need a sign or something that's like don't hook the freaking robot up to the ship disabling the USB slots that's

right I love it perfect exactly that 100% okay uh the naked now this is another good one everyone gets drunk because why not it's some alien disease or something you know they don't ever explain what it is this one's also from the original series this is a tie together episode Wesley takes over the ship this is the first episode where the intern takes over the ship which I'm very impressed by his mom the doctor fixes everything and then Wesley saves the day but he saves the day from the problem he created because what happens is there's a picture here where uh first Wesley there's Wesley on the big screen Wesley tells everyone from engineering they should leave and he'll take care of

things and they're all drunk and stupid so they do it I mean they probably would have done it anyway if they weren't drunk and stupid because they're still stupid Lesley what's that from first yes yes funny water yep yep yeah it's kind of water whatever anyway okay Wesley takes over the ship right he's an engineering he takes over the ship everyone's mad at him but then he lets in uh the guy over there sitting on the floor who was one of the engineers and they pull out all the computer chips and their computer which is totally Wesley's fault and that's why the ship can't move which is why they're going to get hit by like the big piece of Planet that's

flying at the ship right so we've got trusted relationships they trusted Wesley even though they shouldn't have and they should know better than to do that you've got you can't do a system recovery because all the computer chips are pulled out of the computer I mean now obviously that seems ridiculous to us cuz why would you have individual slots but whatever for more corruption Maybe if you pull like if you remove memory is that corruption I don't know maybe maybe not and there's no door to engineering just like put a freaking door on engineering you know and don't let the intern in that's not that hard to do what's that physical Access Control physical access controls exactly

the physical access controls in the Enterprise are terrible they're well all their security is terrible if there wasn't I wouldn't have a good talk to give so anyway uh Allegiance this is one where Captain beard is replaced by an alien duplicate if someone replaced your CEO with the duplicate would you know I'm betting most of us wouldn't uh and be Improvement okay moving on um so this is trusted relationships obviously you have an attacker abusing trust for sure and and for mitigations like I left this one in because I don't think there's any mitigations for this one I think it worked as expected so over the course of all of this happening the crew figures

out something's wrong and they're like something's up like something's wrong with the captain and that's perfect like they everything works exactly the way it's supposed to work it's marvelous what do you mean what okay what what you don't think it worked as well I mean this is one of the few ones where they don't completely screw everything up I me they should have caught on a little faster well but then the episode would be too short and the network would tell them you can't do that I mean this is this is how TV writing works you have to fill that in so actually fun fact for all you Star Trek nerds uh Michael Piller is one of the writers on Star

Trek and when they show the people in like a turbo lift or walking down a hallway and they like have some weird banter they called that Pillar Filler and he apparently was a very good writer at adding like just nothing to get that extra you know 10 or 25 or 30 seconds they needed for the network that way they had exactly the right amount of time for the show I watch a lot of Star Trek stuff um so anyway all right data lore I love this one data has an evil twin right we should all have evil twins dat data not lore and this episode is the one where peard says shut up Wesley which I know will weaton doesn't like

that but I think it's hilarious and I I love I love Wesley Crusher when I was a kid he was like totally my hero I I was like Wesley Crusher was it I be Wesley cluster in a second but this is a good example where you got the intern is complaining saying something's wrong this isn't data this is probably his like lying weird brother and it was so I don't know is that fishing maybe maybe not you know but again this is kind of where how do we solve this like uh if they had passwords maybe the lore wouldn't have known the passwords Do Androids have Biometrics I don't know maybe what's that Mac address Mac address

right the MAC address of your Android like who knows what that is what was that a private key maybe maybe that's true I bet I bet Android have elect private Keys yes problem don't have exective buy that's true if you don't have executive buying I agree I agree shut up Wesley yeah yeah yeah all right uh conundrum this is the one with backups so in this one something happens as All Star Trek episodes begin and everyone wakes up and no one can remember anything they know how to run the ship the ship has enough functionality it can like move and shoot things but no one knows what's going on and this weird guy here appears out of nowhere he's uh McDuff

he's the second in command all of a sudden and as viewers were like what's going on we don't know what's happening where did this person come from and it turns out there's an alien that doesn't have the Firepower to wipe out their adversaries but apparently does have the technology to take over a Starship which seems strange but whatever and apparently they pick the Enterprise to take care of and part of this is the the logs they can read say they're on a secret mission and they can't tell anyone what's going on or ask questions or like phone back home to Starfleet and be like hey like no one remembers anything maybe we shouldn't like go blow

this planet up and their instructions are to go blow a planet up right a planet that's like hilariously underpowered compared to them okay so Lessons Learned right I was thinking search open websites and domains like how did these people figure out what's up with the Enterprise I'm impressed they were able to take over all of the memory there's the disc is wiped but only part of it only part of it so we have a disc wipe there's no way to recover the system because the backups don't work apparently I don't know how that works like they should ass signed their backups or something like this is a great example if they don't have Sig store like Sig store is not working in

the future obviously or maybe like maybe document something have you tried writing it down because they they didn't know who is who on the ship and so like who's the captain who's the first officer Who's Who and eventually they unlock that secret part of the computer but it's like you think you could hang up like a freaking picture maybe or something on the wall that's like that's the captain and here's the like the the senior officers everyone isn't that neat but no not in Star Trek or charts org charts that's right yeah like maybe although paperless office I don't know whatever doesn't matter all right disaster this one there is an accident on the ship and they plug data's head

into the ship to fix it and it works data doesn't screw everything up in this episode but it's very amusing because in this episode they have to data has to stop some like energy field across two walls and he uses his body to do it and then it's only his head and the very realistic special effects of data's head sitting on a table is then used like 1987's finest and so it's an accident not an attack I put it in though because it's one example where they hook him up to the ship and it actually works and I don't know I feel like this one could be fun to tabletop a disaster in a similar

way CU When we do tabletop exercises as security people we love to focus on the technical details we don't always focus on some of the disaster and the recovery aspects of it and so anyway that's just my thought that's like they have SIM a simulation they're dealing with legate diss on a daily basis you'd think so so so the question was how do they have time why don't they have time for simulations when like everything is constantly broken all the time I don't know I mean yeah normal life in our I mean that's probably Fair okay that's fair it's easy to pick on that but you're right because in in many of us say we should do this and then we never

do and that's basically the lesson of Starfleet I think um what is in the volume of D that all the Computing is yeah right yeah just the head is fine I don't know I think it's uh it's called storytelling I think we needed we needed to move the story along uh this is another good one there's a there's a threat model include the devil like the literal devil the devil takes over the Enterprise in the episode Devil's do but then Captain Bard bests the devil because of course he does and so this one's interesting because the Devil Makes the ship disappear but not really only tricks the sensors and then there's a sham trial where Captain Bard this is this is very

reminiscent of the original series where like Captain Kirk using his like like ability to speak and his force of will overcomes the adversary with words alone but anyway um the people are truly morons so this one I think was really good from the attack perspective because the attacker had to gather information about the planet they were taking over because on this planet they had a legend that the devil saved them and would come back someday to claim their prize and so this person shows up pretends to be the devil to claim their planet and then of course all the people on it are like oh of course we owe the planet to the devil because I mean before Co been like no

way would that happen but now I'm like that might happen so just saying if you look at people the way the way people act right you had some resource hijacking in this one and of course I think the best precaution would be to carry a fiddle on any devil related away away mission right for like the young people probably have no idea what that means look it out uh cause and effect this one has a Time Loop right log for J is what that one kind of feels like they just keep repeating the same thing over and over again it's a marvelous episode uh I don't think there's anything in miter attack for time loops and and

there's no mitigations it's just a really good episode so I left it in uh night tears no one could dream I've got 1 minute so I'm going to hurry up and there's more slides than this there's like 77 we're on slide 64 but there's a link at the beginning so you too can play along at home later but anyway night tears no one could dream they totally deniable service all the people on the ship then they all kind of went crazy because you had an alien species actively scanning the dream world or whatever and they were looking for someone to help them they did find it and everything went back to normal at the end so it worked out well but and

then data's day is where I'll end this is one where data says how much capacity he has but I don't remember what it is and it's got uh it's a story about about these two people getting married the O'Brien data gives away the bride there's dancing and there's a Vulcan Ambassador who's actually Romulan haha that's how it works and I think this is a good example of when there is an accident you need to investigate it properly because they kind of didn't do a good job the first time and then they went back later and like oh we missed a bunch of stuff we get it now and that's when the ramies are like oh haha it was

one of us all right I'm out of time there's a few more slides don't sweat it look the presentation up on the internet you two can look at my my deck change it have fun with it this has been a treat thank you so much everyone it's been a

blast