Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Creative Ways To Get In Trouble: Distraction & ...

Creative Ways To Get In Trouble: Distraction & Vengeance Techniques

Most attacks look to be "sneaky" and avoid setting off any alarms—but what if you don't care about getting caught?

This presentation given at 612Sides conference in Saint Paul, MN on 13 May 2014.

More Decks by Darren P Meyer (Veracode)

Other Decks in Technology

Transcript

  1. creative ways to get in trouble Distraction & Vengeance techniques

    @DarrenPMeyer Senior Security Researcher, Veracode
  2. disclaimer I work for Veracode, but I’m not speaking on

    their behalf here. This presentation is mine. There are many like it, but this one is mine. However, it is CreativeCommons licensed.
  3. warning this presentation describes “red team” activities; performing these on

    a system or network you don’t own without written permission of the owner could get you sued or arrested don’t be an idiot
  4. what does a “normal” attack look like? endpoint endpoint endpoint

    log collector IDS human Research: what does the IDS see? what does the human see? what doesn’t trigger response? Attack & Escalate: sneak in drop payload/grab flag exfiltrate data Maintain: watch for signs of response
  5. what if I don’t care about getting caught? • distraction

    ◦ generate overwhelming noise ◦ false flags ◦ repeat until success • vengeance ◦ consume resources disproportionately ◦ destroy or degrade ◦ embarrass
  6. why does that even work? endpoint endpoint endpoint log collector

    IDS human endpoint mgmt SIEM SOC managers “magic” critical endpoints “we have a WAF” (S|I|P)aaS DLP
  7. recap • scaling security is hard • it costs way

    less to attack than defend • not all attacks are reasonably defensible • attacker motivation is important