disclaimer I work for Veracode, but I’m not speaking on their behalf here. This presentation is mine. There are many like it, but this one is mine. However, it is CreativeCommons licensed.
warning this presentation describes “red team” activities; performing these on a system or network you don’t own without written permission of the owner could get you sued or arrested don’t be an idiot
what does a “normal” attack look like? endpoint endpoint endpoint log collector IDS human Research: what does the IDS see? what does the human see? what doesn’t trigger response? Attack & Escalate: sneak in drop payload/grab flag exfiltrate data Maintain: watch for signs of response
what if I don’t care about getting caught? ● distraction ○ generate overwhelming noise ○ false flags ○ repeat until success ● vengeance ○ consume resources disproportionately ○ destroy or degrade ○ embarrass
why does that even work? endpoint endpoint endpoint log collector IDS human endpoint mgmt SIEM SOC managers “magic” critical endpoints “we have a WAF” (S|I|P)aaS DLP
recap ● scaling security is hard ● it costs way less to attack than defend ● not all attacks are reasonably defensible ● attacker motivation is important
darrenpmeyer_vc
mode86
okada_fuutass
oracle4engineer
sr2mg4
interu
mmclsntr
skrb
forcia_dev_pr
cyberagentdevelopers
onlinesalon
htsuruo
aarron
caitiem20
vanstee
lemiorhan
keathley
smashingmag
jonrohan
destraynor
paulrobertlloyd
denniskardys
stephaniewalter
lauravandoore