Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Creative Ways To Get In Trouble: Distraction & Vengeance Techniques

Darren P Meyer (Veracode)
May 13, 2014
Technology
0
100

Creative Ways To Get In Trouble: Distraction & Vengeance Techniques

Most attacks look to be "sneaky" and avoid setting off any alarms—but what if you don't care about getting caught?

This presentation given at 612Sides conference in Saint Paul, MN on 13 May 2014.

Darren P Meyer (Veracode)

May 13, 2014
Tweet

More Decks by Darren P Meyer (Veracode)

See All by Darren P Meyer (Veracode)
Reality-Checking Your Security Testing Program (2.0)
darrenpmeyer_vc
0
35
Reality Checking Your Security Testing Program (Converge Detroit 2014)
darrenpmeyer_vc
0
81
Reality-Checking Your Security Testing Program (SOURCE Boston 2014)
darrenpmeyer_vc
0
120

Other Decks in Technology

See All in Technology
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
350
プロデザ! BY リクルート vol.18_リクルートのリサーチ実践組織「リサーチブーストコミュニティ」
recruitengineers
PRO
3
270
API Gatewayと少し仲良くなってみた!
masuchoku
0
100
継続的な改善 x ⾮連続的な進化
sansantech
PRO
3
140
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
250
コンテナセキュリティの基本と脅威への対策
kyohmizu
3
750
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
200
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
160
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
290
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
180
Cracking the KubeCon CfP
inductor
2
230

Featured

See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
2
3.4k
The Power of CSS Pseudo Elements
geoffreycrofte
60
5k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
Product Roadmaps are Hard
iamctodd
44
9.7k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
We Have a Design System, Now What?
morganepeng
43
6.7k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k
Infographics Made Easy
chrislema
238
18k
The Pragmatic Product Professional
lauravandoore
25
5.8k
The Brand Is Dead. Long Live the Brand.
mthomps
49
28k
How to name files
jennybc
65
93k

Transcript

  1. creative ways to get in trouble Distraction & Vengeance techniques

    @DarrenPMeyer Senior Security Researcher, Veracode

  2. disclaimer I work for Veracode, but I’m not speaking on

    their behalf here. This presentation is mine. There are many like it, but this one is mine. However, it is CreativeCommons licensed.

  3. warning this presentation describes “red team” activities; performing these on

    a system or network you don’t own without written permission of the owner could get you sued or arrested don’t be an idiot

  4. what does a “normal” attack look like? endpoint endpoint endpoint

    log collector IDS human

  5. what does a “normal” attack look like? endpoint endpoint endpoint

    log collector IDS human Research: what does the IDS see? what does the human see? what doesn’t trigger response? Attack & Escalate: sneak in drop payload/grab flag exfiltrate data Maintain: watch for signs of response

  6. what if I don’t care about getting caught? • distraction

    ◦ generate overwhelming noise ◦ false flags ◦ repeat until success • vengeance ◦ consume resources disproportionately ◦ destroy or degrade ◦ embarrass

  7. why does that even work? endpoint endpoint endpoint log collector

    IDS human endpoint mgmt SIEM SOC managers “magic” critical endpoints “we have a WAF” (S|I|P)aaS DLP

  8. recap • scaling security is hard • it costs way

    less to attack than defend • not all attacks are reasonably defensible • attacker motivation is important
  9. None

  10. credits • end screen by flickr user JF10 (CC-by)