Presented at
Black Hat Asia 2018,
March 23, 2018, 3:30 p.m.
(30 minutes)
Attackers think in graphs – this has been a known fact for quite a while. Defenders have been thinking in lists for a long time - mapping the users to the resources they are allowed to access and building security systems on top of that information. However, with the constantly changing security landscape, attackers are getting more sophisticated and defenders must adapt accordingly. Therefore, defenders have also started thinking in terms of graphs, mostly to understand and detect potential attacks in large environments.
However, we believe that defenders are not close to exhausting all the possibilities that graphs can offer, and this is the main topic of our talk. We will show numerous ways in which graphs can be useful to not only detect and analyze attacks, but also find various security risks in the system, along with the corresponding mitigations. Some of the topics we will cover include: how the most sensitive machines in an organization can be detected, how to find sensitive accounts which might put the entire environment at risk and how to disconnect nodes in the graph in the most efficient way (without computing the entire graph, which might be consuming in terms of running time & computational resources).
Presenters:
-
Marina Simakov
- Security Researcher, Microsoft
Marina Simakov is a security researcher at Microsoft, with a special interest in network security and authentication protocols. She holds an M.Sc. in computer science, with several published articles, with a main area of expertise in graph theory. Marina previously spoke at BlueHat IL and DEFCON.
Links:
Similar Presentations: