Cyber Judo: Offensive Cyber Defense

Presented at Black Hat Europe 2016, Nov. 3, 2016, 4 p.m. (60 minutes)

<span>In this talk, we will show how defenders can take a few pages out of the attackers' book in order to better protect their organization against advanced, targeted attacks.<br></span><br><span>Cyber-attacks and defenses are commonly considered to be very different, or even orthogonal, disciplines. However, these allegedly disperse disciplines have many common aspects, and can use each other methods. In fact, attackers have long been using defensive techniques in their offense in order to make it more successful. Most notably, the more aware attackers are encrypting their network attacks to escape the eyes of defensive monitoring systems. </span><span>It's time for defenders to rise up and respond by using attackers’ methods against them.<br></span><br><span>Some of the defensive "offensive" methods we would discuss in out talk includes:</span><br><ul><li><span style="font-size: 13.34px;">Using the attacker's technique of injecting Kerberos errors, in order to gracefully mitigate attacks against authentication such as Over-Pass-the-Hash and Pass-the-Ticket</span><br></li><li><span style="font-size: 13.34px;">Leveraging on the attackers' internal network reconnaissance methods to pin-point identify attackers in real-time</span><br></li><li><span style="font-size: 13.34px;">Taking advantage of a known encryption vulnerability in NTLM in order to identify attackers Brute-Force attacks</span><br></li></ul>

Presenters:

• Tal Be'ery - Senior Security Research Manager, Microsoft
  Tal Be'ery is a Senior Security Research Manager in Microsoft, formerly the VP of Research at Aorato (acquired by Microsoft), protecting organizations through entity behavior. Previously, Tal managed various security project teams in several companies. Tal holds a B.Sc and an M.Sc degree in Electrical Engineering and Computer Science and is a Certified Information Systems Security Professional (CISSP). Tal is the lead author of the TIME attack against HTTPS, has been a speaker at security industry events including RSA, Blackhat and AusCERT and was included by Facebook in their whitehat security researchers list. Mr. Be'ery is a columnist for the securityweek.com magazine.
• Itai Grady - Security Researcher, Microsoft
  Itai Grady is an experienced Security Researcher in Microsoft. Previously, Itai was a member of various research and development teams for 15 years in several companies, including Aorato (acquired by Microsoft) and 8200 intelligence unit. Itai holds a B.Sc degree in Computer Science.

Links:

• https://www.blackhat.com/eu-16/briefings/schedule/#cyber-judo-offensive-cyber-defense-4633
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2016/videos/Cyber Judo - Offensive Cyber Defense.mp4
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2016/videos/Cyber Judo Offensive Cyber Defense.eng.srt (subtitles)
• https://www.youtube.com/watch?v=t8GQ6fVCBvE

Similar Presentations:

• Black Hat USA 2022 / RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems
• Black Hat USA 2020 Virtual / A Framework for Evaluating and Patching the Human Factor in Cybersecurity
• Black Hat Asia 2019 / DevSecOps: What, Why and How