SexyDefense - Maximizing the Home-Field Advantage

Presented at Black Hat USA 2012, July 25, 2012, 10:15 a.m. (60 minutes).

Offensive talks are easy, I know. But the goal of offensive security at the end of the day is to make us better defenders. And that's hard. Usually after the pentesters (or worst - red team) leaves, there's a whole lot of mess of vulnerabilities, exposures, threats, risks and wounded egos. Now comes the money time - can you fix this so your security posture will actually be better the next time these guys come around? This talk focuses mainly on what should be done (note - no what should be BOUGHT - you probably have most of what you need already in place and you just don't know it yet). The talk will show how to expand the spectrum of defenders from a reactive one to a proactive one, will discuss ways of performing intelligence gathering on your opponents, and modeling that would assist in focusing on an effective defense rather than a "best practice" one. Methodically, defensively, decisively. Just like the red-team can play ball cross-court, so should you!

Presenters:

• Iftach Ian Amit

Links:

• https://www.blackhat.com/html/bh-us-12/bh-us-12-archives.html#Amit
• https://media.blackhat.com/bh-us-12/Briefings/Amit/BH_US_12_Amit_Sexy_Defense_Slides.pdf
• https://media.blackhat.com/bh-us-12/Briefings/Amit/BH_US_12_Amit_Sexy_Defense_WP.pdf

Similar Presentations:

• DEF CON 24 (2016) / So You Think You Want To Be a Penetration Tester
• DerbyCon 2.0 Reunion (2012) / SexyDefense – The Red Team tore you a new one. NOW WHAT?
• DerbyCon 8.0 Evolution (2018) / Victor or Victim? Strategies for Avoiding an InfoSec Cold War