Living Off the Land 2: A Minimalist’s Guide to Windows Defense

Presented at DerbyCon 6.0 Recharge (2016), Sept. 24, 2016, 10 a.m. (50 minutes).

The “living off the land” philosophy, as applied to InfoSec, is the idea that one can thrive using mostly the tools present in a target environment in an effort to remain hidden from an adversary. While historically this philosophy has been applied to offense, it is equally applicable to defense. A capable defender, ideally, should introduce a minimal forensic footprint into an environment suspected to be compromised. Additionally, informed defenders should have an awareness of attacker objectives which includes performing reconnaissance against common security products, most of which consume a substantial OS fingerprint. This talk aims to introduce defenders to defensive capabilities built-in to all versions of Windows which are likely to leave adversaries in dark as to what defensive mechanisms are in place. Expensive defensive products are not always the solution when you’re already sitting on a goldmine of free, unexploited capabilities.

Presenters:

Similar Presentations: