Blue Team Keeping Tempo with Offense

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, noon (50 minutes)

"Red: Forgot about slinging binaries, and set aside Powershell. What does it take to level attacks against an enterprises that take a positive approach to endpoint telemetry and security: application whitelisting, exploit mitigation, virtualization-based security? Blue: Forget about static indicators, and assume that even the most clever patterns of attack depend on awareness of a specific technique (albeit not a specific implementation). What does it take to build a defensive strategy that assumes as little as possible, favoring suppression of the good over alerting to the bad?" We have ground truth on tracing adversaries and their tactics. @subTee @kwm

Presenters:

• Keith McCammon
• Casey Smith

Links:

• https://www.derbycon.com/saturday-schedule/#event-119
• https://infocon.org/cons/DerbyCon/DerbyCon 7 2017/Blue Team Keeping Tempo with Offense Casey Smith Keith McCammon AF.mp4

Similar Presentations:

• May Contain Hackers (MCH2022) / How to sneak past the Blue Team of your nightmares