Excuse Me, Your Sword Is In My Eye: Responding to Red Teams and 'IRL' Threats in 2019 and Beyond

Presented at BSidesLV 2019, Aug. 7, 2019, noon (25 minutes)

It's almost 2020 and it's time to reset how we think about the traditional ""phases of hacking"" and responding to modern intrusions.

The Classic attack paradigm: traditionally Windows focused, Active Directory/Domain Admin emphasis, port scanning, privilege escalation, stealing hashes, exploiting vulnerabilities.

The here and now: hybrid MacOS environments, cloud emphasis, SSO/SAML, 2FA, 3rd party SaaS, zero exploit code.

As companies adapt their businesses to new technologies, attackers change with them, and so should incident responders. In this talk I will discuss how my security team and I respond to modern intrusions from Red Team engagements and "IRL" threats that no longer follow the "Classic" methodologies of attack. If you're a defender that's tired of hearing about Powershell, sysmon, mimkatz, and "Red Teaming 101", this may be for you. This talk is primarily targeted at incident responders working in complex, modern, environments and aims to provide practical guidance on improving your teams capability to detect bad actors and respond to intrusions in 2019 and beyond.

Presenters:

• Jeremy Galloway
  Jeremy Galloway has been active in the security scene since 2002, focusing on the dark corners of the internet, hacktivism, pen-testing, intelligence gathering, privacy technologies, and incident response. When he's not reading old text files or dreaming in 7-bit ASCII, his time is spent cycling, hiking, meditating, making street art, and generally practicing civil disobedience. Although he aims to protect the internet at large, his dream is to become Beyon's personal cyber-bodyguard. Jeremy is a proud member of both the Electronic Frontier Foundation and The Satanic Temple.

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / Seeing red in your future?