Human Hunting

Presented at BSidesSF 2015, April 20, 2015, 11 a.m. (60 minutes).

Much of what appears to be happening in information security seems to be focused on replacing humans with magic boxes and automation rather than providing tools to augment human capabilities. However, when we look at good physical security we see technology is being used to augment human capabilities rather than simply replace them. The adversary is human so we are ultimately looking for human directed behaviors. If analysts don't know how to go looking for evil without automated detection tools then they are not going to be able to effectively evaluate if the detection tools are working properly or if the deployment was properly engineered. An over reliance on automated detection also puts organizations in a position of paying protection money if they want to remain secure. We should be spending more resources on honing analyst hunting skills to find human adversaries rather than purchasing more automated defenses for human adversaries to bypass.

Presenters:

• Sean Gillespie
  Sean is just this guy you know. Sean's career in the InfoSec field began as a network defender in the USAF where he later transitioned to an attacker role with an aggressor squadron. After leaving the Air Force he has spent most of his career developing tools and techniques for intrusion detection for both DoD and private companies. He moved to the Bay Area as an early member of Mandiant's Redwood City SOC focusing on advanced detection methods and now works at Yahoo! working on projects such as GRR for effective intrusion detection and response.

Links:

• https://bsidessf2015.sched.com/event/2t0s/human-hunting

Similar Presentations:

• ToorCamp 2018 / You Are Only Human: (how to treat yourself and others that way)
• Black Hat USA 2010 / Human Intel
• GrrCON 2015 / The art of hacking a human