Raising Costs for Your Attackers Instead of Your CFO

Presented at ShmooCon X (2014), Jan. 19, 2014, 11 a.m. (60 minutes)

Everyone knows that blacklisting is not effective and that whitelisting is a better solution, so why isn't anyone doing it? Organizations continue to spend money on the latest technologies in hopes that if they spend enough they will somehow become secure. Chances are that that these same organizations already own technology that can provide far more powerful defense than new blinking boxes but just haven't taken the time to properly implement it.

This talk will present three approaches to whitelisting. While each approach is effective on its own, they are downright deadly when used together. It will show examples of how recent targeted and untargeted attacks could be blocked and will also present scripts, sample GPOs, and methods for implementing these technologies without losing your hair or your job. By the end of the presentation you will have all the tools necessary to frustrate attackers, amaze your coworkers, and impress your CFO.


  • Kyle Salous
    Kyle Salous has 9 years of IT Security experience. He enjoys doing more with less while keeping the bad guys on their toes.
  • Aaron Beuhring
    Aaron Beuhring has over 12 years of IT experience. He enjoys correcting configurations and occasionally misconfiguring things as well.

Similar Presentations: