Explore the world of cybersecurity and attacker behavior in this 47-minute conference talk from OISF 2016. Delve into topics such as auditing credential criminal attacks, Project Sonar, and low-interaction honeypots with Heisenberg. Examine Remote Desktop Protocol (RDP) endpoints and attacker sources while learning about password complexity and lifetime measurements. Discuss the legal implications and ethical considerations of actively scanning the Internet and testing suspect credentials. Analyze the National Exposure Index and challenge your understanding of correlation versus causation. Gain insights into the mindset of bad actors and their hacking capabilities, ultimately enhancing your knowledge of cybersecurity threats and defense strategies.
Overview
Syllabus
Intro
Alternative Talk Titles
Auditing Credential Criminal Attacks
Project Sonar
Introducing Heisenberg: Low interaction Honeypots
Project Heisenberg
RDP: Remote Desktop Protocol
RDP Endpoints (Relevant XKCD: 1138)
Attacker Sources
Measuring Password Complexity
Measuring Password Lifetimes
Chilling Effects on Research Actively scanning the Internet and testing suspect credentials is illegal
A simple hypothesis
Correlation != Causation
National Exposure Index is bom
Let's play a game!
Conclusions Bad actors aren't necessarily savvy with regards to hacking into
