Explore the concept of Adaptive Penetration Testing (APT2) and learn how to build a resilient program to protect businesses in this 44-minute conference talk from BSides Cleveland 2014. Delve into the history of hacking, examine Hollywood's romanticized portrayal of hackers, and understand the emergence of new attack types. Discover the APT2 concept, explore denial of threat scenarios, and analyze various attack vectors. Investigate the compliance problem, study real-world attack behaviors, and understand the rationale behind APT2. Compare compliance-based and business-driven penetration tests, examine the taxonomy of criminal attacks, and learn how to address advanced persistent threats. Gain insights into the APT Resiliency Model and acquire valuable knowledge to enhance your organization's cybersecurity posture.
Overview
Syllabus
Intro
A little about me
History of Hacking (Snapshot)
Hollywood's Romanticized "Hackers"
A New Type of Attack?
Adaptive Penetration Testing
APT2 Concept
Denial of Threat
We have created the Perfect Storm
Attack Vectors
The Compliance Problem
Attack Behavior (Welcome to Reality 101)
APT2 Rationale
APT Rationale
Case Study
Compliance Based Pen Tests
Business Driven Pen Tests
Where do you see business value?
Taxonomy of Criminal Attack
Attack Dimensions
Addressing the Advanced Persistent Threat
APT Resiliency Model
My Contact Information
