Explore techniques for both red and blue teams in this 28-minute conference talk from BSidesSF 2019. Dive into the world of domain permutation attacks, including homoglyphs, subdomains, typo-squats, and bit-squats, used by scammers to create fraudulent websites. Learn how adversaries exploit these methods for various malicious purposes, from distributing malware to corporate espionage. Discover proactive technical controls and real-time monitoring strategies to defend against these threats. Gain insights into adversary simulation techniques for red teams and comprehensive preparation, identification, containment, and eradication methods for blue teams. Understand the importance of implementing recommended technical controls to protect against attackers and avoid potential security pitfalls.
Overview
Syllabus
Intro
Trust Issues
Domain Abuse
Monitoring
Defenses
Legal Options
Taught by
Security BSides San Francisco