Explore advanced techniques for circumventing Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) in this informative conference talk from GrrCON 2019. Delve into the fundamentals of intrusion detection, anomaly detection, and security operations before examining sophisticated methods of data poisoning, exfiltration, and initial access. Learn about innovative approaches such as pump dump, Docker exploitation, and network bridging. Witness a live demonstration of nonrepudiation techniques, sampling, and TLS manipulation. Gain insights into REST API vulnerabilities, network scanning, and baseline manipulation to enhance your understanding of cybersecurity challenges and defenses.
Overview
Syllabus
Intro
What is intrusion detection
What is anomaly detection
What is NBAD
Security Operations
Data Poisoning
Data Exfiltration
Initial Access
Pump Dump
Docker
Pocket Dimension
Network Bridge
Spoofing
Syslog
Live Demo
Nonrepudiation
Samplingider
TLS
In Probe
REST API
Network Scan
Baseline Boiling
Recap
