Explore offensive countermeasures in cybersecurity with Paul Asadoorian and John Strand in this 45-minute conference talk. Delve into successful penetration testing techniques, flaws in defensive layers, and social engineering tactics. Examine case studies on network terms and warning banners, and learn about innovative annoyance techniques like HoneyPorts and web labyrinths. Discover how to exploit vulnerabilities, set traps, and implement prevention strategies. Gain insights into attribution methods, wireless countermeasures, and advanced attack techniques using Java payloads. Understand the practical applications of offensive security measures and their potential impact on cybersecurity strategies.
Overview
Syllabus
tenacity
Goal: Bring Sexy Back
Goal: Discussions that matte
Outline
Introduction
Successful Penetration Tests
Flimsy Defensive "Layers"
Social Engineering
Passwords
Software Vulnerabilities
John & Paul Then Thought
OODA
Case Studies
Case Study: Consent to University Network Term
Lets Pretend I'm a Lawyer
Warning Banners
Example: Eric Needed a Warning Banne
Annoyance: HoneyPorts
Annoyance: Messing with Attackers Head
Exploiting Existing Vulnerabilities
Annoyance: Setting Traps
Spider Trap & WebLabyrinth
Prevention: Nessus Example
Keeping it "Real"
Josh Wright Comments on Offensive Countermeasures...
Word Web-Bugs
How does it work?
BeEF Modules
Attribution: Decloak
Wireless Countermeasure Example
Sneak Preview: Sample "trap"
Collect Logins (and attacks!)
Attack: Java Payload
The Girl With The Dragon Tattoo
Happy Ending!
