Overview
Syllabus
Intro
Martin Bos
Security Today
Enter the Red Team
Its not a Magical Black Art
Easy Wins
Deployment Misconfigurations
Patching
Buy a Vulnerability Scanner
Fix Low Hanging Fruit (HIV)
Same Techniques, Same Methods
Enter the Blue Team
Remediation
Disconnect?
Cyber Hygiene
How do I know if my vulnerability management program is working?
The product industry has set us back 10 years
Death of Traditional Penetration Testing
Red + Blue = Purple
Breach = Panic Mode
Sophisticated
What Am I Trying To Protect?
Know Your Adversaries
Cut Down the Noise
Detection
Compensating Controls
Risk Appetite
Stop Complaining!
Password Policies
Easy Mitigations
Deny access to this computer from the network
Hire an Internal Pentester
Research Your Vendor
What SHOULD I get out of this?