Explore active defense strategies in cybersecurity through a conference talk that demonstrates how to turn the tables on threat actors. Learn about innovative techniques to protect legitimate users, including the use of "robots.txt" files, sitemap XML files, and directory indexes. Discover creative methods like the "Roundtrip Roundkick" and "Reflector Madness" to confuse and misdirect potential attackers. Gain insights into subdomain examples, source code tricks, and alternative active defense options. Engage with practical demonstrations and thought-provoking scenarios that showcase how to make threat actors inadvertently hack themselves, ultimately enhancing your organization's security posture.
Overview
Syllabus
Intro
Active Defense Helping Threat Actors Hack Themselves!
About Me
Legal Disclaimer
What is Active Defense?
Our Objectives
Presentation Focus
Inspirations
Conventions Used
Protecting Legitimate Users
"robots.txt" files
Sitemap XML files
Directory Indexes
Authorized Users Only
The Roundtrip Roundkick
Subdomain Examples
Stomachvivor / Gross Out
Reflector Madness
Reward for cracking the login is?
Inside the source code
Going Nowhere Fast!
Pi to the Face
Inside "bookmarks.html"
The Wrong Answer
Bobby Dropkick
The Setup
Alternative Active Defense Options
Questions
Thank you for attending!
