Diversion - A maneuver intended to draw off attention from the point of main attack. Traditionally, security analysts are focused on blocking attackers and keeping them out. This usually works, but it does not provide defenders much intelligence on who is attacking them and why, nor do such methods actually keep attackers out. Without such crucial data, it’s difficult to know whether or not an adversary has actually been removed from the environment as well. Let’s turn the tables and beat them at their own games. They use diversions to break in, so we can pull the same tricks on them. Let’s track their movements, better understand their tactics, and possibly even find out who they really are in the process. This talk will dive into various tools and techniques that can be used to deceive our attackers, track them, rapidly respond to incidents, and even help train your user base to better identify and inform you of potential attacks. We will also be releasing a new, open source, Incident Response tool designed to assist with rapid data acquisition and quarantine of remote hosts within the enterprise.