Better Network Defense Through Threat Injection and Hunting

DerbyCon 6.0 - Recharge

Presented by: Brian Genz, Zach Grace
Date: Friday September 23, 2016
Time: 17:00 - 17:50
Location: Regency South
Track: Teach Me

Traditional penetration testing and red team engagements typically focus on identifying single attack paths and how organizations can fix vulnerabilities to shut those paths down. The results of these engagements are a reduced risk from eliminating a single attack path, but rarely lead to an improved defensive skill set. This talk will introduce the Threat Detection Maturity Model, a security detection and testing framework to more closely integrate red and blue team operations with the goal of measurably improving defensive capabilities. The framework is designed to measure the effectiveness of the blue team's defensive capabilities using a capability maturity model across the attack lifecycle. We'll demonstrate how """"threats"""" are injected into an environment to enable a hunt team or SOC to improve their skill sets and validate the effectiveness of their security tooling.

Zach Grace

Zach has worked in offensive security for the last six years focusing on securing financial institutions. He is active in the Milwaukee security community in which he organizes @MilSec, is an OWASP Milwaukee chapter leader and is a member of the Wisconsin Collegiate Cyber Defense Challenge (CCDC) Red Team. He’s also the creator of the open source security projects Sticky Keys Hunter and changeme.

Brian Genz

Brian Genz is an information security professional with experience in the insurance, manufacturing, and defense intelligence sectors. He has worked in the areas of incident response, forensic analysis, vulnerability management, and security risk consulting.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats