Blue Team Keeping Tempo with Offense

DerbyCon 7.0 - Legacy

Presented by: Keith McCammon, Casey Smith (@infosecsmith2)
Date: Saturday September 23, 2017
Time: 12:00 - 12:50
Location: Track 4 - Three Way

Red: Forgot about slinging binaries, and set aside Powershell. What does it take to level attacks against an enterprises that take a positive approach to endpoint telemetry and security: application whitelisting, exploit mitigation, virtualization-based security?

Blue: Forget about static indicators, and assume that even the most clever patterns of attack depend on awareness of a specific technique (albeit not a specific implementation). What does it take to build a defensive strategy that assumes as little as possible, favoring suppression of the good over alerting to the bad?

Casey Smith

We have ground truth on tracing adversaries and their tactics. @subTee

Keith McCammon

We have ground truth on tracing adversaries and their tactics. @kwm


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats