Welcome%to%the%SANS%HackFest%

Similar documents
Assignment 61. Thursday December 7,2017. Head a page in your spiral. Midterm Review C.1.7 & C.3.5

B&A ENGINEERING SYSTEMS, INC. Employment Application

Nairobi Summit: When?

EXECUTIVE COMMITTEE MEETING PREPARATION Executive Committee: May 28, 2013 Amended: January 14, 2014

Unilateral Contracts vs. Bilateral Contracts

Q: HAVE I BEEN EXCUSED?

Upper Nile State: Movement Tracking Trend

IRIS Earthquake Science social media report for 2018

Calendar of Important Dates. Summer Semester 2009

Changing Embassy Supreme Court Ruling

Riverside City College. Associated Students of Riverside City College A.S.R.C.C. Application for Executive Branch

FULL ADDRESS Street # & Name Apt. # City State Zip. Please print clearly.

Chambers of Chief Judge Christopher C. Edwards Phone Number: Fax Number:

Spring Valley Golf Course Employment Application Form

APPLICATION FOR EMPLOYMENT

OFC: Fax: CDL Driver Application. Name. Last First Middle Maiden. Present address. Number Street City State Zip

2018 Election Calendar Wyoming Secretary of State s Office Election Division -

Writer Career Guide. The Sims 4 Writer Career Guide Copyright Sims Society All Rights Reserved 1. January 2015 Update1

2018 Election Calendar Wyoming Secretary of State s Office Election Division -

DATE CLASS INSTRUCTOR DAY(S) CLASS HOURS TIME

SEPTEMBER 2018 NEWSLETTER

Procedural Services Branch

Criminal Injuries Compensation Scheme 2008

999BookofNumbers.com presents. February 2012

ACADEMIC SENATE Executive Committee REFERRAL FORM

OCCUPATIONAL DRIVERS LICENSE INFORMATION PACKET

The Electoral Process

The parties to this letter agreement hereby agree as follows:

PLEASE PRINT ALL INFORMATION REQUESTED EXCEPT SIGNATURE ON PAGES 5 & 6. Name LAST FIRST MIDDLE MAIDEN. Present Address NUMBER STREET CITY STATE ZIP

Travis County Victim Services Unit

Presidential Candidate Declaration of Intent

State of Florida Department of Business and Professional Regulation Division of Drugs, Devices, and Cosmetics

Application for a premises licence to be granted under the Licensing Act 2003 PLEASE READ THE FOLLOWING INSTRUCTIONS FIRST

November Sun Mon Tue Wed Thu Fri Sat. VISIT US ON THE WEB: mfscmiddlesex

AGENDA Thurs 10/22 & Fri 10/23

Continued Public Inattention to Trial SUPPORT FOR CLINTON, BUT NOT FOR SOCIAL SECURITY FUNDS IN MARKET

STATE OF NORTH CAROLINA

Wonder Back-to-School Giveaway Rules and Regulations

Spring 2018 SGA Election Code Meeting The University of North Texas - Student Government Association

FACILITY HIRE LICENCE AGREEMENT for commercial operators or other incorporated associations

February SW Wilsonville Road Wilsonville, OR 97070

2017 Recurrent Discussion on Fundamental

Visalia Tribal TANF Owens Valley Career Development Center 1401 W. Caldwell Ave, Visalia, CA Office Fax

Calendar of Important Dates

SUBSTITUTE TEACHING APPLICATION

AP Government Mass Media Study Guide

RESTRICTED (when complete) Candidate s Full Name (Use BLOCK capitals): Post Applied for: District: Application form for the post of POLICE VOLUNTEER

Licensing Act Application Pack to Vary a Premises Licence

PRENATAL PROGRAMS 2017 CLASS SCHEDULE. Oakland/Alameda (510) Richmond (510) Pinole (510)

34th International Solidarity Affair

, I.1 CITY COUNCIL SUMMARY REPORT. Agenda No. Key Words: Legal Publications RFP Meeting Date: January 13, 2015 PREPARED BY:

2018 Council Program Calendar

Saturday, November 12, 2016

MONITORING REPORT ON THE WEBSITE OF THE STATISTICAL SERVICE OF CYPRUS NOVEMBER The report is issued by the.

ACTIVITIES CALENDAR JULY JUNE 2018

Controlling alcohol-related violence in the night-time economy

UGANDA PROGRAM 2019 CALENDAR

Sun Mon Tue Wed Thu Fri Sat. Keep up with the Mobile Family Success Center on Social Media:

Sun Mon Tue Wed Thu Fri Sat

Hot off the Press. We Won! Officer Election

CITY WEST BOARD MEETING MONDAY, April 4, 2011 MEN S CLUB - STAMPEDE ROOM 7:30 A.M. 1. CALL TO ORDER by President Dick LeMoine at 7:30 AM.

APPLICATION. How did you hear about the CJ Wilson Mazda Pride Crew? Friend whitesox.com Game Social Media Other

TEMPORARY SPECIAL USE PERMIT APPLICATION PROCEDURES

OCEAN CITY BOARD OF EDUCATION REGULAR MEETING AGENDA WEDNESDAY, FEBRUARY 25, :00 P.M. HIGH SCHOOL COMMUNITY ROOM

Legal Last Name: Address: City: State: Zip Code: Emergency Contact: Days Available: Mon. Tue. Wed. Thurs. Fri. Signature: Date:

State of Florida Department of Business and Professional Regulation Division of Drugs, Devices, and Cosmetics

Calendar of Important Dates Academic Year

FAMILY APPLICATION. Name Age Special Needs (if so, be specific)

Belvedere Golf Club Inc. Policies

DCUSU Elections 2018 Nomination Form

2006 a District Conduct of Meetings CDE Abilities and Items of Business. Judge s Copy

Liaison Center Training. Texas Register Liaison Training Updated: January

Link Attraction Factors

State of Florida Department of Business and Professional Regulation Division of Drugs, Devices, and Cosmetics. Form No.

Burgers & Ice Cream! 7/27/16

A motion was made, seconded, and carried to approve the minutes of the Apr. 17, 2013 meeting, as sent to the member companies.

Licensing Act Application Pack for a Premises Licence

State of Florida Department of Business and Professional Regulation Division of Drugs, Devices, and Cosmetics

George Mason University School of Law PATENT LITIGATION AND DISPUTE RESOLUTION. Spring Tuesdays 8:00-9:50 P.M. SYLLABUS INSTRUCTORS

ACADEMIC CALENDAR

Supporting Information for Differential Registration Bias in Voter File Data: A Sensitivity Analysis Approach

45 th IUPAC GENERAL ASSEMBLY

-M I N U T E S- Sunshine Statement

Spirit Week & House Decorating

AUSTRALIAN ARMY APPRENTICES ASSOCIATION INC. MINUTES OF THE COMMITTEE MEETING HELD AT THE ROYAL MILITARY COLLEGE OFFICERS MESS ON 6 MAY 2009

General Information on the 2009 Invitation Programme for Japanese-Learning Students at Australian Universities

State of Florida Department of Business and Professional Regulation Division of Drugs, Devices, and Cosmetics

Tech Me Out: Taking Strategic Communication from Page to Screen

# Lougheed Hwy, Port Coquitlam.

HEARTLAND QUILT network NEWSLETTER

Final Report - PGSS General Elections & Referendums -

Hamilton Park Co-Op Ltd Newsletter

Apres Ski Club Board Meeting Minutes: June 2, :00pm at Ed Martin s Home

CITY COUNCIL CANDIDATE PACKETS CITY OF UNIVERSITY PARK GENERAL ELECTION

Penalty Notices Unauthorised Absence (Truancy)

AP Government Interest Groups Study Guide

Three Days. Living In The Digital First World

FREMONT, NEWARK & UNION CITY

POST-NEWSWEEK STATIONS

Calendar of Important Dates

Transcription:

FromSalmontoScarlet Ge2ngTheMostOutofTheManyShadesofRed EdSkoudis @edskoudis #SANSHackFest November16,2015 WelcometotheSANSHackFest Thankyouforjoiningus! We vebeenplanningandbuildingthisforayear We vegotanawesomeeventforyou 1

2 What sontap? 2DaysofInTDepthSummitTalks 3NightsofNetWars CoinTaTpaloozaduringNetWars SpecialSurprise HackFestHitstheRoad Session FeaturingJoMama ssoopersekretcookies! 6InTDepthCourses Hackingthe InternetofThings Thing ANightofCyberCityMissions SpecialClosingCeremonyonMonday,Nov23 SANSPenTestHackFestAgenda Mon Nov16 Summit& NetWars& w/& Coin2a2& Palooza& 6:30"PM" 9:30"PM" Tues Nov17 Summit& 4:30"PM" Hackfest& Hits&the& Road& 5:00"PM" 10"PM" Wed Nov18 5:30"PM Hacking& The& Internet& of&things& Thing& 7:15"PM" 9:15"PM Thurs Nov19 NetWars& w/& Coin2a2& Palooza& 6:30"PM" 9:30"PM" Fri Nov20 Sat Nov21 CyberCity& 6:30"PM" 9:30"PM" " " Sun Nov22 NetWars& w/& Coin2a2& Palooza& 6:30"PM" 9:30"PM" Mon Nov23 3"PM" Brief& Closing& Session& 3"PM" " "

ThankYoutoOurSponsors! PenTestHackFestThemes Offensehelpscyberdefenders &DFIRprofessionals Theconbnuingevolubonof offensivecapabilibes MulbTfacetedoffensiveskills Wemuststrivetoprovidetechnical excellencewithgreatbusinessvalue 3

PleaseHelpMakeThisSpecial We reacommunityoffriends&colleagues Wewantyoutogetasmuchvalueoutofthis asyoucan Interactwithspeakers,instructors,staff Introduceyourselftoothers makefriends Pleasetakeadvantageofoureveningsessions Lotsoflearning,butalsoalotofFUN! TheManyShadesofRed Width: Approx#ofJobs Depth: RelabveTechnicalComplexity Wheredoyoufit? Wheredoyouwanttofit? Auditors VulnAssessors PenTesters RedTeamers Adversary Simulators Offensive Ops Security Researchers 4

PenTesbngRut Pentesbng,asitiscommonly understood,hasafixedbmespan, narrowscope,andafocusonfinding vulns Andexploibngthemonlyasbmeis available Indoingthis,wesacrificerealism, stealth,depth,andunderstanding deepbusinessimplicabons Andmostimportantly,determining whetherblueisreadytodetectand respondtorealtworldalackers TheMoveTowardRedTeaming Engagementstendtobelonger(insteadof1T2weekpentest) Monthsorevenconbnuously Ooendonewithoutafixedstarbngdate/bme Internalredteamstendtoknowthe layoftheland Usefulindeterminingchangesofsecuritystanceoverbme 5

AdversarySimulabon ApplyingtheRedTeamdeeply FacetheRedTeamagainst theblue/huntteam Applytechniquesusedby realtworldalackers Includesurprise,stealth,lateral movement Focusonmeasuringdetecbon andresponse Veryuseful butcanfeelabit messy TheFoundabonsofRedvs.Blue ConsideringtheevolubonfromVulnAssessment! RedTeam/AdversarySimulabon,what sthereal purposeofred? Tohelpprioribze resourcesandheighten defenses TomakeBluebeler Thiswillhelpusprovide morebusinessvalue 6

Metricsand ConbnuousImprovement Toprovidesomestructure,considerthisprocess: ReddiscusseswithBluethegeneraltechniquesthey lluse Spearphishing somethingthatnearlyguaranteesaccess Or,justassumecompromise&pivotmercilessly EstablishbmemetricforBluetodetect 2weeksofacbveinfiltrabon&exfilsim asafirstblushforaninexperiencedblue Establishascope(fairlywidespread) GO! DidBlueDetectRedinTime? No RedhelpsexplaintoBluewhattheydid,andtheybrainstormhowto detectitbeler,faster,andinamoredistributedfashion RedsharpensBlue No!Buttheydetectedarealbadguy WIN! Yes! Bluethenshowshowit detectedred Tweakscope,enhance allowedredtechniques, lowerbmeframe(1day)! BluesharpensRed 7

Conclusions ItusedtobeOUTLANDISHtosay I mgoingtopay peopletohackmystuff. Now,unlessyoudogetapentestorredteamassessment, youaren texercisingyourduediligence Red Blue SOMETHING AWESOME Red sprimarygoalis tomakebluebeler. Neverlosesightof that,frodo! AsyouparbcipateintheHackFest,thinkabouthow RedandBluecansharpeneachother References RaphaelMudgeBlog, ModelsforRedTeamOperabons hlp://blog.cobaltstrike.com/2015/07/09/modelstfortredtteamt operabons/ EdSkoudispresentabon, HowtoGivetheBestPenTestof YourLife hlp://is.gd/8oaxrn RobinMejiaarbcle, RedTeamVersusBlueTeam:Howto RunanEffecbveSimulabon,CSOOnline hlp://www.csoonline.com/arbcle/2122440 RaphaelMudgeBlog, RedTeamTradecrao hlp://blog.cobaltstrike.com/2015/04/29/2015stredtteamttradecrao/ 8

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback