(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams

•

1 gefällt mir•2,908 views

Priyanka Aash

Technologie

Sudarshan Pisupati
Principal Consultant - Smokescreen
@sudartion
Sahir Hidayatullah
CEO - Smokescreen
@sahirh
ACTIVE DECEPTION FOR
Red & Blue Teams

“The more you know about the past,
the better prepared you are for the future.”
Theodore Roosevelt

“Gauge your opponent’s mind
and send it in diﬀerent directions.
Make him think various things,
and wonder if you will be slow
or quick.”
Miyamoto Musashi
The Book of Five Rings

“Never win by force
what can be won  
with deception”
Niccolò Machiavelli,  
The Discourses (paraphrased)

“Never interrupt your
enemy when he’s
making a mistake.”
Napoléon Bonaparte

There are 3 reasons  
why companies get hacked…

Low visibility
INITIAL INTRUSION
HACKERS  
UNDETECTED
DATA BREACH
1

Too many false positives3
13,72655,19872,61489,45296,825
=
• Event fatigue
• Data paralysis
• Missed alerts
• Game Over

Human psychology is an
attacker’s greatest weapon.
It’s also their greatest weakness.
We’re losing.
So why don’t we change the game?

1
Deception Beneﬁts
No false positives
High attacker impact
Focused on intent, not tools

Deception Beneﬁts
No false positives
High attacker impact
Focused on intent, not tools
Source: David J. Bianco, personal blog
The Pyramid of Pain

60%
of attacks
do not involve malware!
Deception Beneﬁts
No false positives
High attacker impact
Focused on intent, not tools

Next-gen ﬁrewall
Sandboxing
Two-factor authentication
DAST / SAST
Network analytics
Endpoint detection and response
Thinking in lists v/s Thinking in graphs

Diﬀerent colors, diﬀerent languages…
Blue Team
talks about
SQL injection
Password cracking
Phishing
Port-scanning
Patch management
Red Team
talks About
Squiblydoo
AS-REP roasting
Hot potato attacks
SPN enumeration
LocalAccountTokenFilterPolicy
Unquoted service paths
Process hollowing
OLE embedded phishing
LLMNR poisoning
Bloodhound / user hunting
DLL side loading
GPP exploitation
Time-stomping

Wait a minute, how is
deception diﬀerent from…

Honeypots…
Honeypots
• Attract attacks
• Public facing
• Vulnerable
• Network focused
• Low signal / noise ratio
• Poor realism
• Not scalable
• Useful for research

AT = Sum(RT, D, TH, IR)
Red-teaming
Deception
Threat hunting
Incident response

Good deception blankets the kill chain
Internet Assets
Active Directory Objects
Application Credentials
Files
Network Traﬃc
Endpoints
People
Servers
Applications
RECONNAISSANCE
DATA EXFILTRATION
PRIVILEGE ESCALATION
EXPLOITATION
LATERAL MOVEMENT

Chronology of an Attack - “The Double Cycle Pattern”
Breach Complete
Compromise targets
and eﬀect impact
Privilege escalation #1
Escalated to local administrator
Privilege escalation #2
Escalate to domain administrator
Initial Intrusion
Low privilege
normal user
Lateral Movement
Hunt domain
administrators
C2 and persist
Establish remote
control channel

S M O K E S C R E E N
sahirh@smokescreen.io | www.smokescreen.io | @sahirh
WE CAN NOW TAKE QUESTIONS!

Weitere ähnliche Inhalte

Ähnlich wie (SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams

Anonymity

randomwalker

huntpedia.pdf

CecilSu

An Underground education

grugq

Huntpedia

Jc Sv

[EN]THS22_AMM_ishing.pptx

Artur Marek Maciąg

Scott Porter, VP, Methods, and Aliza Pollack, VP Qualitative, led a session at the Planningness 2015 unconference. Scott works in marketing analytics, and regularly uses Artificial Intelligence algorithms to sort through large quantities of data to find plausible causal models for the interrelation of drivers, outcomes, and intermediate or mediating variables. In facilitating discussions between marketers and modelers, Scott has realized that the process of gearing up to work with AI can help us think better. Computer algorithms have the advantage when sorting through large amounts of data, but they have their limitations. With current technology, artificial intelligence has to sort through the data it is given--it generally can’t intuit missing data that would be important. However, as humans, we excel at this sort of intuition. Or, at least we can... we have to overcome our human tendency to stop when we've uncovered the first plausible answer. We shared a structured approach to brainstorming that forces us to push wider to additional context that might be important. These exercises (looking for multiple causes, looking for side effects, looking for missing causes) are the steps we would need to go through in order to select the right data for a computer to have sufficient information to build a quantified model. However, the steps are useful regardless of whether or not we later quantify the model, because the techniques help us push beyond where we would normally stop because we found a single reasonable explanation. After going through an overview of the theory and the process, we put it into practice. We took turns leading small groups in structured hypotheses sessions to systematically unpack potential complexities of real client challenges shared by members of the session, and brainstorm what information we (or algorithms) will need to better understand potential opportunities. Speaker note annotations are available within the deck if you download the pdf (orange boxes at the top left of each slide).

How to Conquer Artificial Intelligence

The Added Value Group

Big data new physics giga om structure conference ny - march 2011

Jeff Jonas

Rapid fire talk going through a number of topics that we'd pre-selected...one slide on the question, 1-2 slides on an answer.... Much goodness, for reference, here's the subjects: Planes: Lets go from myth to reality in a couple of slides, including updates since 2015 Transportation in general, cars, trucks, trains and ships…. Why can we still do this? What’s not changed? The technology, reactive, static vs. predictive The humans, why do we ignore them? Why this needs to change…what does the future hold? Why DO we stare into the abyss, why do we continue to deny it Hacking humans, molecular Hacking humans, consciousness Why DO we need to fix and HOW do we fix it? Fix the human Fix the basics Intelligent systems working collaboratively with us Augmented intelligence, the science of giving us the edge. Collaborate

Dec2018 istanbul-2

Chris Roberts

Even in good times, insider threats are challenging to identify. Insiders have access. They know what normal behavior is expected. They know the network, the organization, and the culture. All making it easier for them to deceive and hide their tracks. With defensive systems weakened, the opportunity increases for employees with ill intent to gain and maintain enhanced access and privileges undetected. Anomaly detection and other tools most often used to identify insider behavior have suddenly been rendered useless. Behavioral monitoring never worked well at finding needles in haystacks, but in a crisis like this, when everything looks like a needle, it falls over completely. No normal baseline exists. Everything is an anomaly. In this webinar, Illusive Networks Field CTO Wade Lance and former City National Bank CISO Karl Mattson will explore how to successfully deal with insider threats during the current moment as workforces massively shift to remote environments. At a time when incident response teams are overrun with alerts, analytical tools are failing to keep up with changing activity patterns, and economies are dealing with unprecedented changes, better insider threat strategies are needed to more accurately identify and respond to potential risk. Join our webinar to hear more about what those insider threat strategies should look like and gain practical tips for implementing those tactics quickly.

Insider threat webinar slides no cn

DevOps.com

Deception technology for advanced detection

Jisc

"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...

Jack Pringle

Data Loss Threats and Mitigations

April Mardock CISSP

Srikanth

kondalarao7

David Turnbull, cofounder and CCO Snapshot, at Travel Tech Conference Russia 2017 (http://traveltechcon.ru/eng). "As the debate surrounding the dominance of OTA's and who truly "owns" the customer intensifies, David takes an amusing but critical look at the current state of data management within the hospitality sector and why this is preventing the significant leaps in customer experience achieved by other industries". Subscribe to TTCR news: http://eepurl.com/cnhNvH

David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...

Travel Tech Conference Russia

Integrated Security, Safety and Surveillance Solution i3S

Edgevalue

La Quadrature Du Cercle - The APTs That Weren't

pinkflawd

This presentation will explore some of the teachings from the young field of behavioral game theory, which empirically measures how humans behave in games, as an improvement upon prior discussions involving traditional Game Theory models in which humans are considered perfectly rational. I will use behavioral game theory to examine how people’s natural cognitive biases lead to sub-optimal behavior in their decision-making processes in adversarial games – and specifically processes related to playing defense in the information security “game.” I will detail various sorts of games in which this sub-optimal performance manifests, how humans cognitively approach these games and touch on some of the algorithms, such as self-tuning EWAs, that help predict how people will behave in certain defender-attacker-defender (DAD) games. Finally, I will explore what sort of strategies and counter-measures can be implemented to improve defense’s performance in DAD games, incorporating techniques such as belief prompting, improved incorporation of information and decision trees.

Volatile Memory: Behavioral Game Theory in Defensive Security

Kelly Shortridge

At NYAI #16, Arthur Tisi explores deep neural networks that dominate advanced approaches to pattern recognition. Today neural networks transcribe our speech, recognize our pets, understand linguistics and fight our trolls. Recent advances by Geoff Hinton and the introduction of capsule networks only ups the ante. But despite the results, we have to wonder… why do they work so well? In this session, Arthur Tisi, CEO and Founder of MeaningBot, will share some extremely remarkable results in applying deep neural networks to natural language processing (NLP), particularly in the areas of determining human traits in the areas of leadership, team building, personality, consumption preferences and more. Arthur will cite real world examples and share some of the math and science behind these advances including different variants of artificial neural networks, such as deep multilayer perceptron (MLP), convolutional neural network (CNN), recursive neural network (RNN), recurrent neural network (RNN), long short-term memory (LSTM), sequence-to-sequence model, and shallow neural networks including word2vec for word embeddings.

"Understanding Humans with Machines" (Arthur Tisi)

Maryam Farooq

Ethical Hacking by Krutarth Vasavada

Krutarth Vasavada

A Engenharia Social é a hábil manipulação da tendência humana de confiar. Essa palestra visa apresentar, tanto para usuários quanto para profissionais de TI, riscos que estamos correndo na internet e no mundo corporativo nos últimos tempos. A ingenuidade ou despreparo das pessoas pode causar prejuízos enormes. Engenheiros sociais estão aparecendo em grande número e provocando danos significativos. Venha comigo em um passeio para descobrir como e porque essas pessoas agem!

Engenharia Social: A Doce Arte de Hackear Mentes

Rafael Jaques

Ähnlich wie (SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams (20)

Anonymity

huntpedia.pdf

An Underground education

Huntpedia

[EN]THS22_AMM_ishing.pptx

How to Conquer Artificial Intelligence

Big data new physics giga om structure conference ny - march 2011

Dec2018 istanbul-2

Insider threat webinar slides no cn

Deception technology for advanced detection

"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...

Data Loss Threats and Mitigations

Srikanth

David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...

Integrated Security, Safety and Surveillance Solution i3S

La Quadrature Du Cercle - The APTs That Weren't

Volatile Memory: Behavioral Game Theory in Defensive Security

"Understanding Humans with Machines" (Arthur Tisi)

Ethical Hacking by Krutarth Vasavada

Engenharia Social: A Doce Arte de Hackear Mentes

Mehr von Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs

Priyanka Aash

Verizon Breach Investigation Report (VBIR).pdf

Priyanka Aash

Top 10 Security Risks .pptx.pdf

Priyanka Aash

Simplifying data privacy and protection.pdf

Priyanka Aash

Generative AI and Security (1).pptx.pdf

Priyanka Aash

EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf

Priyanka Aash

DPDP Act 2023.pdf

Priyanka Aash

Cyber Truths_Are you Prepared version 1.1.pptx.pdf

Priyanka Aash

Cyber Crisis Management.pdf

Priyanka Aash

CISOPlatform journey.pptx.pdf

Priyanka Aash

Chennai Chapter.pptx.pdf

Priyanka Aash

Cloud attack vectors_Moshe.pdf

Priyanka Aash

Stories From The Web 3 Battlefield

Priyanka Aash

Lessons Learned From Ransomware Attacks

Priyanka Aash

Emerging New Threats And Top CISO Priorities In 2022 (Chennai)

Priyanka Aash

Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)

Priyanka Aash

Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)

Priyanka Aash

Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud

Cloud Security: Limitations of Cloud Security Groups and Flow Logs

Priyanka Aash

Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.

Cyber Security Governance

Priyanka Aash

The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.

Ethical Hacking

Priyanka Aash

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs

Verizon Breach Investigation Report (VBIR).pdf

Top 10 Security Risks .pptx.pdf

Simplifying data privacy and protection.pdf

Generative AI and Security (1).pptx.pdf

EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf

DPDP Act 2023.pdf

Cyber Truths_Are you Prepared version 1.1.pptx.pdf

Cyber Crisis Management.pdf

CISOPlatform journey.pptx.pdf

Chennai Chapter.pptx.pdf

Cloud attack vectors_Moshe.pdf

Stories From The Web 3 Battlefield

Lessons Learned From Ransomware Attacks

Emerging New Threats And Top CISO Priorities In 2022 (Chennai)

Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)

Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)

Cloud Security: Limitations of Cloud Security Groups and Flow Logs

Cyber Security Governance

Ethical Hacking

Kürzlich hochgeladen

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Kürzlich hochgeladen (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

GenCyber Cyber Security Day Presentation

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

A Domino Admins Adventures (Engage 2024)

How to Troubleshoot Apps for the Modern Connected Worker

Powerful Google developer tools for immediate impact! (2023-24 C)

Artificial Intelligence: Facts and Myths

Data Cloud, More than a CDP by Matt Robison

Scaling API-first – The story of a global engineering organization

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

GenAI Risks & Security Meetup 01052024.pdf

Finology Group – Insurtech Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - The value of a flexible API Management solution for O...

Strategies for Landing an Oracle DBA Job as a Fresher

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams

1. Sudarshan Pisupati Principal Consultant - Smokescreen @sudartion Sahir Hidayatullah CEO - Smokescreen @sahirh ACTIVE DECEPTION FOR Red & Blue Teams

2. “The more you know about the past, the better prepared you are for the future.” Theodore Roosevelt

3. “Gauge your opponent’s mind and send it in diﬀerent directions. Make him think various things, and wonder if you will be slow or quick.” Miyamoto Musashi The Book of Five Rings

4. “Never win by force what can be won   with deception” Niccolò Machiavelli,   The Discourses (paraphrased)

5. “Never interrupt your enemy when he’s making a mistake.” Napoléon Bonaparte

8. There are 3 reasons   why companies get hacked…

9. Low visibility INITIAL INTRUSION HACKERS   UNDETECTED DATA BREACH 1

10. Ever changing threat landscape2

11. Too many false positives3 13,72655,19872,61489,45296,825 = • Event fatigue • Data paralysis • Missed alerts • Game Over

12. Human psychology is an attacker’s greatest weapon. It’s also their greatest weakness. We’re losing. So why don’t we change the game?

13. 1 Deception Beneﬁts No false positives High attacker impact Focused on intent, not tools

14. Deception Beneﬁts No false positives High attacker impact Focused on intent, not tools Source: David J. Bianco, personal blog The Pyramid of Pain

15. 60% of attacks do not involve malware! Deception Beneﬁts No false positives High attacker impact Focused on intent, not tools

16. Why does deception work?

17.

18. LEVEL 2 Deception ?!?!#@!

19. Next-gen ﬁrewall Sandboxing Two-factor authentication DAST / SAST Network analytics Endpoint detection and response Thinking in lists v/s Thinking in graphs

20. Diﬀerent colors, diﬀerent languages… Blue Team talks about SQL injection Password cracking Phishing Port-scanning Patch management Red Team talks About Squiblydoo AS-REP roasting Hot potato attacks SPN enumeration LocalAccountTokenFilterPolicy Unquoted service paths Process hollowing OLE embedded phishing LLMNR poisoning Bloodhound / user hunting DLL side loading GPP exploitation Time-stomping

21. Wait a minute, how is deception diﬀerent from…

22. Honeypots… Honeypots • Attract attacks • Public facing • Vulnerable • Network focused • Low signal / noise ratio • Poor realism • Not scalable • Useful for research

23. AT = Sum(RT, D, TH, IR) Red-teaming Deception Threat hunting Incident response

24. Good deception blankets the kill chain Internet Assets Active Directory Objects Application Credentials Files Network Traﬃc Endpoints People Servers Applications RECONNAISSANCE DATA EXFILTRATION PRIVILEGE ESCALATION EXPLOITATION LATERAL MOVEMENT

25.

26. Chronology of an Attack - “The Double Cycle Pattern” Breach Complete Compromise targets and eﬀect impact Privilege escalation #1 Escalated to local administrator Privilege escalation #2 Escalate to domain administrator Initial Intrusion Low privilege normal user Lateral Movement Hunt domain administrators C2 and persist Establish remote control channel

27. S M O K E S C R E E N sahirh@smokescreen.io | www.smokescreen.io | @sahirh WE CAN NOW TAKE QUESTIONS!

(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie (SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams

Ähnlich wie (SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams (20)

Mehr von Priyanka Aash

Mehr von Priyanka Aash (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams