Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Offensive Threat Modeling for Attackers 6: Insight into Points of Attack

Presenting their subject further, Shane MacDougall and Rafal Los stick to the objectives and key constituents of the points of attack modeling process. To model the points of attack, obviously, our key objective is to break everything down into the tiniest pieces possible. If you’re familiar with the...

Offensive Threat Modeling for Attackers 5: Modeling the Defender

It’s now turn for Shane MacDougall to contribute to the presentation and focus on the different aspects of modeling the defender for offensive purposes. Shane MacDougall: Now we’re going to get into the meat of the matter of how we’re actually going to break this down. So, modeling the defender (see...

Offensive Threat Modeling for Attackers 4: Executing the Attack the Right Way

HP Software’s Rafal Los now highlights the finishing touches to perform before the attack can be executed, and summarizes the entire offensive threat scenario. I hope you guys get the irony of hanging a piece of Swiss cheese in the Posture slide (see image). Identifying asset’s defensive posture: how...

Offensive Threat Modeling for Attackers 3: Identifying the Purpose, Target Assets and Points of Attack

In this section of the presentation Rafal Los thoroughly analyzes the offensive routine in the context of its purpose, prioritization, and points of attack. When you’re looking at a system, you have to know what’s behind it, you have to know what the infrastructure is, so if you’ve got an Oracle...

Offensive Threat Modeling for Attackers 2: Exploiting Defenders’ Weaknesses

Moving on with the subject, Rafal Los provides a step-by-step insight into preliminary measures and the right strategy for attacking the adversary’s assets. So, how do we use weaknesses of defenders as a weapon? I found a really cool quote that I like to use a lot: “To lack intelligence is to be in...

Offensive Threat Modeling for Attackers: Turning Threat Modeling on its Head

Rafal M. Los, HP Software’s Chief Security Evangelist, and Shane MacDougall, principal partner at Tactical Intelligence, give a presentation at Black Hat Europe 2012 to show a non-standard perspective of threat modeling as an offensive tool. Rafal M. Los: Hi! I’m Raf, that’s Shane right over here....

Making Attackers’ Lives Miserable 3: How to Spot and Attack the Bad Guys

Paul Asadoorian and John Strand give finishing touches to their research, highlighting methods of attribution and counterattacking, and listing the relevant precautions. Paul Asadoorian: Now along to attribution. So, if we can annoy attackers and draw them into certain places inside of our website or inside...

Making Attackers’ Lives Miserable 2: Setting Traps with Recursive Directories

In this section, Paul Asadoorian and John Strand elaborate on the aspect of annoyance that deals with making an attacker repeatedly go through a loop of directories on the targeted website. John Strand: Infinitely recursive directories are another one of the areas that you can mess with attackers’ lives....

Offensive Countermeasures – Making Attackers’ Lives Miserable

PaulDotCom’s Paul Asadoorian and John Strand present an intriguing research at RSA Conference 2012 about ways to confuse, upset and geolocate cyber intruders. Paul Asadoorian: Hello everyone and welcome to Offensive Countermeasures – Making Attackers’ Lives Miserable. My name is Paul...

The Art of Effectively Communicating with a Cyber Predator 3: Example of a Matching Conversation

To make the presentation more vivid, Janice Niederhofer now provides a demo of the conversation with a cyber predator, demonstrating the art of matching. Let’s move on. Conversely, if you want to decrease rapport, you can deliberately mismatch. We’ve been matching the cyber predator’s communication and...