DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Can't Touch This: Detecting Lateral Movement in Zero-Touch Environments

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't Touch This: Detecting Lateral Movement in Zero-Touch Environments

    Title: Can't Touch This: Detecting Lateral Movement in Zero-Touch Environments

    Description:
    Attackers frequently use valid accounts to access servers with sensitive data. This gives them ninja-like stealth in most environments, but this session will show you how to turn the tables and use a zero-touch environment to catch them.

    Zero-touch environments are a product of the fast-moving world of DevOps which is being adopted by an increasing number of successful companies including Google. This session will show that by leveraging the constraints of this environment, we can identify malicious network traffic which would otherwise blend into the noise.

    This proposal is based on active research and new details may emerge during preparation of the final session. A brief overview of expected included topics:

    • Why care about DevOps and Zero-Touch?
    • How application servers are deployed in traditional environments
    • What lateral movement with valid credentials looks like in traditional environments
    • How deployment works in Zero-Touch environments
    • What lateral movement with valid credentials looks like in zero-touch
    • Detecting the lateral movement with existing network sensors

    Speaker(s): Phillip Marlow

    Location: Cloud Vlg

    Discord: https://discord.com/channels/7082082...33373172285520

    Event starts: 2020-08-07 13:25 (01:25 PM) PDT (UTC -07:00)

    Event ends: 2020-08-07 14:10 (02:10 PM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-07T00:36 (UTC).
    Starts
    August 7, 2020 13:25
    Ends
    August 7, 2020 14:10
    Location
    Cloud Vlg
Working...
X