Tweet
Title: Can't Touch This: Detecting Lateral Movement in Zero-Touch Environments
Description:
Attackers frequently use valid accounts to access servers with sensitive data. This gives them ninja-like stealth in most environments, but this session will show you how to turn the tables and use a zero-touch environment to catch them.
Zero-touch environments are a product of the fast-moving world of DevOps which is being adopted by an increasing number of successful companies including Google. This session will show that by leveraging the constraints of this environment, we can identify malicious network traffic which would otherwise blend into the noise.
This proposal is based on active research and new details may emerge during preparation of the final session. A brief overview of expected included topics:
• Why care about DevOps and Zero-Touch?
• How application servers are deployed in traditional environments
• What lateral movement with valid credentials looks like in traditional environments
• How deployment works in Zero-Touch environments
• What lateral movement with valid credentials looks like in zero-touch
• Detecting the lateral movement with existing network sensors
Speaker(s): Phillip Marlow
Location: Cloud Vlg
Discord: https://discord.com/channels/7082082...33373172285520
Event starts: 2020-08-07 13:25 (01:25 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 14:10 (02:10 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-07T00:36 (UTC).
Description:
Attackers frequently use valid accounts to access servers with sensitive data. This gives them ninja-like stealth in most environments, but this session will show you how to turn the tables and use a zero-touch environment to catch them.
Zero-touch environments are a product of the fast-moving world of DevOps which is being adopted by an increasing number of successful companies including Google. This session will show that by leveraging the constraints of this environment, we can identify malicious network traffic which would otherwise blend into the noise.
This proposal is based on active research and new details may emerge during preparation of the final session. A brief overview of expected included topics:
• Why care about DevOps and Zero-Touch?
• How application servers are deployed in traditional environments
• What lateral movement with valid credentials looks like in traditional environments
• How deployment works in Zero-Touch environments
• What lateral movement with valid credentials looks like in zero-touch
• Detecting the lateral movement with existing network sensors
Speaker(s): Phillip Marlow
Location: Cloud Vlg
Discord: https://discord.com/channels/7082082...33373172285520
Event starts: 2020-08-07 13:25 (01:25 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 14:10 (02:10 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-07T00:36 (UTC).