Title: How Blue Penetrates You

When we started taking a proactive approach to blue teaming, the number of daily scans by automated vulnerability scanners dropped immensely.

In this talk, we will present the mindset we found useful and the techniques we used to make scanning our applications and infrastructure a slow and manual process.

Starting with blocking path and subdomain enumeration with a couple of lines on the proxy bombarding the banners with randomized content that is not differentiable from real content.

Next, we will simulate known vulnerabilities in a subtle way, allowing attackers to connect, pivot, perform lateral movement, and let them exfiltrate terabytes of useless data, wasting their time, resources, and letting your systems fingerprint their TTPs and IOCs

We had a blast presenting at the cloud village last year, and we have many interesting things cooking for this year!


YouTube: https://www.youtube.com/watch?v=gwBG_oKDINQ

#cloudv-general-text: https://discord.com/channels/7082082...33373172285520

Speaker(s): Dani Goland, Mohsan Farid

Location: Cloud Vlg

Discord: https://discord.com/channels/7082082...33373172285520

Event starts: 2020-08-08 11:45 (11:45 AM) PDT (UTC -07:00)

Event ends: 2020-08-08 12:30 (12:30 PM) PDT (UTC -07:00)

For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-08T05:42 (UTC).