Diversion -- A maneuver intended to draw off attention from the point of main attack. Traditionally, security analysts are focused on blocking attackers and keeping them out. This usually works, but it does not provide defenders much intelligence on who is attacking them and why, nor do such methods actually keep attackers out. Without such crucial data, it's difficult to know whether or not an adversary has actually been removed from the environment as well. Let's turn the tables and beat them at their own games. They use diversions to break in, so we can pull the same tricks on them. Let's track their movements, better understand their tactics, and possibly even find out who they really are in the process. This talk will dive into various tools and techniques that can be used to deceive our attackers, track them, rapidly respond to incidents, and even help train your user base to better identify and inform you of potential attacks. We will also be releasing a new, open source, Incident Response tool designed to assist with rapid data acquisition and quarantine of remote hosts within the enterprise.
Greg: Greg Foss is a Senior Security Research Engineer with the LogRhythm Labs Threat Intelligence Team, where he focuses on developing defensive strategies and tools to counteract advanced attack scenarios. He has nearly a decade of experience in the Information Security industry with an extensive background in Security Operations; focusing on Penetration Testing and Web Application Security. Greg currently runs the Security Operations practices at LogRhythm and holds multiple industry certifications including the OSCP, GAWN, GPEN, GWAPT, GCIH, and C|EH, among others. Tom: Thomas Hegel is an Incident Response and Security Analytics Engineer with LogRhythm Labs. He is experienced in many different aspects of the information security industry. Previous positions range from enterprise network security, managed security of various technologies, and incident response. Thomas spends his free time studying various threats and researching interesting attack and defense techniques. In addition to his experience, Thomas' education has been focused on information technology and computer science with a concentration in security and forensics. Thomas currently holds the CISSP and GCFE certifications.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek