Is your internal red team withholding their TTPs from the defense? Defenders, are you constantly trying to “win” your pentests by fixing vulns on the fly? Have you been on engagements where the blue team starts blocking your ips and targeting you just to prove that they are better, or had pentesters that mock your environment on twitter like you are the butt of an InfoSec joke. These approaches are not working, not only from a personal level but from an industry level. How we choose to work with each other needs to grow if our goal is to protect those around us rather than make a name for ourselves. Come hear stories of offensive engagements done right (and really really wrong), and learn from a seasoned defender and attacker how partnerships should be forged to be most impactful. Victims complain, Victors adapt. Which are you?

With over 10 years of industry experience, Jason Lang (@curi0usJack) has worked in both offensive and defensive roles. Before switching to red teaming, he spent 8 years working as a technical Security Architect for a Fortune 500, specializing in Active Directory and .Net/database development. Stuart has over 15 years in IT and Security. A recovering Security Architecture manager turned frontline blue teamer, he strives to stop threats using every tactic in the playbook and making a few new ones.

@curi0usJack, @Contra_BlueTeam

Back to Derbycon 2018 video list