With the adoption of endpoint detection and response tools as well as a higher focus on behavior detection within organizations, when simulating an adversary it’s important to understand the systems you are targeting. This talk will focus on the next evolution of red teaming and how defeating defenders will take more work and effort.
This is a good thing! It’s also proof that working together (red and blue) collectively, we can make our security programs more robust in defending against attacks. This talk will dive into actual simulations where defenders have caught us as well as ways that we have circumvented even some of the best detection programs out there today. Let’s dive into baselining behavior and refining our tradecraft to evade detection and how we can use that to make blue better.
This talk will be held by David Kennedy. David is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), Artillery, and several popular open source tools. David has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. He is also the co-host of the social-engineer podcast and on several additional podcasts. David has testified in front of Congress on two occasions on the security around government websites. He is one of the founding authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. David is the co-founder of DerbyCon, a large-scale conference in Louisville, Kentucky which ran 9 years. Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions. He also serves on the board of directors for the ISC2 organization and are also founder of TrustedSec and Binary Defense Systems.
Lær fra en av de fremste på neste generasjons sikkerhetstesting og å finne sårbarheter i dine systemer.