BruCON 0x05 has ended
This schedule is subject to change, check back regularly.
Registrations start at 8h30!
Workshop rooms in the location Novotel are 5 minutes walking from the main venue.
Workshop seats are limited to max 30 persons in rooms Orval, Chimay & La Trappe Seats will be on a first come first serve basis, please be there in time
back to BruCON web site.
TIP: to see as grid: click on the "Schedule button"  
Back To Schedule
Friday, September 27 • 11:00am - 12:00pm
Paint by Numbers vs. Monet (Russ Gideon)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Penetration testing came about because of real world attacks. The industry quickly realized that we need to behave like the attackers to learn how to defend against attackers, and thus the penetration testing industry was born. Back then the approach to attacks was very paint by numbers. If an exploit was found it was released in raw format, possibly/probably perfected by others, and released. Our methodologies and detections for defense against these attacks were derived from this type of approach. This approach became very paint by numbers! The initial training on this concept was derived from real world attacks, and we have evolved that training but stopped a few years ago that quick mimicking the real attackers. Why did we do this? It isn’t because as an industry we didn’t want to advance it but it was because it became very difficult to. Why so difficult, because the times have changed, and people are not just giving out thing like they used to. Attackers don’t take that approach. They find a vulnerability/exploit and treat it very special, they understand it, they research all aspects of it, and then they weaponize it. This approach takes time and money and takes a Monet. Yes there are plenty of lookalike Monet paintings, but none have the brush stroke characteristics that true Monet paintings do. Are current approach to detecting and resembling real attacks is still very paint by numbers. Our commercial off-the-shelf tools are great tools, and can help something look like a Monet, but when you look at the brush strokes you can see it is a paint by numbers.

We will be reviewing some Tactics, Techniques, and Procedures (TTP) scenarios from real world attacks and showing the not so common differences between true attacker TTPs and current penetration testing methodologies, TTPs, and tools. This talk will focus on the binary aspects of these scenarios to show significant differences and some similarities of current attack patterns. This presentation is designed to show viewers the very low level details that we are overlooking in how to replicate true malicious attackers.This common trend to use off-the-shelf tools to conduct penetration tests has replaced a significant amount of tool writing which has and will help the industry, but this has come at an expense as well.

avatar for Russ Gideon

Russ Gideon

Russ Gideon has many years of experience in information security fulfilling many diverse roles from being a core component of an Incident Response operation to managing an effective Red Team. Russ excels both at malware reverse engineering, which enables him to deeply understand... Read More →

Friday September 27, 2013 11:00am - 12:00pm CEST
1 Westvleteren Aula Ghent