PaulDotCom will be presenting the debut of our 2-day Offensive Countermeasures class at Black Hat July 30-31.
Before we get into this too much please check out the following:
http://en.wikipedia.org/wiki/OODA_loop
The main issue with computer security and Cyber-Warfare today is there is very little that most organizations on our side are willing to do when it comes to taking any action against attackers. There are a number of good reasons for this, one being legal issues and collateral damage to intermediary systems. Another may be fear of angering the attackers. However, it is an aspect of computer security that needs to be addressed and we need to move on. Current AV, Firewall and IDS strategies are failing and will continue to fail.
Long story short, if we have overly stringent rules and our opponents do not, whom is going to win?
We have to get inside an attacker’s OODA loop and change the dynamics in such a way they did not expect.
Hence, offensive countermeasures should be considered. However, when we consider offensive countermeasures we need to get past the idea of “hacking back.” PaulDotCom is running a class at Black Hat and we want people to understand that this class is beyond getting access to an attacker’s machine. A class focused on “hacking back’ would not sell well. There is little to no way you would be able to justify a class like that to management. Rather, Paul and I have been focusing on things that an organization can do that would make our lives as testers miserable. Consequently, the things we cover in this class will also make an attacker’s life more miserable as well. We have broken the class up into three sections: Annoyance, Attribution, and Attack, or the three A’s. The reason we have done this is that we want you to be able to bring the things you have learned back to work and feel comfortable implementing some of them without having to get buy-in from a Lawyer. For example: Attribution. With Attribution we focus on how we can identify an attacker’s real IP address without “hacking” their system, even if they are coming through TOR. We will teach you how to do this using many of the same techniques used by almost all websites today. The point is, we do it without “hacking back.”
So, this class is dedicated to finding ways to fight back and making our networks “hard-targets” to attack. It is also dedicated to finding ways to get attribution on who the attackers are and where they are coming from.
Finally, we want to illuminate the legal issues surrounding this topic. Time to fight FUD with fact. There is case law. Even the extreme example of “hacking back” has been done, it just requires a bit of research and finesse.
This class has 7 labs per day. You will also leave the class with the OCM VM that will have all of the tools from the class ready to go.
Cant wait to see you there.
-strandjs
PaulDotCom

About the author

Leave a Reply