SlideShare ist ein Scribd-Unternehmen logo

Active deception strategies for red and blue teams

Priyanka Aash
Priyanka Aash

(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception for red and blue teams

Technologie
1 von 27
Sudarshan Pisupati Principal Consultant - Smokescreen @sudartion Sahir Hidayatullah CEO - Smokescreen @sahirh ACTIVE DECEPTION FOR Red & Blue Teams
“The more you know about the past, the better prepared you are for the future.” Theodore Roosevelt
“Gauge your opponent’s mind and send it in different directions. Make him think various things, and wonder if you will be slow or quick.” Miyamoto Musashi The Book of Five Rings
“Never win by force what can be won 
 with deception” Niccolò Machiavelli, 
 The Discourses (paraphrased)
“Never interrupt your enemy when he’s making a mistake.” Napoléon Bonaparte
There are 3 reasons 
 why companies get hacked…
Low visibility INITIAL INTRUSION HACKERS 
 UNDETECTED DATA BREACH 1
Ever changing threat landscape2
Too many false positives3 13,72655,19872,61489,45296,825 = • Event fatigue • Data paralysis • Missed alerts • Game Over
Human psychology is an attacker’s greatest weapon. It’s also their greatest weakness. We’re losing. So why don’t we change the game?
1 Deception Benefits No false positives High attacker impact Focused on intent, not tools
Deception Benefits No false positives High attacker impact Focused on intent, not tools Source: David J. Bianco, personal blog The Pyramid of Pain
60% of attacks do not involve malware! Deception Benefits No false positives High attacker impact Focused on intent, not tools
Why does deception work?
LEVEL 2 Deception ?!?!#@!
Next-gen firewall Sandboxing Two-factor authentication DAST / SAST Network analytics Endpoint detection and response Thinking in lists v/s Thinking in graphs
Different colors, different languages… Blue Team talks about SQL injection Password cracking Phishing Port-scanning Patch management Red Team talks About Squiblydoo AS-REP roasting Hot potato attacks SPN enumeration LocalAccountTokenFilterPolicy Unquoted service paths Process hollowing OLE embedded phishing LLMNR poisoning Bloodhound / user hunting DLL side loading GPP exploitation Time-stomping
Wait a minute, how is deception different from…
Honeypots… Honeypots • Attract attacks • Public facing • Vulnerable • Network focused • Low signal / noise ratio • Poor realism • Not scalable • Useful for research
AT = Sum(RT, D, TH, IR) Red-teaming Deception Threat hunting Incident response
Good deception blankets the kill chain Internet Assets Active Directory Objects Application Credentials Files Network Traffic Endpoints People Servers Applications RECONNAISSANCE DATA EXFILTRATION PRIVILEGE ESCALATION EXPLOITATION LATERAL MOVEMENT
Chronology of an Attack - “The Double Cycle Pattern” Breach Complete Compromise targets and effect impact Privilege escalation #1 Escalated to local administrator Privilege escalation #2 Escalate to domain administrator Initial Intrusion Low privilege normal user Lateral Movement Hunt domain administrators C2 and persist Establish remote control channel
S M O K E S C R E E N sahirh@smokescreen.io | www.smokescreen.io | @sahirh WE CAN NOW TAKE QUESTIONS!

Empfohlen

SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Mass declassification sept 23 2010v2.1
Mass declassification sept 23 2010v2.1Mass declassification sept 23 2010v2.1
Mass declassification sept 23 2010v2.1Jeff Jonas
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
CTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyCTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyMaurice Dawson
 
DevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsDevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsWouter de Kort
 
Agile shortcuts conf
Agile shortcuts confAgile shortcuts conf
Agile shortcuts confRam Ramalingam
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...CODE BLUE
 

Empfohlen

SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Mass declassification sept 23 2010v2.1
Mass declassification sept 23 2010v2.1Mass declassification sept 23 2010v2.1
Mass declassification sept 23 2010v2.1Jeff Jonas
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
CTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyCTRL, Search, Exploit, and Destroy
CTRL, Search, Exploit, and DestroyMaurice Dawson
 
DevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsDevSecOps: Securing Applications with DevOps
DevSecOps: Securing Applications with DevOpsWouter de Kort
 
Agile shortcuts conf
Agile shortcuts confAgile shortcuts conf
Agile shortcuts confRam Ramalingam
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...CODE BLUE
 
Anonymity
AnonymityAnonymity
Anonymityrandomwalker
 
huntpedia.pdf
huntpedia.pdfhuntpedia.pdf
huntpedia.pdfCecilSu
 
An Underground education
An Underground educationAn Underground education
An Underground educationgrugq
 
Huntpedia
HuntpediaHuntpedia
HuntpediaJc Sv
 
[EN]THS22_AMM_ishing.pptx
[EN]THS22_AMM_ishing.pptx[EN]THS22_AMM_ishing.pptx
[EN]THS22_AMM_ishing.pptxArtur Marek Maciąg
 
How to Conquer Artificial Intelligence
How to Conquer Artificial IntelligenceHow to Conquer Artificial Intelligence
How to Conquer Artificial IntelligenceThe Added Value Group
 
Big data new physics giga om structure conference ny - march 2011
Big data new physics giga om structure conference ny - march 2011Big data new physics giga om structure conference ny - march 2011
Big data new physics giga om structure conference ny - march 2011Jeff Jonas
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2Chris Roberts
 
Insider threat webinar slides no cn
Insider threat webinar slides no cnInsider threat webinar slides no cn
Insider threat webinar slides no cnDevOps.com
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect..."We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...Jack Pringle
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Srikanth
SrikanthSrikanth
Srikanthkondalarao7
 
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...Travel Tech Conference Russia
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tpinkflawd
 
Volatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive SecurityVolatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive SecurityKelly Shortridge
 
"Understanding Humans with Machines" (Arthur Tisi)
"Understanding Humans with Machines" (Arthur Tisi)"Understanding Humans with Machines" (Arthur Tisi)
"Understanding Humans with Machines" (Arthur Tisi)Maryam Farooq
 
Ethical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth VasavadaEthical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth VasavadaKrutarth Vasavada
 
Engenharia Social: A Doce Arte de Hackear Mentes
Engenharia Social: A Doce Arte de Hackear MentesEngenharia Social: A Doce Arte de Hackear Mentes
Engenharia Social: A Doce Arte de Hackear MentesRafael Jaques
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 

Weitere ähnliche Inhalte

Ähnlich wie Active deception strategies for red and blue teams

huntpedia.pdf
huntpedia.pdfhuntpedia.pdf
huntpedia.pdfCecilSu
 
An Underground education
An Underground educationAn Underground education
An Underground educationgrugq
 
Huntpedia
HuntpediaHuntpedia
HuntpediaJc Sv
 
How to Conquer Artificial Intelligence
How to Conquer Artificial IntelligenceHow to Conquer Artificial Intelligence
How to Conquer Artificial IntelligenceThe Added Value Group
 
Big data new physics giga om structure conference ny - march 2011
Big data new physics giga om structure conference ny - march 2011Big data new physics giga om structure conference ny - march 2011
Big data new physics giga om structure conference ny - march 2011Jeff Jonas
 
Insider threat webinar slides no cn
Insider threat webinar slides no cnInsider threat webinar slides no cn
Insider threat webinar slides no cnDevOps.com
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect..."We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...Jack Pringle
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...Travel Tech Conference Russia
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tpinkflawd
 
Volatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive SecurityVolatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive SecurityKelly Shortridge
 
"Understanding Humans with Machines" (Arthur Tisi)
"Understanding Humans with Machines" (Arthur Tisi)"Understanding Humans with Machines" (Arthur Tisi)
"Understanding Humans with Machines" (Arthur Tisi)Maryam Farooq
 
Ethical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth VasavadaEthical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth VasavadaKrutarth Vasavada
 
Engenharia Social: A Doce Arte de Hackear Mentes
Engenharia Social: A Doce Arte de Hackear MentesEngenharia Social: A Doce Arte de Hackear Mentes
Engenharia Social: A Doce Arte de Hackear MentesRafael Jaques
 

Ähnlich wie Active deception strategies for red and blue teams (20)

Anonymity
AnonymityAnonymity
Anonymity
 
huntpedia.pdf
huntpedia.pdfhuntpedia.pdf
huntpedia.pdf
 
An Underground education
An Underground educationAn Underground education
An Underground education
 
Huntpedia
HuntpediaHuntpedia
Huntpedia
 
[EN]THS22_AMM_ishing.pptx
[EN]THS22_AMM_ishing.pptx[EN]THS22_AMM_ishing.pptx
[EN]THS22_AMM_ishing.pptx
 
How to Conquer Artificial Intelligence
How to Conquer Artificial IntelligenceHow to Conquer Artificial Intelligence
How to Conquer Artificial Intelligence
 
Big data new physics giga om structure conference ny - march 2011
Big data new physics giga om structure conference ny - march 2011Big data new physics giga om structure conference ny - march 2011
Big data new physics giga om structure conference ny - march 2011
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2
 
Insider threat webinar slides no cn
Insider threat webinar slides no cnInsider threat webinar slides no cn
Insider threat webinar slides no cn
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detection
 
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect..."We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
 
Srikanth
SrikanthSrikanth
Srikanth
 
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3S
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren't
 
Volatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive SecurityVolatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive Security
 
"Understanding Humans with Machines" (Arthur Tisi)
"Understanding Humans with Machines" (Arthur Tisi)"Understanding Humans with Machines" (Arthur Tisi)
"Understanding Humans with Machines" (Arthur Tisi)
 
Ethical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth VasavadaEthical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth Vasavada
 
Engenharia Social: A Doce Arte de Hackear Mentes
Engenharia Social: A Doce Arte de Hackear MentesEngenharia Social: A Doce Arte de Hackear Mentes
Engenharia Social: A Doce Arte de Hackear Mentes
 

Mehr von Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Active deception strategies for red and blue teams

  • 1. Sudarshan Pisupati Principal Consultant - Smokescreen @sudartion Sahir Hidayatullah CEO - Smokescreen @sahirh ACTIVE DECEPTION FOR Red & Blue Teams
  • 2. “The more you know about the past, the better prepared you are for the future.” Theodore Roosevelt
  • 3. “Gauge your opponent’s mind and send it in different directions. Make him think various things, and wonder if you will be slow or quick.” Miyamoto Musashi The Book of Five Rings
  • 4. “Never win by force what can be won 
 with deception” Niccolò Machiavelli, 
 The Discourses (paraphrased)
  • 5. “Never interrupt your enemy when he’s making a mistake.” Napoléon Bonaparte
  • 6.
  • 7.
  • 8. There are 3 reasons 
 why companies get hacked…
  • 9. Low visibility INITIAL INTRUSION HACKERS 
 UNDETECTED DATA BREACH 1
  • 10. Ever changing threat landscape2
  • 11. Too many false positives3 13,72655,19872,61489,45296,825 = • Event fatigue • Data paralysis • Missed alerts • Game Over
  • 12. Human psychology is an attacker’s greatest weapon. It’s also their greatest weakness. We’re losing. So why don’t we change the game?
  • 13. 1 Deception Benefits No false positives High attacker impact Focused on intent, not tools
  • 14. Deception Benefits No false positives High attacker impact Focused on intent, not tools Source: David J. Bianco, personal blog The Pyramid of Pain
  • 15. 60% of attacks do not involve malware! Deception Benefits No false positives High attacker impact Focused on intent, not tools
  • 17.
  • 19. Next-gen firewall Sandboxing Two-factor authentication DAST / SAST Network analytics Endpoint detection and response Thinking in lists v/s Thinking in graphs
  • 20. Different colors, different languages… Blue Team talks about SQL injection Password cracking Phishing Port-scanning Patch management Red Team talks About Squiblydoo AS-REP roasting Hot potato attacks SPN enumeration LocalAccountTokenFilterPolicy Unquoted service paths Process hollowing OLE embedded phishing LLMNR poisoning Bloodhound / user hunting DLL side loading GPP exploitation Time-stomping
  • 21. Wait a minute, how is deception different from…
  • 22. Honeypots… Honeypots • Attract attacks • Public facing • Vulnerable • Network focused • Low signal / noise ratio • Poor realism • Not scalable • Useful for research
  • 23. AT = Sum(RT, D, TH, IR) Red-teaming Deception Threat hunting Incident response
  • 24. Good deception blankets the kill chain Internet Assets Active Directory Objects Application Credentials Files Network Traffic Endpoints People Servers Applications RECONNAISSANCE DATA EXFILTRATION PRIVILEGE ESCALATION EXPLOITATION LATERAL MOVEMENT
  • 25.
  • 26. Chronology of an Attack - “The Double Cycle Pattern” Breach Complete Compromise targets and effect impact Privilege escalation #1 Escalated to local administrator Privilege escalation #2 Escalate to domain administrator Initial Intrusion Low privilege normal user Lateral Movement Hunt domain administrators C2 and persist Establish remote control channel
  • 27. S M O K E S C R E E N sahirh@smokescreen.io | www.smokescreen.io | @sahirh WE CAN NOW TAKE QUESTIONS!