If, on Tuesday, you find yourself in San Francisco, with access to RSA, then I know how you should spend your time from 1PM PST. Alex Cox, Ken Westin, and I will be introducing our panel: Killing the Kill Chain: Disrupting the Cyber Attack Progression. Instead of talking about how you can preemptively stop an attack, we plan to show you. With Ken acting as our moderator, translator and all around good guy, I will endeavor to hack Alex’s network. After all, who wouldn’t want to find a juicy retailer’s order database full of all those tasty credit card numbers? If there’s one clear takeaway from this year’s Verizon Data Breach Incidents Report, it’s that good security hygiene is critical to success in today’s fast-paced cyber landscape. It’s not enough to buy the latest and greatest security tools if they’re still packaged up or the data isn’t analyzed. While there’s no security silver bullet, building security is like layering lasagne. On their own, each component is good but together, they’re great. Our goal is to emphasize the importance of layering your security tools, demonstrating why your toolbox needs a screwdriver, hammer and wrench. The setup is simple. I will have a laptop loaded with Kali Linux and a few “special tools,” while Alex will have a public host, a private network and a plethora of Tripwire tools. You can watch the attack unfold in real time, as I attempt to go from scanning subnets for web servers to complete compromise of internal systems. While there’s no guarantee of success, I’m confident in my skills. The ultimate question will be the readiness of Alex and his organization. Do they have the layers in place to detect and thwart my advances or will I slip in under the RADAR and fully compromise their network?
Killing the Kill Chain: Disrupting the Cyber Attack Progression
Alex Cox, Ken Westin, and Tyler Reguly 1:10-2:00 PM - Tuesday, April 21, 2015 Moscone Center North, Room 132 Abstract: Exploits for high-impact vulnerabilities are often made available minutes after being announced. A point of ingress is identified, malware spreads, privileges are escalated and exfiltration of high-value data begins. As Hudson said, "Game over, man! Game Over!" Or is it? Join us, as we stop attacks before they start, identify hacks already in progress and, ultimately, ruin the attacker's day.
Who will win? Let us know what you think on Twitter with #teamtwtyler or #teamtwalex.
