CYBER JUDO: OFFENSIVE CYBER DEFENSE presented at BlackHatEU 2016

by Tal Be'ery, Itai Grady,

Summary : In this talk, we will show how defenders can take a few pages out of the attackers' book in order to better protect their organization against advanced, targeted attacks.
Cyber-attacks and defenses are commonly considered to be very different, or even orthogonal, disciplines. However, these allegedly disperse disciplines have many common aspects, and can use each other methods. In fact, attackers have long been using defensive techniques in their offense in order to make it more successful. Most notably, the more aware attackers are encrypting their network attacks to escape the eyes of defensive monitoring systems. It's time for defenders to rise up and respond by using attackers' methods against them.
Some of the defensive "offensive" methods we would discuss in out talk includes:
Using the attacker's technique of injecting Kerberos errors, in order to gracefully mitigate attacks against authentication such as Over-Pass-the-Hash and Pass-the-Ticket
Leveraging on the attackers' internal network reconnaissance methods to pin-point identify attackers in real-time
Taking advantage of a known encryption vulnerability in NTLM in order to identify attackers Brute-Force attacks