Morphing to Legitimate Behavior Attack Patterns presented at grrcon 2017

by David Kennedy,

Summary : Let’s face it, the industry is getting better at detection. Not everyone, but it’s getting there. Companies are focusing on getting logs from their endpoints and looking for abnormal patterns of behavior. As attackers, our tactics have been shifting over time to become more compliant with standard protocols and behavior. This has implications on how we test, length of engagements, and the level of effort to attack. It’s not as easy as it once way (with many exceptions), but as defense grows, our capabilities as attackers has to grow as well.
This talk will dive into what I’m seeing out there as far as detection capabilities, and how to get around them. Let’s take a dive into multiple detection and preventive capabilities and how to circumvent them without getting detected. As the offense, we can’t rely on hoping for multicast to DA every time. The times are changing, our skills need to match that appropriately.