Presentation Material

Abstract

2016: The Infosec Crossroads Today’s attacks succeed because the defense is reactive. I have been researching attacks and offensive techniques since the past 16 years. As the defenses kept catching up and closing open doors, we attackers looked for new avenues and vectors. This talk looks back on the state of defenses during my days of One-Way Web Hacking in 2001 to Stegosploit in 2016, and a common pattern emerges. Defense boils down to reacting to new attacks and then playing catch-up. It is time to take another look at defense strategy. In this talk I present the basics of what should be the next evolution of pro-active defense architecture.

AI Generated Summary^{may contain errors}

Here is a summary of the content:

The speaker, in this presentation discusses seven essential practices for effective information security (InfoSec).

1. Collect everything: Gather all relevant data to analyze and measure security effectiveness.

2. Measure it like an attacker: Test security measures with a mindset similar to that of an attacker to identify vulnerabilities.

3. User ratings matter: Implement internal user ratings to track good security practices, such as regular browser updates and strong passwords, segregating proactive users from reactive ones.

4. Set booby traps: Create hidden accounts or vulnerabilities to detect potential security breaches.

5. Analysis decides actions: Only take action after thorough analysis of data to avoid unilateral decisions.

6. Get buy-in from the top: Ensure that top-level management is invested in InfoSec efforts for a successful strategy.

The speaker emphasizes the importance of creativity in an InfoSec team, suggesting that if they are not doing something innovative every day, they may be falling short. The presentation concludes with a call to action, encouraging organizations to implement these practices for effective security measures.