Bridging the gap between ICS(IoT?) and corporate IT security
I really enjoyed this talk hearing how an organization defends in a BYOD & academic environment. Defense is difficult when you control the hosts, even more so when you you cant instrument the host and have to rely on network controls only.
My favorite slide was their alerting stack:
Not sure when the slides will be released but here is an older version of the talk I found:
How we hacked Distributed Configuration Management Systems
Francis Alexander & Bharadwaj Machiraj
Awesome talk on breaking into
- HashiCorp Consul
- Apache Zookeeper
- CoreOS etcd
Tool they created:
Modern reconnaissance phase on APT – protection layer
Fun talk on how APT have been implementing some checks to make sure the targets are valid prior to sending down the final stage of the attack.
@cktricky and I also were able to give the talk at CERN. Background info on CERN: https://en.wikipedia.org/wiki/CERN
Archive of the talk:
This is a Security Bloggers Network syndicated blog post authored by CG. Read the original post at: Carnal0wnage & Attack Research Blog