A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Skiddiemonkeys: Fling "stuff" at your Defenses and See What Sticks - (BSides Nashville 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Skiddiemonkeys: Fling "stuff" at your Defenses and See What Sticks

Russell Butturini & Joshua Tower

BSides Nashville 2015

Every security team invests tons of money in detective and preventative technologies. But how do they know they are working? Sure, there are pen tests, vulnerability scans and the old "if we see stuff happening it's probably OK" theory, but none of these reflect real world attacks. Security teams need QA tools for their defenses designed to simulate targeted attacks by attackers of various intelligence levels in a distributed fashion. This helps teams to understand what their tools are seeing and, more importantly, what they are not seeing. This talk will examine these gaps, and also demo a tool, Skiddiemonkeys. This tool is based on the Netflix "Chaos Monkey" principles and designed to create a variety of randomized, semi-controlled bad actors across a distributed environment to test security tools and help security teams learn how they react to or reflect malicious events on the network.

Bio: Russell Butturini & Joshua Tower @tcstoolHax0r
Joshua Tower is the newest Information Security Engineer on Russell's team. Fresh out of graduate school, he is often found searching for vulnerabilities on web apps and (sometimes) breaking servers. With his developer background, Joshua is always thinking of new ways to automate the five-hundred pound gorilla known as compliance so that he can get back to improving his technical abilities. Russell Butturini is the Senior Enterprise Security Architect at a large wellness solutions company in Nashville, where he oversees everything security that isn't compliance (which bores him to tears). He has presented at several conferences such as DEFCON and Derbycon, and authored multiple security tools, such as the U3 incident Response Switchblade, The Network Attached Storage Enumerator, and NoSQLMap. These are amazing accomplishments considering he was once fired from a job at Wendy's after a week and a half of employment.

Back to BSides Nashville 2015 list

Printable version of this article

15 most recent posts on Irongeek.com:

    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2020, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast