A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Smuggling Plums - Using Active Defnse techniques to hide your web apps from your attackers and their scanners - John Stauffacher (Circle City Con 2015 Videose 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Smuggling Plums - Using Active Defnse techniques to hide your web apps from your attackers and their scanners
John Stauffacher

Circle City Con 2015

Its not everyday that you come across a LAMP machine that is running WordPress, Joomla!, Drupal, and Sharepoint -- but I have one. This talk will walk through simple things you can do to update your defense game. By altering the way our application servers (or ADCs) respond to certain requests we can fool our attackers and their scanners into thinking we are a totally different animal. We will dive into the theory of decoy and how it plays into Active Defense. We will cover why it may be beneficial to advertise to your adversary a totally different attack surface. Watch as we demonstrate certain scanners go crazy when it looks like the server has every CMS known to man, and its all vulnerable! By drawing your attackers attention off of your real infrastructure, they are not only wasting their time trying to attack a non vulnerable app -- but they won't be attacking anyone else.

Bio: John Stauffacher (@g33kspeed) spends his days working for Accuvant Labs as a Solutions Architect. John has over 15 years of experience in the industry and has spent an equal amount of time on both sides of the desk. As a consultant John has advised and received commendations from top names in the Retail, Energy, and Banking verticals. John has spoken at various Conferences including PumpCon, CircleCityCon, GrrCon, LayerOne, BSidesLA, DerbyCon, ToorCon, as well as several other Enterprise Campuses. John is considered an expert in Active Defense, and Web Application Firewall technologies.

Back to Circle City Con 2015 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast