We have seen a consistent set of patterns in attacker behaviors, and breach targets, over the last year. We often see where adversaries are repeat offenders - reusing the same recon techniques, and the same threat infrastructure (in new ways), to attack the same target again - if the target continues to play whack-a-mole treating hardening systems and investigating breaches as one-off events. This presentation will focus on the common patterns of compromise, and adversarial behavior in the early stages of the "kill-chain", leading up to the first attack. The goal for Red-teams & vuln-managers is to show how adversaries do recon and setup, to enable you to measure & manage your attack surface more realistically to how your adversaries will map it out. The goal for Blue-teams & IR is to show new patterns and pivots we see adversaries make, and what Internet security datasets you can use to pinpoint them.

Arian Evans is a 17-year veteran of the software-security industry. As VP of Product Strategy Arian is responsible for ensuring RIskIQ technology enables enterprises to accurately visualize their internet-exposed attack surface, and detect external threats. - Prior to RiskIQ - Arian spent 8 years at WhiteHat Security as VP of Operations, and VP of Product Strategy, where he was responsible for creating product lines, service-delivery, customer support, and building WhiteHat's Threat Research Center, and R&D teams, testing over 40,000 applications continuously. Prior to this Arian was Global Application Security Practice Lead for FishNet Security, IPO for US Central, and a software security engineer for several financial services organizations. Evans also worked on global projects for the Center for Internet Security, NIST, the U.S. FBI, the U.S. Secret Service, including incident-response/forensics for three letter agencies, and many large commercial organizations. - Evans is a frequent speaker at industry conferences including BlackHat, Derbycon, OWASP, Hacker Halted, NIST, and has researched and published zero-day attack-techniques in widely-deployed, flagship products from vendors such as Cisco, Microsoft, and Nokia. -- James Pleger is currently the Head of Research at RiskIQ, focusing R&D team efforts on improving our customers lives by taking an outside-in approach to security. Part of this effort is ensuring that ad networks and exchanges are able to combat malware and other sources of malicious activities. Additionally, our team focuses on bringing new technologies and detection methodologies to help ensure that we are keeping up with the threat landscape as it evolves. James speaks frequently at conferences and likes short bios.

@arianevans, @jpleger

Back to Derbycon 2016 video list