A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Victor or Victim? Strategies for Avoiding an InfoSec Cold War - Jason Lang, Stuart McIntosh Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Victor or Victim? Strategies for Avoiding an InfoSec Cold War
Jason Lang, Stuart McIntosh
Derbycon 2018

Is your internal red team withholding their TTPs from the defense? Defenders, are you constantly trying to “win” your pentests by fixing vulns on the fly? Have you been on engagements where the blue team starts blocking your ips and targeting you just to prove that they are better, or had pentesters that mock your environment on twitter like you are the butt of an InfoSec joke. These approaches are not working, not only from a personal level but from an industry level. How we choose to work with each other needs to grow if our goal is to protect those around us rather than make a name for ourselves. Come hear stories of offensive engagements done right (and really really wrong), and learn from a seasoned defender and attacker how partnerships should be forged to be most impactful. Victims complain, Victors adapt. Which are you?

With over 10 years of industry experience, Jason Lang (@curi0usJack) has worked in both offensive and defensive roles. Before switching to red teaming, he spent 8 years working as a technical Security Architect for a Fortune 500, specializing in Active Directory and .Net/database development. Stuart has over 15 years in IT and Security. A recovering Security Architecture manager turned frontline blue teamer, he strives to stop threats using every tactic in the playbook and making a few new ones.

@curi0usJack, @Contra_BlueTeam

Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast