As an attacker there are certain things that I will go after that should never be seen in a network. This presentation will focus on deception techniques that any organization can implement in order to create fake infrastructure that attackers will use in order to identify them in the early stages of an attack. Deception techniques are interesting, because it really needs to be believable for an attacker to go after them. This presentation talks about different techniques that make it hard for an attacker to differentiate with what?s real and what?s not, and how to best build better defenses.

David Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated where he ran the entire INFOSEC program. David is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), Artillery, and several popular open source tools. David has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. David is the co-host of the social-engineer podcast and on several additional podcasts. David has testified in front of Congress on two occasions on the security around government websites. David is one of the founding authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. David is the co-founder of DerbyCon, a large-scale conference in Louisville, Kentucky. Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.

Recorded at NolaCon 2017