What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Notes for Offensive Countermeasures

  • There are times where you will be required to do more than the standard Incident Response tactics.
    • In particular when working with law enforcement
  • Being that this is an advanced topic and we need to be prepared.

  1. Annoyance - Because messing with attackers is fun.
    • OODA:
      • Observe
      • Orient
      • Decide
      • Act
    • Whoever can do these things the fastest - does not die
    • Originally developed for fighter-pilots
      • Can apply to computer security
    • With current security models, how many of these can you impact?

  2. Attribution - Who is attacking me?
    • Why Attribution? - Easy answer: Get the bad guys
    • More difficult situation: You cannot get the bad guys
      • What?
    • If you are being attacked by a nation state, "getting the bad guys" might be kind of hard
    • So, why do this then?
    • One, know what they are after
    • Two, understand what they already have
    • This will help you better design defenses and better understand how much you need to allocate to this issue

  3. Attack - Here There Be dragons.
    • Court authorization is very helpful
      • But even with this there are different areas
    • We want to focus on client-side attacks
      • Force the attacker to take something from us in the first place
    • Do not make your malware easily accessible
    • You want to be pretty clear that if an attacker does trip on this, they stole from you first
    • There are many ways this can go wrong
    • Be careful

No comments:

Post a Comment