Offensive talks are easy, I know. But the goal of offensive security at the end of the day is to make us better defenders. And that's hard. Usually after the pentesters/auditors (or worst - red team) leaves, there's a whole lot of mess of vulnerabilities, exposures, threats, risks and wounded egos. Now comes the money time - can you fix this so your security posture will actually be better the next time these guys come around? This talk focuses mainly on what should be done (note - no what should be BOUGHT - you probably have most of what you need already in place and you just don't know it yet). Methodically, defensively, decisively. Just like the red-team can play ball cross-court, so should you! This talk will walk through some of the finer lines between legality and ethics to see just how aggressive can the defenders be. Some examples from actual organizations that practice "SexyDefense" will be provided - both at the intelligence gathering aspect, as well as the incident management and re-action to attacks.
| Name | Type | Role | |
|---|---|---|---|
| Ian Amit | Guest Star |