Usenix Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers
some quick notes taken while watching the presentation:
Know your network, the devices the security technologies and things inside it.
Attackers will often employ ppl that study the security technology of the devices you use to a very deep level. They end up knowing it better than those who develop it.
reconnaissance
Reduce attack surface, red team, pen test and act on results. Don’t assume a small crack is too small to be found. Attackers are patient and persistent, they’ll keep poking and they’ll wait for windows of opportunity if needed.
network boundaries expanded with byod, work from home, cloud, mobile devices that come and go
exploitation
spear phishing, waterhole, known cve, sql injection, 0day. Note that it’s not all 0days.. attackers persistence and focus will get them in.
brest practices, baselines, credentials. Have processes to know what is norm.
segmenting, whitelisting
move laterally, how will you detect it? segment, manage trust
defend & improve -> rinse and repeat