Erik Schwartz -- 2018 Attack Con Notes

2018 Keynote talk: advancing infosec

By John Lambert, Microsoft

Conventional Wisdom in Defense

Reverse mentorship, where less experienced person explains concept to more experienced
How to increse rate of learning
- Promote community
- Organized knowledge
- Executeable Know-how
- Repeatable Analysis
“Githubification” of Infosec: important for community to share vendor-neutral learnings that any tool can pull in. So that we can all benefit for any other team’s incident response, just just our own. Multiply our power.

Mimikatz tool to explore windows security
Virustotal to analyze files and URLs for maliciousness
Yara database of metadata to identify malware samples
snort analyze packets; intrusion detection
Atomic Red Team test cases that simulate attacks to verify Blue Team alerts
Jupyter notebooks hyper popular datascience toolset in python. Great way to share infosec analysis. E.g. visualize netblocks that a machine connects to.
Papermill parameterize and run jupyter notebooks in automated fashion
Binder platform as a service that quickly hosts a jupyter GitHub repo so you can interact with it in your browser.