There are a lot of preconceptions about defense, the most prevalent one probably the “defenders dilemma” in which it is stated that an attacker only needs to find one weakness to compromise a network while a defender needs to defend all of them. While this may be true in a technical sense, things become a lot more complicated once you apply real world considerations. Preconceptions like this are often the foundation on which risk management and ultimately defense strategies are based, something that has led to a number of false but generally accepted assumptions about attackers and their capabilities, and how to defend against them. This talk will discuss the capabilities, and more importantly the limitations, of different types of attackers. Using the ancient wisdom of the Teenage Mutant Ninja Turtles, the speaker will explain how knowledge of an attacker’s limitations can be leveraged to raise the cost of attack, something that will tip the scale in the defenders favor. The speaker will also explain how different defensive measures will affect different types of attackers, how they are likely to react to them, and in the end how to get them to hopefully move on to another target.
Andreas Lindh is a security analyst and engineer working for I Secure Sweden in Gothenburg, Sweden. He specializes in threat & vulnerability analysis, intrusion detection and generally making his clients more secure. When he's not dissecting threats or kicking some intruder off a network somewhere, he likes to write crappy Python code and make bad puns on Twitter. Andreas has previously presented his work at, among others, Black Hat USA, Virus Bulletin and 44Con.