35+ Cyber Security Courses at SANS Cyber Defense Initiative® in Washington, DC! Save up to $300 thru 10/16.

Rocky Mountain 2019

Denver, CO | Mon, Jul 15 - Sat, Jul 20, 2019
This event is over,
but there are more training opportunities.

The Offensive Defender | Cyberspace Trapping

  • Matthew Toussain
  • Wednesday, July 17th, 8:15pm - 9:15pm

The attacker always wins because they have the advantage. Wrong!

Any seasoned red teamer knows that they need to succeed at each stage of their compromise to achieve the objective. As defenders, we only need to stop them along one point in the intrusion. By leveraging our Home Field Advantage and weaponizing our networks with traps and snares, we have the opportunity to take the initiative and bring the fight to the intrusion set.

Attackers may have an untold and ever-growing number of tools and techniques to use during the attack, but they have a limited set of tried and true tactics. Targeting the adversary and poisoning their tried and true tactics lets us weaponize our environments where the Threat's own decision making is their undoing. When an attacker can never be certain if their own, unique tools are safe for them to use, their decision making is disrupted and the fight is already won. This talk is about the strategy of cyberspace trapping and includes a library of scripts and demonstrations for attendees to take with them and apply on the day.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, July 15
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, July 15th, 8:00am - 8:30am Special Events
Finding Attacks and Compromises Before Day Zero David Hoelzer Monday, July 15th, 7:15pm - 9:15pm Keynote
Tuesday, July 16
Session Speaker Time Type
CYA by Using CIA Correctly For A Change Keith Palmgren Tuesday, July 16th, 7:15pm - 8:15pm SANS@Night
Equifax, Congress, 148 million US taxpayer's information. What Went Wrong? What Lessons Can You Learn from This? Christopher Crowley Tuesday, July 16th, 7:15pm - 8:15pm SANS@Night
Data Protection in the Public Cloud -- a Look at the Good, the Bad, and the Ugly Kenneth G. Hartman Tuesday, July 16th, 8:15pm - 9:15pm SANS@Night
Wednesday, July 17
Session Speaker Time Type
Demystifying XXE Serge Borso Wednesday, July 17th, 7:15pm - 8:15pm SANS@Night
OODA Security: Taking Back the Advantage Kevin Fiscus Wednesday, July 17th, 7:15pm - 8:15pm SANS@Night
The Offensive Defender | Cyberspace Trapping Matthew Toussain Wednesday, July 17th, 8:15pm - 9:15pm SANS@Night