Adversarial Defenses: Beartrapping Linux Servers
Everything is a subscription with a cost now. Nothing is cheap, either. The services that were supposed to help us out are turning out to be lots of overhead. How do you defend yourself without logs? How can you even tell you're getting attacked? The ancient ways still work! You can do practically anything an appliance or cloud service can do using plain old linux. Want a typing indicator for a remote server? How about shielding an on-prem exchange server from the internet, or making it completely invisible? What about monitoring logs across multiple servers, and then changing firewalls based on the entries? Trapping attackers inside of dancing ascii art? It can all be done, and more! Using the power of all the stuff under the hood of all those expensive appliances people keep buying. You can do a lot with the right linux command line swordsmanship. Let me show you!
Presented at Security Fest 2024.
Speaker: Dan TentlerAbout Dan Tentler
Dan is the Executive Founder of Phobos Group, a boutique information security services and products company specializing in custom tailored assessment and engineering work. Having been on both red and blue teams, Dan brings a wealth of defensive and adversarial knowledge to bear on offensive, defensive or architectural concerns. Dan has spent time at Twitter, British Telecom, Websense, Anonymizer, Intuit and Sempra Energy, to name a few and has a strong background in systems, networking, architecture and wireless networks, translating to strengths in lateral movement, data exfiltration, hiding from the blue team, physical security and a variety of other red team techniques. Outside of work, Dan's cooking, FPV drones, making hot sauce and absurd home automation projects.
