Incident Response & Threat Intelligence

B7: Don’t Fear The Hacking (tools)

Friday, June 9, 2023 1:30 PM - 2:30 PM

Room 405/406


Hacking, especially from the point of view of a defender, has a bad connotation. In fact, anything associated with hacking is frequently shunned by most stalwart defenders of InfoSec. The problem with this myopic point of view is that we defenders are ignoring one of the most important tools in our defender toolbox. “Ah”, you say, “but we have red teams and/or bug bounties to do that for us so we don’t need to sully our hands with ‘hacking’”. Well, yes, those do perform a valuable service but their involvement is rarely timely, usually infrequent, and is often handcuffed by the very companies who use them. One might argue the solution is to remove those limitations but I’m suggesting a different approach that doesn’t entail battling corporate culture. My suggestion is to instead embrace and learn from those hacking tools. I’m not saying defenders should start hacking their company (a not-wise move, but that’s a different discussion). Consider, when building a house, builders look at not only what causes a house to continue to stand but also what causes a house to fail. Since we already know how to ‘build our houses’ let’s consider what causes our ‘houses to fail’ by using the tools that are used to look for holes in our defenses.

Learner Objectives

After this session, learner will: o) where hacking tools fit into a securing mindset o) different tools for different purposes o) don’t skimp on #1 in the Cyber Kill Chain o) how to use those tools vs how *not* to use those tools