logo

Real Eyes, Realize, Real Lies: Beating Deception Technologies

Conference:  BlackHat USA 2018

2018-08-09

Summary

Deception technologies are becoming more effective and widespread in mature organizations, but there are key weaknesses that persistent attackers can exploit. The speaker provides guidelines, tactics, and an open-source tool for red teams to avoid getting trapped during engagements.
  • Deception technologies are a legitimate and effective security layer of defense
  • Deception technologies feature a variety of traps, deceits, and lures distributed across the enterprise's internal environment
  • Adversaries will inevitably adapt to deception technologies
  • There are key weaknesses in deception technologies that persistent attackers can exploit
  • The speaker provides guidelines, tactics, and an open-source tool for red teams to avoid getting trapped during engagements
The speaker shares an anecdote about encountering a deception technology during an engagement and using a tool to check the effective rights of the user in order to know what they can or cannot do. They emphasize the importance of exploiting the precautions that deception providers have to take in order to distinguish between good and bad.

Abstract

Recent advancements have reinvented deception technologies and their use as a security layer of defense, making them no longer passé but so effective and believable that they are fast-becoming widespread in mature organizations. Many security providers now successfully disrupt attacks by offering comprehensive deception capabilities, featuring a variety of traps, deceits, and lures distributed across the enterprise's internal environment. While deception is a legitimate (and cool) threat detection and response strategy, like any other security trend, adversaries will inevitably adapt.In this talk, we will discuss key weaknesses in deception technologies enabling a persistent attacker to overcome modern advanced deception techniques and beat deception solutions at their own game. We will share some guidelines, tactics, and a new open-source tool to arm red teams with the knowledge needed to avoid getting trapped during their next engagement.

Materials:

Tags: