#BHEU: Consider Adversarial Thinking, Ask If the Tool Works

Dec 4, 2019 04:00 pm Cyber Security 230

#BHEU: Consider Adversarial Thinking, Ask If the Tool Works

Delivering the opening keynote at Black Hat Europe, offensive security engineer Amanda Rousseau talked about the move from a defensive to offensive role, and how narrow that has made our thinking.



In the first part of her talk, she said that we have become too immersed in using tools, and do not look underneath them to understand how they work.





She said that security is “filled with tools” and we are told that it is best practice to use them, but we rarely understand how they work and why it works in a certain way, so we don’t trust them.





“Why are we not pushing ourselves to look beyond the surface?” she asked, saying in one instance a tool she “was forced to use was not able to perform, so I wrote my own script and my co-workers thought I was crazy.”





Rousseau said that she was tired of the “color spectrum” of cybersecurity, as we have covered black and white hats, and red and blue teams, when in reality, everyone is on the same side, and recommended using adversarial thinking for defense and everything in between. “Fundamental skills are applicable to both sides: if you can pivot, you have adversarial foundations.”





Looking at blue teaming, she said that there is an assumption that tools and functions work in the way that they are intended, but “how many things work within bounds?” On the red team side, the problem is leaving blind spots and too many people not having experience of writing detections to communicate the changes tha ..

Support the originator by clicking the read the rest link below.

consider adversarial thinking works
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!