2019-016-Conference announcement, and password spray defense

46:11
 
Share
 

Manage episode 232330535 series 124251
By Bryan Brake and Bryan Brake - CISSP | Information Security | Vuln Management. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Agenda:

Announce the conference

CFP: up soon

CFW: up soon

Campers: Friday night/Saturday night

Like “toorcamp”, but if it sucks, you can drive home… :D

Limiting tickets, looking for sponsors

To support the conference and future initiatives:

“Infosec Education Foundation”

501c3 non-profit (we are working on the charity part)

www.infoseccampout.com

Password spraying

https://github.com/dafthack/DomainPasswordSpray

Stories:

https://blog.stealthbits.com/using-stealthdefend-to-defend-against-password-spraying/

http://blog.quadrasystems.net/post/password-spray-attacks-and-four-sure-steps-to-disrupt-them

https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spraying-with-Security-Event-Auditing

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/simplifying-password-spraying/

Detecting one to many…..and at what point/threshold during an attack would it be a PITA for the redteam to slow down to

Annoying NXLog CE limitation

Log-MD can help detect? Yep

CTF Club is happening again

Pinkie Pie is running it.

Saturdays at 2 -3 pm

297 episodes