BACK TO SPEAKERS
Aaron Soto
Rapid7
Aaron Soto is a senior security researcher at Rapid7 on the Metasploit team where he works with a team of exploit developers to identify, test, and integrate the newest exploits into the Metasploit Framework.

He also mentors cybersecurity students at the University of Texas at Austin participating in the Cyber Collegete Defense Competition. His instructional background is centered on network forensics, although his career has included penetration testing alongside certification and accreditation.

In his off-time, he enjoys endurance automotive racing, nighttime photography, and building electronics for home automation.

Purple Packets: Effective Network Defense Against Real-World Attacks
Technical Level (3 being the highest score): 3

There are two sides to every story. Good and bad. Day and night. Host and network. Unfortunately, when it comes to enterprise security, many organizations tend to focus heavily on host-based defenses, and apply “just-enough” monitoring to their network. However, we feel that the network can be one of the best places to not only defend against the attacker, but also observe and understand the capabilities.

Even worse - without proper, impactful network security, you may not be implementing the right adversary defenses. In this talk, we’re going to take a technical lens to the techniques via which advanced adversaries utilize your networks. Whether it’s via intricate protocol abuse, malleable traffic, or combinations of protocols to avoid standard detection, there is much to glean from an observation of network traffic.

To help our audience discover just how impactful proper network defenses can be, we’re going to emulate the top techniques followed by a detailed, technical explanation of each attack. Furthermore, we’ll outline specific steps that would have detected and stopped the malicious traffic. Our goal, by the end of the session, is for our attendees to have a solid understanding of how the attacks work and what they need to do to protect themselves.

Matt and Aaron have combined their expertise to demonstrate real-world scenarios and network forensics.

Watch Aaron describe and perform live attacks a live target, while Matt's defensive infrastructure captures and analyzes the attacks in real-time. Matt will then walk through his defenses, providing details you can use to protect your network.