Defensive Go back to all

Blog

My session @ Flocon 2018 US

- By Leszek Miś

During a Flocon 2018 in Tucson, AZ, I had a pleasure to talk about various network exfiltration methods and techniques (DNS, ICMP, TCP, UDP, HTTP, RDP, Cloud-app based and others). During a short, 30 minutes talk I described that without:
- Excellent Network Visibility Based on Multiple Collectors (PH, DNS, TLS, HTTP, Logs, SNMP, Netflows, others)
- Network Behavior Analytics powered by Hybrid Supervised/Unsupervised Anomaly Detection
- Active Response Module which supports all your existing security HW/SW

you are doing your Network Security just wrong.

Slides and session descriptions are available here:

https://schd.ws/hosted_files/flocon2018/de/3.%20Flocon%202k18%20-%20Network%20Data%20Exfiltration%20Techniques-almost-final-version.pdf

https://flocon2018.sched.com/event/BthU/may-the-data-stay-with-you-network-data-exfiltration-techniques