reSee.it - Tweets Saved By @JohnLaTwC
@JohnLaTwC - John Lambert
I spoke at @MSFTBlueHat last week. ➡️https://github.com/JohnLaTwC/Shared/blob/master/Presentations/2023-10-BluehatUS.pptx I will follow up with a link to the recording when it is posted. Some highlights from my talk below👇👇👇
@JohnLaTwC - John Lambert
I talked about how incidents can teach powerful lessons and contain important truths for defenders.
@JohnLaTwC - John Lambert
I talked about while it is often romanced that offense has a richer toolset compared to the singular metaphor for defense ("the shield"). Defense has many creative ideas within it as well.
@JohnLaTwC - John Lambert
Some foundational concepts for defenders include: 1. Every contact leaves a trace...in a log 2. Defense involves the process of mapping attacker activity to its traces in logs 3. Attacks can take place on many logical layers 4. How essential pivoting is to navigating your data
@JohnLaTwC - John Lambert
I talked about the ability to find breaches by time-traveling through logs. Some attacker techniques may have fewer methods of expression (e.g. credential dumping, privileged group enumeration) and these serve as important detection "bottlenecks" in the kill chain.
@JohnLaTwC - John Lambert
I also talked about the importance of building trust as defenders and how it can be the fastest way to accomplish things.
@JohnLaTwC - John Lambert
Often our toughest problems at work are not technical, but rather inter-team issues. I gave some tips on dealing with these.
@JohnLaTwC - John Lambert
Finally, I talked about the importance of staying sane, focusing on your health, and having good work/life boundaries.
@JohnLaTwC - John Lambert
When the video for the talk is posted, I will link it here.
@JohnLaTwC - John Lambert
The audio 🎙️of this talk can be found at the @bluehat podcast: https://podcasts.apple.com/us/podcast/bluehat-oct-23-day-1-keynote-john-lambert/id1688087915?i=1000631758360
