[Dailydave] Reverse Engineering LOLs

[Dave Aitel]

If you've ever rolled with a world-class black-belt you know that no matter
how hard you are trying, they catch submissions seeming effortlessly. They
simply have a different understanding of space and movement and momentum
than you do. And the same thing is true in the cyber operations field. In
this way, the movies get the emotions around hacking completely wrong, the
dark room, the "I'm IN!" moment, the tension.

When you watch a really top tier hacker at work, it's more like they're
confused at how big a clown show his target is, for reasons they just can't
figure out. "I dunno why they chose to store this whole password db in
cleartext on that public share". "I guess they updated every system BUT the
AD Server?" "Lol, yeah, RDP into this box with the domain admin password
equivalent, sure." "Setuid shells are cool on this NFS server, I guess!"
"LOL, I owned their box and then wrote a loop to send infinite telemetry
messages to their EDR system with random PIDs as fast as possible and the
whole thing fell over because database ingestion is hard"

So much of what we do in BJJ is basically trying to reverse engineer the
principles behind the movements so we can learn how to replicate success.
Then we call whatever we've figured out a "System" or a "Guard". The same
thing in is true in INFOSEC, and it's fun to watch people build taxonomies
and classifications for attack patterns that exist because a team somewhere
has an understanding of momentum that eclipses that whole way of thinking.

-dave
P.S. Come to INFILTRATE. ;)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20200116/5657273e/attachment.html>