- Modern Intrusion Practices
- Gerardo Richarte
- Black Hat Briefings 2003, Las Vegas, July 30-31, 2003.
- Date published
- automated penetration testing, attack planning, ooda loop, syscall proxying.
Current pen-testing practices focus on hosts or networks as targets, and start with a noisy recognition and information gathering phase regardless of the mission. We’ll start reviewing this practices, and showing how some examples of targets not comonly used open new dimensions for planning attacks and creating new tools.
The main focus of this talk is to start walking the path to a new perspective for viewing cyberwarfare scenarios, by introducing different concepts tools (a formal model) to evaluate the costs of an attack, to describe the theater of operations, targets, missions, actions, plans and assets involved in cybernetic attacks. We’ll talk about current and immediate uses of this tools for attack and defense, as well as some future-but-not-sci-fi applications of it.