2019-016-Conference announcement, and password spray defense
BrakeSec Education Podcast · Bryan Brake
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Agenda:
Announce the conference
CFP: up soon
CFW: up soon
Campers: Friday night/Saturday night
Like "toorcamp", but if it sucks, you can drive home… :D
Limiting tickets, looking for sponsors
To support the conference and future initiatives:
"Infosec Education Foundation"
501c3 non-profit (we are working on the charity part)
Password spraying
https://github.com/dafthack/DomainPasswordSpray
Stories:
https://blog.stealthbits.com/using-stealthdefend-to-defend-against-password-spraying/
http://blog.quadrasystems.net/post/password-spray-attacks-and-four-sure-steps-to-disrupt-them
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/simplifying-password-spraying/
Detecting one to many…..and at what point/threshold during an attack would it be a PITA for the redteam to slow down to
Annoying NXLog CE limitation
Log-MD can help detect? Yep
CTF Club is happening again
Pinkie Pie is running it.
Saturdays at 2 -3 pm