"hey aidden from smallville!!"
Hacking back in degrees
Latest Activity
David Willson commented on strandjs's blog post Welcome to Offensive Countermeasures!"Strandjs, do you know of case law on hack back? I have not found any. My theory focuses on the CFAA and provides that when using automated responses or code you have not gain unauthorized access to a computer. Many caveats and…"
David Willson posted a status"I have spoken on this topic at many conferences, to include an FBI topic, and it is well received and needs to be discussed and explored."
David Willson posted a status"I am an attorney focused on cyber security and have published an article: "Hacking Back In Self-Defense: Is It Legal; Should It Be?""
Forum
Slides from Durbycon and SANS San Francisco
Slides from Durbycon and SANS San FranciscoContinue
Started by strandjs Nov 23, 2011.
SANS Class stuff 2 Replies
This is where the stuff for my SANS classes goes.
Started by strandjs. Last reply by Brad Milhorn Nov 23, 2011.
BH Extra lab 1 Reply
Extra labs for the Black Hat class
Started by strandjs. Last reply by strandjs Aug 1, 2011.
Raw OCM Video
Attached is the raw video for the OCM class coming up at Black Hat Vegas on July 30-31.
Started by strandjs May 18, 2011.
Welcome to Offensive Countermeasures!!
Before we get into this too much please check out the following:
http://en.wikipedia.org/wiki/OODA_loop
The main issue with computer security and Cyber-Warfare today is that there is very little that most organizations on our side are willing to do when
it comes to hacking back against the attackers. There are a number of
good reasons for this, one being legal issues and collateral damage to
intermediary systems. However, it is an aspect of computer security that
needs to be addressed, especially for our customers.
Long story short, if we have overly stringent rules and our opponents do not, whom is going to win?
We have to get inside an attacker’s OODA loop and change the dynamics in such a way they did not expect.
Hence, offensive countermeasures should be considered.
This is quite a bit different than seeing an attack from an IP address, then attacking that IP address. Rather it requires some subtle
techniques that we can utilize on the inside of a network after an attacker has
comprised the perimeter. And trust me, they will get in.
So this site is dedicated to finding ways to hack back. It is also dedicated to finding ways to get attribution on who the attackers are and where they are coming from.
Please, understand that we are also about options. We want to provide ways to find out as much as possible about an attacker, all the way to getting access to an attacker's system.
Finally, we want to illuminate the legal issues surrounding this topic. Time to fight FUD with fact. There is case law. Hacking back has been done. It just requires a bit of research and finesse.
-strandjs
PaulDotCom
http://en.wikipedia.org/wiki/OODA_loop
The main issue with computer security and Cyber-Warfare today is that there is very little that most organizations on our side are willing to do when
it comes to hacking back against the attackers. There are a number of
good reasons for this, one being legal issues and collateral damage to
intermediary systems. However, it is an aspect of computer security that
needs to be addressed, especially for our customers.
Long story short, if we have overly stringent rules and our opponents do not, whom is going to win?
We have to get inside an attacker’s OODA loop and change the dynamics in such a way they did not expect.
Hence, offensive countermeasures should be considered.
This is quite a bit different than seeing an attack from an IP address, then attacking that IP address. Rather it requires some subtle
techniques that we can utilize on the inside of a network after an attacker has
comprised the perimeter. And trust me, they will get in.
So this site is dedicated to finding ways to hack back. It is also dedicated to finding ways to get attribution on who the attackers are and where they are coming from.
Please, understand that we are also about options. We want to provide ways to find out as much as possible about an attacker, all the way to getting access to an attacker's system.
Finally, we want to illuminate the legal issues surrounding this topic. Time to fight FUD with fact. There is case law. Hacking back has been done. It just requires a bit of research and finesse.
-strandjs
PaulDotCom
Videos
Blog Posts
Presentation
Is there somewhere we can pick up the slides from the Denver presentation? Thanks!
Regards,
bberger
Regards,
bberger
Welcome to Offensive Countermeasures!
Before we get into this too much please check out the following:
http://en.wikipedia.org/wiki/OODA_loop…
ContinuePosted by strandjs on July 17, 2010 at 11:30pm — 2 Comments
© 2012 Created by strandjs.
Powered by
