Jaime Sánchez aka segofensiva
Scheduled: To Be Announced
Using commercial tools to secure your network is recommended, but it is necessary to be one step further to keep the system secure. With this technique you can give that step in order defend your servers against the first phase of all attacks Fingerprinting. This is done by intercepting all traffic that your box is sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system.
This tool is a practical approach for detecting and defeating:
- Active remote OS fingerprinting: like Nmap or Xprobe
- Passive remote OS fingeprinting: like p0f or pfsense
- Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting
Some additional features are:
- No need for kernel modification or patches
- Highly portable
- Will emulate any OS
- Capable of handling nmap and p0f fingerprint database (beta phase)
- Transparent for the user
- Undetectable for the attacker
- Available for your Linux laptop, server and mobile device
You can get more details of the tool and insights in this Defcon 21 presentation: https://www.defcon.org/images/defcon-21/dc-21-presentations/Sanchez/DEFCON-21-Sanchez-Building-an-Android-IDS-Network-level-Updated.pdf The tool will be released under open source license
Target Audience: Defense and Mobile
Jaime Sánchez (aka @segofensiva) has worked for over 20 years as a specialist advisor for large national and international companies, focusing on different aspects of security such as consulting, auditing, training, and ethical hacking techniques. He holds a Computer Engineering degree and an Executive MBA . In addition, he holds several certifications, like CISA , CISM , CISSP , just to name a few, and a NATO SECRET security clearance, as a result of his role as advisory of many law enforcement organizations, banks and large companies in Europe and Spain.
He has spoken in renowned security conferences nationally and internationally, as in RootedCON , Nuit du Hack , Black Hat (USA, Europe and Sao Paulo editions), Defcon , DerbyCON , NocOnName , Deepsec , Shmoocon or Cyber Defence Symposium , among others. As a result of his researches, he has notified security findings and vulnerabilities to top companies and vendors, like Banco Popular, WhatsApp, Snapchat, Microsoft, Apple etc.
He is a frequent contributor on TV (TVE, Cuatro, LaSexta, Telecinco), press (El Pais, El Mundo, LA Times, NBC News) and radio programs, and writes a blog called 'SeguridadOfensiva' (https://www.seguridadofensiva.com/).