Trapping Adversaries in the WAF of their Journey

[gaurav-gogia]

Abstract Threat hunting, firewall deployment, and configuring those firewalls according to threat feeds needs to be a tight loop. However, coordinating between different teams while handling multiple high priority tickets can be cumbersome. A more proactive approach towards understanding of adversary behaviour can be achieved through deception tech. In this session we’ll learn about web application firewalls, honeypots, and how to build our own deceptive firewall on the layer 7 to trick adversaries into thinking that they have gained access critical data while the blue team tracks their move to learn new attack paths. It’ll be a hands-on session with minimal theory to ensure practical coding and demo parts can be given enough time.

Expected Duration 60 minutes

Track - Intermediate

Pre-requisite - Some programming knowledge - Some knowledge of backend dev/RESTful APIs - Go programming language installed - MongoDB installed (optional)

Resources - What's a WAF? - What is deception tech? - CLI WebApp Generator

Slides Trapping Adversaries in the WAF of their Journey

Preferred Time and mode Day/Offline

Previous Experience - NULLCON Goa 2022 - GCCD New Delhi 2022

Contact info - LinkedIn - E-mail

Checklist

Place an '[x]' (no spaces) in all the fields you agree to. You can keep the fields blank on which you don't agree

The talk/workshop speaker agrees to,

• [x] Share the slides, code snippets and other material used during the talk
• [x] If the talk is recorded, you grant the permission to release the video on ILUGD's YouTube channel(LINK) under CC-BY-4.0 license
• [x] Not do any hiring pitches during the talk and follow the Code of Conduct(LINK TO COC)

---

Note

Please do add/upload slides in pdf or an open document format. People who are using LibreOffice, openOffice etc. should not have any problems viewing it.