Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, penetration tester or otherwise. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This presentation will be a mini-tutorial on how the various forms of “bot detection” out there work, and how to modify/spoof the necessary client environments to bypass nearly all of them using anything from Python Requests to Selenium, Puppet and beyond.
Presentations for AI
The shift to the cloud, Agile and DevOps is making it more difficult than ever for security teams to control what happens in their organizations and secure systems.
The obvious solution is more security tools, more security people, and ever-inventive ways to reign in your environment.
You. Will. Fail.
The only way to get better is by giving up the illusion of control and the delusion that you can achieve control.
Instead, we’ll talk about how engineering automation to create a culture of empowerment, self-reliance and trust can result in better security outcomes. Along the way, we’ll learn about how the adoption of Agile and DevOps is creating value in some unexpected ways…
Subtitle: The Ultimate Insider in the Cloud