#BHEU: Consider Adversarial Thinking, Ask If the Tool Works

Written by

Delivering the opening keynote at Black Hat Europe, offensive security engineer Amanda Rousseau talked about the move from a defensive to offensive role, and how narrow that has made our thinking.

In the first part of her talk, she said that we have become too immersed in using tools, and do not look underneath them to understand how they work.

She said that security is “filled with tools” and we are told that it is best practice to use them, but we rarely understand how they work and why it works in a certain way, so we don’t trust them.

“Why are we not pushing ourselves to look beyond the surface?” she asked, saying in one instance a tool she “was forced to use was not able to perform, so I wrote my own script and my co-workers thought I was crazy.”

Rousseau said that she was tired of the “color spectrum” of cybersecurity, as we have covered black and white hats, and red and blue teams, when in reality, everyone is on the same side, and recommended using adversarial thinking for defense and everything in between. “Fundamental skills are applicable to both sides: if you can pivot, you have adversarial foundations.”

Looking at blue teaming, she said that there is an assumption that tools and functions work in the way that they are intended, but “how many things work within bounds?” On the red team side, the problem is leaving blind spots and too many people not having experience of writing detections to communicate the changes that need to be made.

She went on to call this a “lack of follow through” and there is too much of an attitude of “not my problem” and “the blue team can figure it out,” when better collaboration and follow through for remediation can help on both sides.

Asking how improvements can be made, Rousseau said that we have “dived so deep it is hard to pivot to something else” and too many people have tunnel vision on one area of focus.

“Never mind the color spectrum, we’re all in this to make everyone’s lives better,” she said.

What’s hot on Infosecurity Magazine?