DeepSec 2023 Talk: The Attacker Mindset: Practical Lessons from the Field – Yossi Sassi
Occasionally we come across the expression “attacker mindset”, yet without properly understanding what it means in practice. What does it REALLY mean? Is it a different way of thinking? Planning? Improvising? Or execution? Or maybe all of the above? We’ll dive into some practical examples & hands-on demos to understand what this term actually means, from an engagement perspective.
We asked Yossi a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- Based on real-world engagements at dozens of customers worldwide, four continents, including Fortune 100 companies.
- Learn how to “think” like an adversary, not just hear about tools & techniques.
- Various hands-on demos to demonstrate the session topic.
- Cool research and code from self exploration.
- Gain overall insights, whether you are a Red or Blue teamer (also Purple is great :))
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
Talking to colleagues recently, I became aware that while many focus on the TOOLSET, or sometimes the SKILLSET, very little is ever shared regarding the right MINDSET for understanding adversaries.
Why do you think this is an important topic?
Coming from 30+ years professional infoSec work, I have been practicing pentesting and red-teaming, as well as training teams, and always feel there is a gap between toolset, skillset and mindset. And that’s something worth sharing.
Is there something you want everybody to know – some good advice for our readers, maybe?
Strive for simple, informative solutions – complexity can only be tamed by plain approaches. Never stop reaching for knowledge, regardless of how quick “AI” seems to progress and to give you a feeling of everything is just a “copy-paste” distance away from you – it is not.
A prediction for the future – what do you think will be the next
innovations or future downfalls when it comes to your field of expertise
/ the topic of your talk in particular?
In 1998, I spoke at a Microsoft conference, and “predicted” that all system admins here will have to learn to write code if they want to control NT5 (windows 2000), using windows script host etc. There was a big laugh in the audience. Today DevOps set the tone for IT/sys, and you must know much more than just scripting. I’d say – while the pace of things is getting quicker, concepts rarely change. We’ve moved from centralized computing (Mainframe, VAX etc.’) to Client-Server, only to come back to a centralized computer, just using mobile and/or browser rather than a green VT-20 terminal 😄 We keep adapting the past to our currently evolving landscape, but mindset and architectures remain solid knowledge to lean on.
H@כk3r & seasoned InfoSec researcher/red team trainer. Sassi has accumulated extensive experience in information security for over 30 years, on assessments on 4 continents, conducting DF/IR investigations and more, including Fortune100. Ex-Javelin Networks (acquired by Symantec). Ex-Technology Group Manager at Microsoft (coded windows server resource kit tools). Sassi was awarded four Peace and friendship awards from governments and universities, and speaks regularly at various security conferences around the globe. Volunteer for youth at risk, Oriental-Rock bouzoukitarist & an aviator.