DeepSec 2020 Talk: Caught in the Middle with You: Examining the Implications of Adversary Midpoint Collection – Joe Slowik
Information security typically focuses on endpoint exploitation and manipulation. Endpoints are where our tools reside (EDR, log sources, and similar artifacts), and where we are most comfortable operating as these are the systems we interact with on a daily basis. However, adversaries increasingly migrate attacks to cover “midpoint” techniques (DNS manipulation, router exploitation, and traffic shaping mechanisms) to circumvent both endpoint and network defenses. Such actions shift operations to either devices we are unfamiliar with – routers, VPN concentrators, and similar devices – or systems and services completely outside our control – ISP equipment and fundamental Internet functionality. Although media stories highlighting such attacks exist, most threat analysis provides little information on the implications of such attacks or defensive strategies to meet them. By analyzing revelations emerging from various NSA-related leaks, followed by consideration