We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Detecting Blue Team Recon With Ads

5
 Cite
 Share
 Download
 Purchase
No logo availableDEF CON
 0x200b

Formal Metadata

Title
Detecting Blue Team Recon With Ads
Alternative Title
Detecting Blue Team Research Through Targeted Ads
Title of Series
Number of Parts
322
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
When my implant gets discovered how will I know? Did the implant stop responding for some benign reason or is the IR team responding? With any luck they'll upload the sample somewhere public so I can find it, but what if I can find out if they start looking for specific bread crumbles in public data sources? At some point without any internal data all blue teams turn to OSINT which puts their searches within view of the advertising industry. In this talk I will detail how I was able to use online advertising to detect when a blue team is hot on my trail.