Counter moves¶
Attacker techniques, defender’s view. What to harden, what to detect, what to hunt for, what to do when it triggers.
- Closing the doors just walked through
- The machine at the point of impact
- Traffic patterns as evidence
- The surface designed to be accessible
- The application layer as a target
- Infrastructure you defend but do not own
- Where the container meets the host
- Systems that were never meant to be networked
- The domain as an attack graph
- The gap between access and authority
- Harvesting stored secrets
- Surviving the reboot
- From target to target
- Plausibility as cover
- Evasion trends: defensive perspective
- Behavioural detection
- Deception technology
- Network-level detection of evasion
- C2 framework signatures
- Hardening against evasion
- Serverless and cloud-native evasion
- Containers and Kubernetes evasion
- Long-window detection
- Evasion technique coverage matrix
- Evasion detection and hunting
- Memory corruption and its limits
- Watching data being gathered
- Watching the exits
- Limiting the blast radius
- Operational cost of security controls