As the second day of ShmooCon 2014 dawns over Washington DC, I'm reflecting on the talks that kicked off the weekend yesterday. Particularly useful was a presentation by security practitioner Rob Fuller called "Attacker Ghost Stories: Mostly Free Defenses That Give Attackers Nightmares."
You can never have too many security weapons in your arsenal, and Rob walked the audience through several worth considering. Some were free tools available online, others were techniques.
Specifically, the talk outlined "protections, mitigations, or detection mechanisms" he has seen across businesses big and small that were "innovative and highly effective, yet free (or mostly free) and stopped me (as an attacker) dead in my tracks." (I'm quoting from the talk description on the ShmooCon website.)
He went over 11 or so methods, tactics, and software setups that will cut down intrusions significantly. After the talk, Rob kindly shared his slide deck with me so I could in turn share it with you. What follows are the slides as presented. Many thanks to Rob for sharing.