Monterrey 1
1:05 pm - 1:55 pm, Tuesday, September 26
1:05 pm - 1:55 pm, Tuesday, September 26
Battling Bots: How Current Defenders Deal with Automation
Threats (Detection/Hunting/Intelligence/Mitigation/Monitoring)
About
Session Abstract: Bots and other forms of automation have a storied history in computing. Some are used for good, for example financial aggregators that help people budget their life or plan for retirement, and others are used for evil, like credential stuffing. This session will review the evolution of bots and how they can be used for good and for evil. We'll also build a couple of bots during the session.
Additional Information: It’s more common for those entering the workforce to have a working knowledge of at least one current and practical programming language, like Python. It's inclusion in UNIX-based operating systems makes it a familiar crutch when we need to automate something that would be manually mundane. But many modern programming languages make automation easy and network aware, often with examples readily available to anyone strong Google-Fu. Enter Bots! Some are used for good, for example financial aggregators that help people budget their life or plan for retirement, and others are used for evil, like credential stuffing--which can be more difficult to detect with truly scriptable headless browsers. This session will review the evolution of bots and how they can be used for good and for evil. We'll also build a couple of bots during the session and use our powers for good! Attendees should either be familiar with a programming language such as Python, or should be enthusiastic about learning how to code after using the examples and source provided during this talk. We will discuss common problems with web automation when an API is not available, and how these bots can be used to do things like alert you when new software is available or help you score a reservation to your favorite restaurant. After the session, attendees can download a resource pack that will include source code links, further reading, more examples, and links to current automation services that can jump start their understanding of how bots work, so they can be armed to have risk-based conversations with management on the treatment of bots. We will cover everything from a lassiez-faire posture to honeypots to active response.
Additional Information: It’s more common for those entering the workforce to have a working knowledge of at least one current and practical programming language, like Python. It's inclusion in UNIX-based operating systems makes it a familiar crutch when we need to automate something that would be manually mundane. But many modern programming languages make automation easy and network aware, often with examples readily available to anyone strong Google-Fu. Enter Bots! Some are used for good, for example financial aggregators that help people budget their life or plan for retirement, and others are used for evil, like credential stuffing--which can be more difficult to detect with truly scriptable headless browsers. This session will review the evolution of bots and how they can be used for good and for evil. We'll also build a couple of bots during the session and use our powers for good! Attendees should either be familiar with a programming language such as Python, or should be enthusiastic about learning how to code after using the examples and source provided during this talk. We will discuss common problems with web automation when an API is not available, and how these bots can be used to do things like alert you when new software is available or help you score a reservation to your favorite restaurant. After the session, attendees can download a resource pack that will include source code links, further reading, more examples, and links to current automation services that can jump start their understanding of how bots work, so they can be armed to have risk-based conversations with management on the treatment of bots. We will cover everything from a lassiez-faire posture to honeypots to active response.
For any and all inquiries please click the button below
Tim Garon
Director, Event Content and Strategy
Join our mailing list for the latest news on InfoSec World 2024.