Today’s attacks succeed because the defense is reactive”. I have been researching attacks and offensive techniques since the past 16 years. As the defenses kept catching up and closing open doors, we attackers looked for new avenues and vectors. Upon looking back on the state of defenses during my days of One-Way Web Hacking in 2001 to Stegosploit in 2016, a common pattern emerges. Defense boils down to reacting to new attacks and then playing catch-up.
It is time to transition defense from being reactive to proactive. This talk discusses seven axioms for implementing proactive defense strategy and measures for the future, concluding with a blueprint of the next evolution of pro-active defense architecture.