Smoke and Mirrors:
Wasting a hacker’s time with misdirection & obscurity

OVERVIEW

In the world of DevSecOps, it’s not enough to simply secure your applications and systems against known vulnerabilities. As cybercriminals become more sophisticated, taking additional steps is important to make it more difficult and expensive for them to breach your defenses. Obfuscation techniques can be a powerful tool in this fight, costing hackers valuable time, resources, and money.

In this talk, we’ll explore some simple obfuscation techniques that can be used to make life harder for hackers. We’ll cover simple to advanced techniques like hiding the login page, redirecting hackers to honeypots, using fake data that triggers canaries, preventing email scraping, feeding fake emails to scanning tools, using dummy DNS entries, and using fake comments in code to mislead attackers about vulnerabilities that do not exist. We’ll also discuss strategies for obscuring code and purposely leaking API keys to create distractions and dead ends for attackers.

Whether you’re a developer, security professional, or DevOps practitioner, this introduction will provide valuable insights into how you can use obfuscation to make your applications more secure and resilient against cyber attacks. Join me and learn how to make life harder for hackers in DevSecOps!