This talk will go over the ways a hacker conducts reconnaissance against an organisation to select targets best suited for a DoS attack. Following that we will provide methods for defending your organisation and web applications.

DoS attacks is a topic at the front of a lot of people’s minds at the moment. This talk will examine how a hacker selects targets within an organisation with a goal of causing the greatest business interruption.

Attackers can find juicy targets in more ways than you would initially think. A range of discovery techniques will be presented. People watching this talk will not be left hanging, as it will finish with how you can protect your assets from DoS attacks (spoiler: a CDN, WAF or DoS scrubbing are not magical cures on their own).

$ whoami

Dave/Karit (@nzkarit) in his time working in various parts of the IT industry has developed a skillset that encompasses various disciplines in the information security domain. Dave currently works as a Penetration Tester at ZX Security in Wellington and runs Kākācon.

Since joining ZX Security Dave has presented at DefCon, Kiwicon, Aerospace Village @ DefCon, BSidesCBR, ChCon, Unrestcon and at numerous local meetups; along with running training at Kiwicon, Syscan, CrikeyCon and TuskCon. He also has a keen interest in aerospace, lock-picking and all things wireless.