DoS Attacks are Dead: Demystifying Practical DoS Attacks- 2 mins
I recently had the opportunity to speak at BlackHat MEA 2022, the largest security conference in the Middle East and Africa region. My talk, titled “Demystifying Practical DDoS Attacks”, focused on the increasing threat of DoS attacks and the need for improved defense solutions, and to practically validate current DDoS prevention solutions.
In my presentation, I shared my research on practical DoS attacks, including recent Application-Level DoS attacks and evasion techniques. I also discussed the discovery of unique DoS vectors in modern APIs and demonstrated how to simulate the largest Layer 7 DDoS attack that Google Cloud experienced in August 2022.
One of the key points I emphasized in my talk was the need to go beyond traditional volumetric DDoS attacks and focus on the more sophisticated and stealthy Layer 7 attacks. These attacks, which target the application layer of a network, can be harder to detect and mitigate, and can cause significant disruption to businesses and organizations.
I also discussed the importance of developing effective defense solutions and shared some of the techniques and approaches I have been researching in this area. This included discussing the use of machine learning and artificial intelligence to improve the detection and response to DoS attacks.
Overall, my talk was well-received by the audience at BlackHat MEA, and I was happy to have the opportunity to share my research on this important topic.
DoS attacks have been a nightmare that increases every day. While the news emphasizes notable Volumetric DDoS Attacks, there is much more to that that is not being publicly highlighted.
In my talk, I will share my research on practical DoS Attacks that I have been researching, Layer 7 DoS attacks and TTPs, and evasion of DDoS Defense Solutions. I’m also discussing the discovery approaches of unique DoS vectors in modern APIs. Lastly, I will run a drill on how to simulate the largest Layer 7 DDoS attack that Google Cloud faced in August 2022 (with a peak of 46M requests per second).
PDF: DoS Attacks are Dead: Demystifying Practical DoS Attacks - BH MEA 2022.pdf
- Secrets Patterns DB: Building Open-Source Regex Database for Secret Detection
- Speaking at BlakcHat MEA 2022
- Shennina Framework - Automating Host Exploitation with AI
- Scan Terraform plans and changes with tfquery via SQL-powered framework
- Twitch Internal Security Tools: In-depth Analysis of the Leaked Twitch Security Tools