Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Three (Totally Legal) Strategies for ‘Fighting Back’ Against Cybercriminals

The idea of ‘fighting back’ against hackers is both scary and risky business. Most security professionals would strongly advise against it, in part because one false move could land you behind bars. But ‘fighting back’ doesn’t have to translate into attacking an attacker’s IP address, setting up lethal traps for hackers, or purposely damaging systems--it’s about defending your own networks, while working to identify and gather evidence of the attack and attackers.

Tenable’s Paul Asadoorian will be presenting alongside John Strand, Senior Instructor with the SANS Institute, on this topic at RSA today, March 1, 2012. They’ll share practical advice on how to responsibly integrate offensive measures into your network security strategies. They’ll also cover legal considerations, relevant case studies of people and organizations that strategically (and legally) fought back, sensible techniques, and strategies for determining if offensive countermeasures are right for you.

Here’s a quick look at three ‘offensive’ strategies Paul and John will cover in the presentation:

  • Annoyance: The presentation will include tips on how to set HoneyPot traps, find vulnerabilities with hacker’s tools and build those exploits into your websites, set up infinitely recursive directories that send scripts into an endless loop, and set traps for malicious spiders (while gently nudging Googlebots away from danger). Ruining a hacker’s afternoon is certainly fun, but its serves a practical purpose, too--preventing cybercriminals from effectively scanning and monitoring your systems.
  • Attribution: Gaining insight on your attacker puts you in a better position to defend your network, and arms attorneys with the evidence they need. Paul and John will share techniques to get the info you need, and more importantly, make sure that your traps aren’t giving hackers a launch pad for additional attacks.

  • Attack: The goal is to get inside and collect information on what the attacker is doing. They’ll show you how to get a hacker to load a ‘malicious’ Java Application (with non-damaging commands), and prevent the hackers from redirecting your users.

Disclaimer: Before you test out these strategies for fighting back, consult with your company’s legal and management teams. Going rogue can be fun; it can also get you in serious trouble if you’re not careful.  

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.