Introducing

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Questions to be addressed:

Dave Aitel

Updated Nov. 13, 2015

Transcript

1) What kinds of products would be described in proposed control list entries ECCN 4A005 and 4D004 that should not be controlled?

2) Is there a way to interpret the existing language to not control these things?

3) If not, what changes to the control text, including to the definition of "intrusion software," would be required to ensure that those items are not controlled?

Penetration Testing Software: An Annoying Amount of Detail in 15 Minutes

History: Immunity and Penetration Testing Tools

"Unauthorized"

History: Who am I?

Text cannot be "interpreted" to avoid penetration testing software

3) If not, what changes to the control text, including to the definition of "intrusion software," would be required to ensure that those items are not controlled?

Covered by "Intrusion Software"

CANVAS, INNUENDO and SILICA

We are in the unusual situation of regulating as "intrusion software" more things that are almost never used for real intrusions than things that are.

4.E.1.c.

“Technology” for the development of “intrusion software”.

“intrusion software”

“software” specially designed or modified to

AVOID DETECTION by 'monitoring tools' or to DEFEAT 'protective countermeasures'

and

Performing any of the following :

EXTRACTION of data or information or MODIFICATION of system or user data

MODIFICATION of the standard execution path of a program or process in order to allow the EXECUTION of externally provided instructions.

We are all more secure when we know the ground truth about our security

Potentially covered a lot of research software needed to understand risk.

The Unspoken Casualty: custom tools, which are often used for commercial consulting

Why not?

A word about El Jefe

Penetration Testing is explicitly as close to malware as possible, including avoiding counter-measures

While not aiming to defeat countermeasures initially, when you detect an intrusion, you often want to "go dark" and install things which cannot be easily detected or monitored - next-gen CrowdStrike/Mandiant/El Jefe are all potentially covered by the regulation!

Dave@immunityinc.com - 786-263-9749 - @daveaitel

Choose a template

Music Festival (AI Assisted)

Elevate your presentation with our dynamic and visually stunning Music Festival Prezi AI-assisted presentation template, designed to captivate audiences and showcase the rhythm of your event in every slide.

Sheet Music (AI Assisted)

Elevate your presentations with our Sheet Music Prezi AI-assisted presentation template, seamlessly blending aesthetics and functionality for a harmonious visual experience.

Science - Cranium (AI Assisted)

Unleash your creativity and captivate your audience with our Cranium Prezi AI-assisted presentation template, designed to stimulate innovative thinking and deliver a visually engaging experience for any intellectual endeavor.

See more templates →

Presentations from around the world

EEG(HKB)

Hatice Kübra Bilgili

Diritti televisivi

Stefania Colzi

COSMETOLOGÍA: Biotipos-Fototipos

santiago figueroa

See staff picks →

Learn more about creating dynamic, engaging presentations with Prezi

Why Prezi is better