Let's face it, the industry is getting better at detection. Not everyone, but it's getting there. Companies are focusing on getting logs from their endpoints and looking for abnormal patterns of behavior. As attackers, our tactics have been shifting over time to become more compliant with standard protocols and behavior. This has implications on how we test, length of engagements, and the level of effort to attack. It’s not as easy as it once way (with many exceptions), but as defense grows, our capabilities as attackers has to grow as well.
This talk will dive into what I'm seeing out there as far as detection capabilities, and how to get around them. Let’s take a dive into multiple detection and preventive capabilities and how to circumvent them without getting detected. As the offense, we can't rely on hoping for multicast to DA every time. The times are changing, our skills need to match that appropriately.
How many different types of pentest / “red team assessments” / “adversarial assessments” are there? EVERYONE pitches, sells, and performs them differently. How is a company supposed to gauge effectiveness of a program of these tests? In this talk, I will not only be talking through my list of tests, but open sourcing all of the documents to support it right here at WWHF 2017. I hope that we might start to standardize penetration tests, even if it’s at a broad level. As well as give new firms and pentest 1099s a framework to start with. Want to get a sneak peak, game for providing feedback? DM me on Twitter for the link to the docs. Have a question before or during the talk? Go to slido.com and join #OSPT starting Oct 24.
As more businesses migrate their employee email and data into collaborative cloud platforms, default configurations, even in a secured environment, could leave them susceptible to attacks. While these platforms create a centralized way to collaborate, manage access and view the world from a single pane of glass -- they also create unique attack paths that attackers can leverage using built-in APIs.
In this presentation, we will explore an innovative approach to red teaming organizations that use Google Suite as their main cloud provider. We will walk through leveraging features to inject calendar events, phishing credentials, capturing 2-factor tokens, backdooring accounts and finally pilfering secrets. Techniques presented will also be incorporated and released as modules within MailSniper.
"Windows Defender Advanced Threat Protection is now available for all Blue Teams to utilize within Windows 10 Enterprise and Server 2012/16, which includes detection of post breach tools, tactics and techniques commonly used by Red Teams, as well as behavior analytics. Combined with Microsoft Advanced Threat Analytics for user behavior analytics across the Domain, Red Teamers will soon face a significantly more challenging time maintaining stealth while performing internal recon, lateral movement, and privilege escalation in Windows 10/Active Directory environments.
This talk highlights challenges to red teams posed by Microsoft's new tools based on common hacking tools/techniques, and covers techniques which can be used to bypass, disable, or avoid high severity alerts within Windows Defender ATP and Microsoft ATA, as well as TTP used against mature organizations that may have additional controls in place such as Event Log Forwarding and Sysmon."
