The Bug Hunters Methodology Full 2-hour Training by Jason HaddixRed Team Village2020-08-30 | The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix
Often times we hit a wall in our pentesting engagements. Sometimes all you need to do is ask! I'll go over a few real life scenarios where a bit of social engineering compromised an entire organization, made the difference between a successful and failed spear phishing campaign and how this super power is used to control a difficult situation, steer the outcome and get what you want. Recon, OSINT, planing, framing, ethical hacking, and reading expressions and body language all are components of this super power.
This Talk will covers all about how to write better vulnerability reports ranges from title, description, impact, CVSS, steps to reproduce and recommended fix to help individuals doing triage to quickly assess the reports.
Speakers: Dimitri Di Cristofaro and Giorgio Bernardinetti
A fully undetectable (FUD) executable is a highly coveted goal in cybersecurity field, especially in the case of Red Teams. In this talk we present the design and implementation of PEzoNG, a framework for automatic creation of FUD binaries in a Windows environment.
PEzoNG features a custom loader for Windows binaries, polymorphic obfuscation, a payload decryption process and a number of anti-sandbox and anti-analysis evasion mechanisms - in particular we present a novel userland unhooking technique. In addition, the custom loader supports a large amount of Windows executable files, and features stealth and bleeding-edge memory allocation schemes. Finally we show the effectiveness of PEzoNG over a number of commercial anti-malware solutions. PEzoNG was born from the idea of PEzor (github.com/phra/PEzor), an open-source PE packer. At the time of writing PEzoNG is a completely different project from PEzor, though they still share a part of the name and the building environment, made up of LLVM and clang.
PEzoNG is a project written in C and C++ and uses the Mingw-w64 development environment together with the LLVM toolchain in order to compile and link.
PEzoNG source code is made up of three main components:
- the malicious payload, e.g. Cobalt Strike Raw Shellcode, Mimikatz, SharpHound, etc.
- the evasion code, which allows to evade from AV Sandboxes and EDRs
- the main loader, which loads the malicious payload into memory and executes it.
PEzoNG is built with modularity in mind and allows to add new features in a simple way by adding new modules that could implement different techniques with a low grained detail.
The project is organized in the following macro-categories - or modules:
Pentest Collaboration Framework. It's analogue of such utilities as Dradis and Faraday, but it is open source( free), portable (sqlite3) and cross-platform (python v3.9).
The main task of the utility is to create a workspace for penetration testers/red teams to join all information about projects: hosts, hostnames, ports, notes, chats, issues, networks and more! Moreover you can export this information as: word, raw txt or defined variables only with user-defined templates.
The purpose of this presentation, it was to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by CrowdStrike, this presentation brings the result of the defensive security analysis with an offensive mindset using reverse shell techniques to gain the access inside the victim's machine and after that performing a Malware in VBS to infected the victim machine through use some scripts in PowerShell to call this malware, in our environment bypassing some components and engines, such as: Malware Protection - Associated IOC (Command entered in script), Suspicious Processes, File System Access, Suspicious Processes, Suspicious Scripts and Commands, Intelligence-Sourced Threats, among others..The purpose of this presentation, it was to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by CrowdStrike, this presentation brings the result of the defensive security analysis with an offensive mindset using reverse shell techniques to gain the access inside the victim's machine and after that performing a Malware in VBS to infected the victim machine through use some scripts in PowerShell to call this malware, in our environment bypassing some components and engines, such as: Malware Protection - Associated IOC (Command entered in script), Suspicious Processes, File System Access, Suspicious Processes, Suspicious Scripts and Commands, Intelligence-Sourced Threats, among others..
SSH tunneling is a valuable component of the red teamer's toolkit when used correctly - but that's the hard part. Demystifying reverse port forwards, local port forwards, and dynamic port forwards can be a challenge for any operator.
This talk will begin with the basics of SSH tunneling and then focus on ways to utilize them to create reverse proxies and evade network monitoring during an engagement. It aims to provide clarity on the use of these different port forwards and provide examples on how to use them in an offensive security scenario.
Doing bug bounties are a great way to get security experience looking for broad security issues at a company, but there's so much more unexplored attack surface after finding that first bug. This talk will explore how to advance your bug bounty knowledge into a full "red team" engagement. Chain your bugs together in clever way and exploit one bug for another. Learn about various red team experiences and tactics from someone who has done end to end engagements at many companies.
This talk will help guide the students on what they need to have accomplished when attempting to get a job as a pentester. I'll be discussing things that will help set them apart and help demystify what a lot of companies are looking for when interviewing them. I'll do my best to present this information in a fun and entertaining way as well.
Enterprises are moving to a “shift-left” culture with security seamlessly embedded throughout the development life cycle. Enterprises are ‘shifting-left’ and incorporating security into every stage of the development life cycle of a project/product. Some of the best practices to ensure security in container images are to:
• use DCT (Docker Content Trust),
• perform VA (Vulnerability Advisor) Scan on Images,
• securely signing an image and enforcing a policy that ensures an image can’t be deployed until the signatures are found and validated.
Is there a way to automate these tasks? Yes, by setting up a CI/CD pipeline that in-turn manages these tasks every time a new change is made to the image. This talk focuses on how to continuously integrate and deliver a secure signed Docker app to Kubernetes service.
Docker Content Trust provides strong cryptographic guarantees over what code and what versions of software are run in your infrastructure. Docker Content Trust integrates The Update Framework (TUF) into Docker by using Notary, an open-source tool that provides trust over any content. And this can beautifully be leveraged in CI/CD pipelines along with Key Management software. When a publisher who is using Docker Content Trust pushes an image to a remote registry, Docker Engine locally signs the image with the publisher’s private key. When a user pulls this image, Docker Engine uses the publisher’s public key to verify that the image is exactly what the publisher created. It also ensures that the image wasn’t tampered with and that it is up to date.
VA (Vulnerability Advisor) Scan on Images is an assessment on docker images which identifies if there are any OS Vulnerabilities(unpatched libraries and OS components, vulnerable kernel versions), Application Weaknesses(SQL Injection, XSS and Buffer Overloading), Configuration vulnerabilities(nonsecure OS settings, such as passwords or logins as well as network configuration, including allow root). This can be done with opensource tools like OpenSCAP and there are enterprise flavours which does the same functionality. This talk demonstrates how to perform this on docker images in CI/CD pipelines before they are deployed.
Container Image Security Enforcement (CISE) retrieves information about image content trust and vulnerabilities. This step is to securely sign an image and enforce a policy that ensures an image can’t be deployed until the signatures are found and validated. This can be achieved through Image Signing."
Red Team Village Website: redteamvillage.io Discord: redteamvillage.io/discord Twitter: redteamvillage.io/twitter1) Attack Surface for Android Apps | 2) Map and Conquer Application Security Over the CloudRed Team Village2021-09-19 | * First talk: Attack Surface for Android Apps Speaker: Akshansh Jaiswal * Second talk: 1:00:05 Map and Conquer Application Security Over the Cloud Speaker: Pankaj Mouriya
PwnMachine is a self hosting solution based on docker aiming to provide an easy to use pwning station for bug hunters.
Red Team Village Website: redteamvillage.io Discord: redteamvillage.io/discord Twitter: redteamvillage.io/twitterDEF CON 29 RTV CTF Recap and Upcoming EventsRed Team Village2021-08-18 | DEF CON 29 RTV CTF Recap and Upcoming EventsThe future of Artificial Intelligence, Machine Learning, and Offensive SecurityRed Team Village2021-08-09 | A panel discussion in collaboration with the DEF CON AI Village. Speakers: Bruce Schneier, Anita Nikolich (University of Illinois), Chris Cottrell (NVIDIA), Rich Harang (DUO), Ram Shankar (Microsoft), and Omar Santos (Cisco).
IMPORTANT: All communication during DEF CON 29 will take place at the DEF CON Discord Server at discord.gg/defconCustom Mechanical Keyboard Build - Red Team VillageRed Team Village2021-08-08 | Custom Mechanical Keyboard Build - Red Team VillageAI and Red Team Village PanelRed Team Village2021-08-07 | AI and Red Team Village Panel SchneierDEF CON 29 Red Team Village CTF: Day 2Red Team Village2021-08-07 | DEF CON 29 Red Team Village CTF: Day 2
IMPORTANT: All communication during DEF CON 29 will take place at the DEF CON Discord Server at discord.gg/defconDEF CON 29 Red Team Village CTF: Day 1Red Team Village2021-08-07 | DEF CON 29 Red Team Village CTF: Day 1
IMPORTANT: All communication during DEF CON 29 will take place at the DEF CON Discord Server at discord.gg/defconDC29 Red Team Village CTF Stream Schedule - DAY 1Red Team Village2021-08-05 | DEF CON 29 Red Team Village CTF Stream Schedule