Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

A Year In The Red

Dominic Chell

This paper has been accepted.

As defensive technologies and detection capabilities improve, aggressors must evolve, adapting their tactics to avoid the spotlight shone by the blue team. This talk examines the most significant advances in red team tactics that have come to light over the course of the past 12 months.

In addition to the public research that bore us the most fruit, we will also detail some of the research performed by MDSec’s ActiveBreach team. Specifically, this includes some of the following:

- Domain Fronting: how to egress using high reputation domains and evade controls such as proxy categorisation,
- Attacking ADFS: how Internet facing ADFS endpoints can be abused to gain entry to corporate environments,
- Sandbox Evasion: how popular (and expensive) malware protection sandboxes can be bypassed.

Where applicable, war stories and demonstrations will illustrate successes (and failures) from the front line. Finally, we will conclude with our predictions from both an offensive and defensive standpoint for the next 12 months.

About Dominic Chell

Dominic (@domchell) is a director of MDSec and lead of the ActiveBreach team, MDSec’s specialist red team responsible for conducting intelligence-led attack simulations under the CBEST and CREST STAR frameworks. Dominic has worked as a consultant for 12 years and holds the CREST CCT, CSAS and CSAM certifications.

Vincent (@vysecurity) is an established red team member of the Active Breach team at MDSec. Vincent actively participates in the red team community, contributing new and ground breaking research such as development of the wePWNise tool. On a day to day basis, Vincent delivers intelligence-led attack simulations under the CBEST and CREST STAR frameworks. Vincent holds the CREST CCT, OSCE and OSCP certifications.