As defensive technologies and detection capabilities improve, aggressors must evolve, adapting their tactics to avoid the spotlight shone by the blue team. This talk examines the most significant advances in red team tactics that have come to light over the course of the past 12 months.
In addition to the public research that bore us the most fruit, we will also detail some of the research performed by MDSec’s ActiveBreach team. Specifically, this includes some of the following:
– Domain Fronting: how to egress using high reputation domains and evade controls such as proxy categorisation,
– Attacking ADFS: how Internet facing ADFS endpoints can be abused to gain entry to corporate environments,
– Sandbox Evasion: how popular (and expensive) malware protection sandboxes can be bypassed.
Where applicable, war stories and demonstrations will illustrate successes (and failures) from the front line. Finally, we will conclude with our predictions from both an offensive and defensive standpoint for the next 12 months.
