Traversing the Kill-Chain: The New Shiny in 2018


Long gone are the days of easy command shells through PowerShell. Defenders are catching more than ever, forcing red teamers to up their game in new and innovative ways. This presentation will explore several new OSINT sources, techniques, and tools developed to accelerate and assist in target asset discovery and profiling. We will discover how some new advances in EDR has changed the general landscape of more mature organisations, and how red team tactics and procedures have been modified to bypass certain obstacles faced. Relevant techniques will be revised, modified and made great again.

If you are a Red teamer looking to navigate the deep Blue waters of 2018, this talk is for you!

Key areas:

o Methods of Discovery
o New OSINT sources to target China based organisations and employees
• Weaponisation
o Domain Fronting once again, with 2018 updates
o Payload changes
Microsoft added AMSI to VBScript?!
o Execution tracking
• Delivery: E-mail, old concepts made clear and exploiting features
o Delivery Hygiene Tips
o Execution tracking
• Endpoint Detection and Response
o Initial Actions on Target
o They’re good, what do we do now?
• Privilege Escalation: decisions, techniques, traps, and more

Key takeaways:

• New tooling and usage demos
• A list of the most useful red teaming techniques in 2018 (so far)
• Renewed understanding of how things work, and how to exploit features

Location: BALLROOM 1 Date: August 31, 2018 Time: 4:30 pm - 5:30 pm Vincent Yiu