Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Traversing the Kill-Chain: The New Shiny in 2018

Vincent Yiu

6 vote(s)

Long gone are the days of easy command shells through PowerShell. Defenders are catching more than ever, forcing red teamers to up their game in new and innovative ways. This presentation will explore several new OSINT sources, techniques, and tools developed to accelerate and assist in target asset discovery and profiling. We will discover how some new advances in EDR has changed the general landscape of more mature organisations, and how red team tactics and procedures have been modified to bypass certain obstacles faced. Relevant techniques will be revised, modified and made great again.

If you are a Red teamer looking to navigate the deep Blue waters of 2018, this talk is for you!

Key areas:

• OSINT
o Methods of Discovery
o New OSINT sources to target China based organisations and employees
• Weaponisation
o Domain Fronting once again, with 2018 updates
o Payload changes
Microsoft added AMSI to VBScript?!
o Execution tracking
• Delivery: E-mail, old concepts made clear and exploiting features
o Delivery Hygiene Tips
o Execution tracking
• Endpoint Detection and Response
o Initial Actions on Target
o They’re good, what do we do now?
• Privilege Escalation: decisions, techniques, traps, and more

Key takeaways:

• New tooling and usage demos
• A list of the most useful red teaming techniques in 2018 (so far)
• Renewed understanding of how things work, and how to exploit features

===

Vincent Yiu is a professional red teamer who has been involved with long and mid-term adversary simulation engagements for many large enterprises across the UK and US – across many industries. He is a strong believer of the “attacker mindset” and contributing to the red team community. He has written and released a variety of relevant tools and research over past couple of years mainly aimed for red team professionals but also has advanced the blue team in detection and response. He maintains and occasionally tweets Red Team Tips on Twitter (@vysecurity).

Occupation: Full-time Adversary Simulation
Certifications: OSCP, OSCE, CREST CCT Inf