Dip Your Toes in Infrastructure Testing: A Hands on Workshop Focusing on the Things CTF’s Don’t Teach

Created by Andrew Suters and Jules Rigaudie from Sekuro

Friday, August 12 - 1200 - 1600 PDT

Common free learning environments online prepare people to test single boxes, but when consultants are thrown into their first real world internal infrastructure penetration test there are so many things that these environments might not be able to emulate. Come along and get some hands-on experience in a simulated internal network with tools such as Responder, Rubeus, Mimikatz and Metasploit and learn to exploit some of the most common vulnerabilities that the presenters have seen in real world environments.

Phishing With Phineas (Again) - Steroid Boosted Hack Recreation

Presented by George Karantzas

Saturday, August 13, 2022 - 11:00 - 12:00 PDT

A few years ago, a vigilante hacker under the name “Phineas Phisher” conducted a series of high-profile attacks,including hacking into a spyware selling company an offshore bank in the Cayman Islands. He reported through his write-ups that he used common hacker utilities like Meterpreter and that he was not some kind of APT with custom malware writers nor received significant support, but he claims to be a humble ‘one-man army’. The final goal of the bank hack was to access the SWIFT management panel and initiate transactions. Then, he leaked VM images and data found. The scenario is rather intriguing as, despite the sensitivity of the information, it provides a deep insight into environments in which few people operate.

Moreover, such environments are not well publicly documented, and their digital twins are hard to find. We argue that emulating such an attack scenario and adapting it to current tools and methods, offensive and defensive wise, can provide a good baseline to understand the capabilities of both sides and stress the changes that have undergone these years.

To this end, in our scenario, we have tried to follow the evolution in defensive and offensive security by rebuilding such an environment and equipping it with modern defence mechanisms.Moreover, APTs and ransomware groups are using several C2 frameworks, with the most widely used being Cobalt Strike; however, there are different options that may provide different capabilities.

This work can be considered a purple teaming scenario in the financial sector starting from phishing rather than 0-day exploitation as it is statistically the no.1 "way in". Practically, we present the blue versus red team fight detailing, their rationale and gaps, where applicable, mainly through the use of C2 implants and customization of tooling to match an undocumented and "novel" actor evolving Phineas but keeping his mindset.Therefore, we present in each step the attacker’s and defender’s perspectives of the same scenario.

How Most Internal Networks are Compromised: A Set of Common Active Directory Attacks and How to Perform Them from Linux

Created by Scott Brink, Sung Gwan Choi and Shikata

Saturday, August 13, 2022 - 1300 - 1700 PDT

Active Directory is the most common way to manage identities over large Windows centric environments. The most common avenue to accessing entire corporate networks is through their Active Directory infrastructure. This workshop will be taught by three penetration testers who specialize in Active Directory and it will be covering some of the most common attacks that are being exploited to this day! This training will cover the following attacks:

- NTLM Relay
- LLMNR NBT-NS Poisoning
- DHCPv6 Poisoning
- Multiple Active Directory Certificate Services attacks
- Kerberoasting
- AS-Rep Roasting
- Kerberos Delegation attacks
- Printerbug/SpoolSample
- PetitPotam
- NTLMv1 Downgrades
- noPac
- Shadow Credentials
- Password Reuse between accounts
- Shared Administrator Passwords
- Bloodhound usage
- Foreign Administrator privileges
- and more!

The objective of the workshop is to provide hands-on practical experiences to understand Active Directory risks. The workshop will start with the basics of Active Directory and deep dive into in depth hands on exploitation of multiple vulnerabilities.

(c)2022, Red Team Village

Set up a site - Find out