Presented at
Black Hat USA 2021,
Aug. 5, 2021, 11:20 a.m.
(40 minutes).
This talk will explore the weaponization of esoteric internal command and control (C2) channels and their use for lateral movement. James, an attack simulation consultant with F-Secure Consulting, will demonstrate some novel and reimagined techniques for breaking out of heavily segregated environments. In particular, the following will be explored, along with the tools that James has developed to make these usable operationally:<br>- C2 into VMs through vCenter and Guest Additions<br>- C2 using arbitrary network printers and print jobs<br>- C2 over Remote Desktop mapped drives and file shares <br>- C2 using LDAP attributes <br><br>For the red teamers, James will share how to identify and exploit these channels, and the OpSec considerations behind each. He will also share the tools that he's developed to interface with popular C2 frameworks such as Cobalt Strike and C3, providing operators with a seamless C2 experience.<br><br>For the blue teamers, James will explore the detection artifacts created when using these tools, and will present use cases to consider implementing. He will also challenge defenders' assumptions about how sophisticated actors may operate within segregated environments, and how commonly accepted boundary systems and technologies may offer a means for actors to progress unimpeded into organizations' most sensitive network zones.
Presenters:
-
James Coote
- Senior Consultant, F-Secure Consulting
James Coote leads F-Secure's collaborative attack simulation team, specializing in attacking and securing the UK's Critical National Infrastructure (CNI). He has 10 years of consulting experience across the Defence and Finance sectors and has spoken on the topic of securing CNI at conferences such as Defcon and TROOPERS.
-
Alfie Champion
- Senior Consultant, F-Secure Consulting
Alfie Champion leads the global delivery of attack detection services for F-Secure Consulting and has a keen interest in adversary simulation and offensive tradecraft; developing tooling to emulate attacker activity and ultimately aid clients in testing and developing their detective capability.<br /><br />He has spoken at multiple globally-renowned conferences, including RSA, T2 and Cloud Native Security Day, and released numerous blogs and tools, Alfie is a strong public speaker and experienced practitioner across offensive and defensive practices.
Links:
Similar Presentations: