kubered - Recipes for C2 Operations on Kubernetes

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 10 a.m. (45 minutes)

This talk explores deploying and dynamically generating C2 services on Kubernetes! Everything will be extremely practical with walkthroughs of detailed deployment configurations. Building containers for popular C2 platforms, such as Cobalt Strike, and many others, will be covered. Rapidly deploying complex C2 infrastructure using tools such as Kops and Drone and managing DNS and TLS using Kubernetes will be discussed. Attendees will learn how to build complex redirecting logic to sandbag defenders, using the rewriting and filtering capabilities found in the Nginx Ingress Controller, Open Policy Agent (OPA) and the Istio Service Mesh. In addition, monitoring the health of implants using Prometheus will be reviewed.At the end, a GitHub will be released with resource files and Helm charts.

Presenters:

• Jeff Holden
  Jeff Holden works for a large college system as an Information Security Manager/jack of all trades. His favorite part of the job though is in the penetration testing of the colleges in the system. He also contributes to open source projects and releases his own code.
• Larry Suto
  Larry Suto is an independent security consultant based out of Oakland, CA. He spends a lot of time researching using cloud infrastructure for all types of security testing. He spends some time on Windows security as well.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/kubered Recipes for C2 Operations on Kubernetes Larry Suto Jeff Holden.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/kubered Recipes for C2 Operations on Kubernetes Larry Suto Jeff Holden.eng.srt (subtitles)
• https://www.youtube.com/watch?v=V1Y2Ft4KKxY

Similar Presentations:

• Canterbury Hacker Camp (2022) / Attack on Kubernetes
• SOURCE Seattle 2017 / Scaling Security With Kubernetes
• Texas Cyber Summit 2019 / HX-3015 Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy