Red teaming: from badge to domain

Presented at RomHack 2019, Sept. 28, 2019, 2:30 p.m. (45 minutes)

An international company asked us to deliver a real "Red Teaming" activity, by mimiking an attacker who was provided only by physical access to one of the branch, composed by two different buildings. From there, we were asked to try to get complete control of the infrastructure. We started by working on the legal part, that is the most critical one, expecially in Italy where laws are complex and there are multiple actors to consult (internal HR, labor unions, etc...) in order understand what can be done and what should be avoided; unluckily, every engagement is different and this part must be evaluated every time. To take care of every single aspect, we worked closely with two different teams of law expert and legals, providing to our customer all the documentation and the contracts that allowed both us and them to safely deliver the activity. Once this part was completed, we started preparing the technical side of the activity. Plenty of tools, both hardware and software were bought, tested, tuned and then discarded or selected, based on how they performed in our labs. We also prepared a dedicated infrastructure to allow us to silently exfiltrate information and to be able to control our RATs without putting the whole infrastructure at risk. A third step was the preparation of a "play book", where everyone in the team was acting as a different character and was aware about a "fake story" and plenty of pre-agreed answers to provide to different people in different situation (e.g.: how to answer to security guards if we get catched). Once ready, we started by a physical reconnaissance of the buildings and a fine tuning of the various tools we prepared, to best match the requirements of the activity. We than moved on with the most malicious activities, trying to become administrator of the whole infrastructure. Did we succeed? Join the talk and you will find out :-P

Presenters:

• Lorenzo lord Nicolodi
  Lorenzo Nicolodi has a 10 year experience in the information security field and currently provide consultancy to national and international customers through his own company. He is interested exclusively in high-profile technical activities and he is passionated about low-level security problems, including the network vulnerabilities and misconfigurations, subversion of incorrect implementation of network protocols and malicious interaction with embedded/IoT devices and similar stuff. To add a little bit of spice to his life, he regularly support Francesco during non-standard activities (whatever it means).
• Francesco rageman Perna
  Francesco "RageMan" Perna is an italian security researcher involved since he was young with the italian hacker scene. Francesco has a strong knowledge of computer and network security related topics, has spent the last 15 years in the research field focusing on the security issues related to applications and communication protocols, both from the offensive and defensive point of view. Francesco is involved with the italian hacker scene: he is part of the Metro Olografix executive board and he is one of the organizer of international hackers events such as Metro Olografix Hacker Camp (MOCA) and BSides (Roma and Milano) Francesco prefers strategy to brute force: the simplest and well engineered is the attack, the more it is effective

Links:

• https://2019.romhack.io/speaker-perna_nicolodi_en-2019.html
• https://2019.romhack.io/slides-2019/RomHack2019 - Perna-Nicolodi - Red Teaming.pdf

Similar Presentations:

• VB2017 / Last-minute paper: Spora: the saga continues a.k.a. how to ruin your research in a week
• 31C3 (2014) / The Invisible Committee Returns with "Fuck Off Google": Cybernetics, Anti-Terrorism, and the ongoing case against the Tarnac 10
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??