Live Demo: Know Your Adversaries

Presented at SAINTCON 2019, Oct. 24, 2019, 2:30 p.m. (60 minutes)

This live demo will reenact an infiltration to an organization's network. We will follow the attacker's footsteps to learn how they gain access to a desktop and the internal environment, then discuss how each part of the attack could have been detected and/or prevented. We begin by taking control of a user's desktop using one of a few common techniques and connecting it to a command-and-control center for the rest of the attack. Next, we steal passwords and documents, copy screen and email content, install a keylogger, record sound and stream webcam, control the mouse and keyboard, modify anti-malware settings, execute programs, reshape network traffic, and create a hidden, persistent data exfiltration channel. Time allows, we'll perform network reconnaissance and take over other computers, bypassing MFA and network segregation restrictions. This interactive demonstration will be rendered in a simulated, but fully operational, corporate setting. Our objective is to carefully examine and understand the attack procedures step-by-step, and then detail several defensive strategies against them.


  • Aelon Porat
    Aelon Porat is an information security manager at Cision and a content provider at He has extensive experience attacking and defending corporate environments. Aelon likes to jump inside networks and out of planes, and in his spare time, he enjoys demoing, speaking, and providing training at different events and conferences.


Similar Presentations: