SiestaTime, Automation tool for Generation of Implants, Infrastructure and Reports

Presented at ShellCon 2019, Oct. 11, 2019, 10 a.m. (50 minutes)

Red Team operations require substantial efforts to both create implants and a resilient C2 infrastructure. SiestaTime aims to merge these ideas into a tool with an easy-to-use GUI, which facilitates implant and infrastructure automation alongside its actors reporting.

SiestaTime allows operators to provide registrar, SaaS and VPS credentials in order to deploy a resilient and ready to use Red Team infrastructure. The generated implants will blend-in as legitimate traffic by communicating to the infrastructure using SaaS channels and/or common network methods.

Use your VPS/Domains battery to deploy staging servers and inject your favorite shellcode for interactive sessions, clone sites and hide your implants ready to be downloaded, deploy more redirectors if needed. All this jobs/interactions will be saved and reported to help the team members with documentation process.

SiestaTime is built entirely in Golang, with the ability to generate Implants for multiple platforms, interact with different OS resources, and perform efficient C2 communications. Terraform used to deploy/destroy different Infrastructure.

This will help increase companies red teams efficiency, improving industry security standards and make the defenders to catch-up , being ready for real threats.

Presenters:

• Alvaro Folgado
  Rebujacker works as a Product Security Engineer for a fortune 500 bay area company. He has multiple years of experience performing penetration tests, security assessments, design evaluations… against different technologies. His day by day job leads him to build automation tools for this purpose and performing application level researches to catch up with the latest threats. From his OSCP certification to nowadays, personal research time and expertise has been focused on Web Exploitation and Offensive Security projects. In the past he presented for conferences like Deepsec 2015 on subject related to web vulnerabilities. These last moments on his career, his field of study has been focused into red teaming and automation. The combination of his application level security and Offensive Security knowledge leads him to build tools/implants that blends-in better with nowadays cloud infrastructure and application stack of tested organizations.

Links:

• https://2019.shellcon.io/talks/siestatime/
• https://www.youtube.com/watch?v=3oAEO0eeiEI
• https://shellcon.io/slides/siestatime-shellcon2019.pdf

Similar Presentations:

• CarolinaCon Online 2021 Virtual / Practical Infrastructure Automation For Red Teams
• DEF CON 30 (2022) / Badrats: Initial Access Made Easy Demo
• DEF CON 30 (2022) / Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level Demo