HX-3015 Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy

Presented at Texas Cyber Summit 2019, Oct. 11, 2019, 2:30 p.m. (60 minutes)

Larry will walk you thorugh the technical details of building nimble Red Team infrastructure that leverages cloud native orchestration frameworks such as Kubernetes and service meshes such as Istio. Special attention will be paid to containerizing and developing deployment artifacts in Helm for popular C2 frameworks. Automated Kubernetes cluster deployment will be covered for AWS, Google Cloud, and Azure. Details will be given on configuring the Envoy proxy as a redirector and filter in order to obfuscate the infrastructure from unwanted probing by defenders. Techniques for real time monitoring of implant communication will be addressed. The talk will also review the recipes currently available in the Kubered framework (<https://github.com/cloudc2/kubred>) and other resources helpful for cloud native Red Team operations.


  • Jeff Holden - CCC Technology Center
    Jeff Holden works for a large college system as an Information Security Manager/jack of all trades. His favorite part of the job though is in the penetration testing of the colleges in the system. He also contributes to open source projects and releases his own code
  • Larry Suto - SDCI
    Larry Suto is an independent security consultant based out of Oakland, CA. and spends a lot of time researching using cloud infrastructure for all types of security testing. He does Windows penetration testing as much as possible and seeks to enlighten people on advanced ways to deploy Red Team infrastructure.


Similar Presentations: