Explore advanced techniques for operating covertly in cybersecurity environments in this 52-minute conference talk from Derbycon 2015. Delve into the reasons behind shadow operations, the evolving landscape of security measures, and methods for identifying and navigating various controls. Gain insights on situational awareness, privilege escalation, and understanding security centers and antivirus products. Learn about audit policies, C programming, Meterpreter usage, and process creation. Examine commercial products, system entry and migration strategies, whitelisting techniques, PowerShell controls, and centralized login processes. Master the art of minimizing control noise and reducing operational footprints for more effective covert operations.
Overview
Syllabus
Intro
Why operate in the shadows
Security is improving
Identifying controls
Situational awareness
Privilege
Security Controls
Security Center
Antivirus Products
Antivirus Modules
Controls
Audit Policy
C Program
Meterpreter
Process Creation Include Command Line
Commercial Products
System On Entry
System On Migration
Whitelisting
PowerShell Controls
Centralized Login
Control Noise
Footprint
