Explore the latest advancements in red team tactics from the past year in this conference talk from HITB Security Conference. Delve into public research and MDSec's ActiveBreach team findings, covering domain fronting techniques for evading proxy categorization, methods for exploiting ADFS endpoints to penetrate corporate environments, and strategies to bypass expensive malware protection sandboxes. Gain insights from real-world examples, demonstrations, and war stories illustrating both successes and failures in the field. Conclude with predictions for offensive and defensive trends in the coming year, presented by experienced security professionals Dominic Chell and Vincent Yiu.
Overview
Syllabus
Introduction
Link Sniper
Federation
Skype Support Account
Categorization
Chameleon Demo
Blue Coat Demo
Malware Analysis
Fire IPS
File Types
Predefined Guest Images
Spawn Chains
Bypassing Regs
Power DNS
Power DNS Demo
Domain Fronting
Examples
Drawbacks
Domain Fronting Demo
Lateral Movement Diagram
Poll Results
Bloodhound
Graph
ACLs
Angry Puppy
Angry Puppy Demo
Whats Next
Thanks
Questions
Taught by
Hack In The Box Security Conference
