BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:78dda3c9-44bb-46f6-b09e-49c669e7d259
DTSTAMP:20260523T120322Z
SUMMARY:Total E(A)gression
DESCRIPTION:Defensive techniques and tools keep getting better and therefor
 e the creation of implants that are not detected is a harder and time cons
 uming task every Red Team operator has to go through. Focusing on the netw
 ork detection field\; recent Intrusion Detection Systems (IDS) that uses n
 ew network analysis techniques can detect easily some of our handcrafted i
 mplants by analyzing connection fingerprints from both client and server s
 ide. In some environments \, techniques like Deep Packet Inspection can ma
 p our implants to possible threats to be addressed.\nIn this talk\, I prov
 ide solutions that can be used on implants\; a modified TLS Go package tha
 t allows circumventing tools like JA3 by providing desired fingerprints th
 at will help to mimic rightful client software\, egression to Gmail server
 s and techniques like steganography/encryption to hide obvious payloads. A
 ll these ideas are tailored into a new network modules for the Siesta Time
  Framework\, to help to automate the creation of desired Implants. As a fi
 nale\, possible new defensive techniques to improve tools like JA3 will be
  explained.\n\nSpeaker(s): Alvaro Folgado Rueda\n\nLocation: Red Team Vlg\
 n\nDiscord: https://discord.com/channels/708208267699945503/72647735782041
 1944\n\nEvent starts: 2020-08-07 18:00 (06:00 PM) PDT (UTC -07:00)\n\nEven
 t ends: 2020-08-07 19:00 (07:00 PM) PDT (UTC -07:00)\n\nFor the most up-to
 -date information\, please either visit https://info.defcon.org\, or use H
 ackerTracker\, which is available for iOS and Android. This is an automate
 d message\, and this data was last modified 2020-07-29T01:24 (UTC).
URL:https://forum.defcon.org/node/234308
DTSTART:20200808T020000Z
DTEND:20200808T030001Z
LOCATION:Red Team Vlg
END:VEVENT
END:VCALENDAR