Tweet
Defensive techniques and tools keep getting better and therefore the creation of implants that are not detected is a harder and time consuming task every Red Team operator has to go through. Focusing on the network detection field; recent Intrusion Detection Systems (IDS) that uses new network analysis techniques can detect easily some of our handcrafted implants by analyzing connection fingerprints from both client and server side. In some environments , techniques like Deep Packet Inspection can map our implants to possible threats to be addressed.
In this talk, I provide solutions that can be used on implants; a modified TLS Go package that allows circumventing tools like JA3 by providing desired fingerprints that will help to mimic rightful client software, egression to Gmail servers and techniques like steganography/encryption to hide obvious payloads. All these ideas are tailored into a new network modules for the Siesta Time Framework, to help to automate the creation of desired Implants. As a finale, possible new defensive techniques to improve tools like JA3 will be explained.
Speaker(s): Alvaro Folgado Rueda
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-07 18:00 (06:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 19:00 (07:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:24 (UTC).
In this talk, I provide solutions that can be used on implants; a modified TLS Go package that allows circumventing tools like JA3 by providing desired fingerprints that will help to mimic rightful client software, egression to Gmail servers and techniques like steganography/encryption to hide obvious payloads. All these ideas are tailored into a new network modules for the Siesta Time Framework, to help to automate the creation of desired Implants. As a finale, possible new defensive techniques to improve tools like JA3 will be explained.
Speaker(s): Alvaro Folgado Rueda
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-07 18:00 (06:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 19:00 (07:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:24 (UTC).