Workshop: Continuous dis-Integration: Red Team attacks

Location:

Level: 
Intermediate

When:

8:00am - 12:00pm

Prerequisites

Participants should have experience with the Linux environment.
Comfort using the command line is a big plus.
Participants should bring their own laptop capable of running a VMWARE Virtual Machine.
Please pre-download VMware Player (Windows) or a working Trial of VMWARE Fusion (Mac).
Participants should bring a curious and mischievous brain.

Do you write code? Do you have code? Do you ever stay awake at night wondering how evil hackers might steal it all for nefarious purposes? Are you interested in learning some super 1337 skills for yourself? Well, you’re in luck. Two evil hackers are ready to share and teach you few tricks they have used during live Red Team engagements to penetrate network defenses and find unexpected entry points. Join us in hacking the Gibson in this hands on workshop that will teach Penetration Testing skills and mitigations specifically tailored for the development community.

This Red Team workshop will provide students perspective and hands on experience with attack simulation tactics used to uncover vulnerabilities, also known as Red Teaming. Students can expect to cover topics such as social engineering (human manipulation), pivoting through network environments, attacking build pipelines, bypassing authentication, and looting systems for secrets.

Takeaways:

  • Into to the Concept of Red Teaming
  • Story Time: Social Engineering
  • Social Engineering Mitigations
  • Concepts of post exploitation and system looting
  • Lab: Abusing Github CLI
  • Lab: Bypassing Jenkins Google Authentication
  • Lab: Abusing the Jenkins Script Console and Shelling your first box
  • Mitigating the Jenkins Script Console Issues
  • Lab: Abusing build jobs to Shell that box again
  • Mitigating Controls and the Concept of Least Privilege
  • Challenge Lab: Competitive Post Exploitation / Looting Lab

Speaker: Josh Schwartz

Leads the Red Team @Salesforce

Josh Schwartz is a computer that knows how to computer. He leads the Red Team at Salesforce conducting high impact offensive security engagements and frequently creates propaganda memes.

Find Josh Schwartz at

Speaker: Christina Camilleri

Penetration Tester & Social Engineer @BishopFox

Christina Camilleri is a Security Analyst at Bishop Fox, a security consulting firm. Christina’s primary areas of expertise are web application penetration testing, open-source intelligence (OSINT), and social engineering - not only the psychological and physical involvement of social engineering, but also the manipulation and social influencing techniques that are able to exploit the behavior of others. She has attended and presented at local and international conferences on social engineering and has won highest scoring OSINT report for two years in a row in the DEFCON Social Engineering CTF. In her free time, Christina enjoys breaking things and building things to break other things.

Find Christina Camilleri at

.

Tracks

Monday Nov 7

Tuesday Nov 8

Wednesday Nov 9