Out (of) window, back (at) door: 8 indicators you are NOT aware of

By Yossi Sassi

Elevator Pitch

Who lurks in your network, in the clutter of signals & false-positives? This hands-on, full of demos session integrates over 3 decades of InfoSec, pentesting, DF/IR & defense, with 8 unusual, rare & sophisticated adversary practical tactics. Join this learning experience for Red, Blue & Purple teams

Description

Who is lurking in your network right now? how well are they disguised, in the clutter of signals & potential false-positives? In this hands-on, packed with demos session, I integrate over 3 decades of InfoSec, pentesting, DF/IR & defense consulting, as we go over 8 unusual and sophisticated adversary practical tactics, rarely covered to maneuvers you are non-aware of, at all! This will be a very beneficial learning experience for both Red, Blue or Purple teams. We will take indications of exploitation and compromise to the next level, as well as better understand your IT/dev routine.

Notes

Spoke at BSidesBUD 2024’, T2 helsinki 2024, HackCon 24’, DeepSec Vienna 2023, Hacktivity 23’, DevOpsDays Vilnius 23’, bSides Krakow 23’, x33fcon 23’, Craft 2023 closing keynote, NullCon 2023, HackCon 2023, SEC-T 2022, Reversim 2022 keynote, SecurityFest 2022, Hack In Paris 2022, SecurityWeekly, Colombia 4.0 keynote, Brazil’s national Cyber Security conference, Bsides TLV (2019, 2020, 2021), OSDF Con 2021, MTB/MGB (microsoft), INCD geo-cyber events in Tel Aviv, TED / TEDx and more.

Research on Windows shell defenses bypass & PowerShell bypass (invisi-shell) published on github. Another open source Research and tool for detecting Golden Tickets & Pass-The-Hash in Microsoft domain environments (agentless, real time) published also on github (GOLDFINGER).

A. SEC-T 2022 - ‘When SysAdmin & Hacker Unite’ - https://www.youtube.com/watch?v=4iAM76n1b5o

B. The ‘Microsfot Mainframe’ - talk @ SecurityFest 2022 - https://youtu.be/dVf90-T9lcI?t=735

C. “ Forensic artificats that make you go hmmm… “ - talk @ BSidesTLV 2021 - https://www.youtube.com/watch?v=60Y07kdcIcw

D. ‘Powershell as a hacking tool’ @ BSides TLV 2019 - https://www.youtube.com/watch?v=Bg_Iy6gpq30

E. The H@כker mindset - Information Security Reality Vs. Myths - Talk @ Brazil’s government/public sector conference - https://www.youtube.com/watch?v=NQllXfX7nNs&t=4753s

F. .. and my music :) - https://www.youtube.com/watch?v=d8MAmmIBJng (Public speaking is Not the only stage I feel comfortable at..)