�ݺ�ߣshows by User: AlvaroFolgadoRueda1

�ݺ�ߣshows by User: AlvaroFolgadoRueda1 / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: AlvaroFolgadoRueda1 / Sat, 08 Aug 2020 01:31:56 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: AlvaroFolgadoRueda1 Total E(A)gression defcon /slideshow/total-eagression-defcon/237660385 totaleagression-defcon-200808013156
"Defensive techniques and tools keep getting better and therefore the creation of implants that are not detected is a harder and time consuming task every Red Team operator has to go through. Focusing on the network detection field; recent Intrusion Detection Systems (IDS) that uses new network analysis techniques can detect easily some of our handcrafted implants by analyzing connection fingerprints from both client and server side. In some environments , techniques like Deep Packet Inspection can map our implants to possible threats to be addressed. In this talk, I provide solutions that can be used on implants; a modified TLS Go package that allows circumventing tools like JA3 by providing desired fingerprints that will help to mimic rightful client software, egression to Gmail servers and techniques like steganography/encryption to hide obvious payloads. All these ideas are tailored into a new network modules for the Siesta Time Framework, to help to automate the creation of desired Implants. As a finale, possible new defensive techniques to improve tools like JA3 will be explained.]]>
"Defensive techniques and tools keep getting better and therefore the creation of implants that are not detected is a harder and time consuming task every Red Team operator has to go through. Focusing on the network detection field; recent Intrusion Detection Systems (IDS) that uses new network analysis techniques can detect easily some of our handcrafted implants by analyzing connection fingerprints from both client and server side. In some environments , techniques like Deep Packet Inspection can map our implants to possible threats to be addressed. In this talk, I provide solutions that can be used on implants; a modified TLS Go package that allows circumventing tools like JA3 by providing desired fingerprints that will help to mimic rightful client software, egression to Gmail servers and techniques like steganography/encryption to hide obvious payloads. All these ideas are tailored into a new network modules for the Siesta Time Framework, to help to automate the creation of desired Implants. As a finale, possible new defensive techniques to improve tools like JA3 will be explained.]]> Sat, 08 Aug 2020 01:31:56 GMT /slideshow/total-eagression-defcon/237660385 AlvaroFolgadoRueda1@slideshare.net(AlvaroFolgadoRueda1) Total E(A)gression defcon AlvaroFolgadoRueda1 "Defensive techniques and tools keep getting better and therefore the creation of implants that are not detected is a harder and time consuming task every Red Team operator has to go through. Focusing on the network detection field; recent Intrusion Detection Systems (IDS) that uses new network analysis techniques can detect easily some of our handcrafted implants by analyzing connection fingerprints from both client and server side. In some environments , techniques like Deep Packet Inspection can map our implants to possible threats to be addressed. In this talk, I provide solutions that can be used on implants; a modified TLS Go package that allows circumventing tools like JA3 by providing desired fingerprints that will help to mimic rightful client software, egression to Gmail servers and techniques like steganography/encryption to hide obvious payloads. All these ideas are tailored into a new network modules for the Siesta Time Framework, to help to automate the creation of desired Implants. As a finale, possible new defensive techniques to improve tools like JA3 will be explained. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/totaleagression-defcon-200808013156-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> "Defensive techniques and tools keep getting better and therefore the creation of implants that are not detected is a harder and time consuming task every Red Team operator has to go through. Focusing on the network detection field; recent Intrusion Detection Systems (IDS) that uses new network analysis techniques can detect easily some of our handcrafted implants by analyzing connection fingerprints from both client and server side. In some environments , techniques like Deep Packet Inspection can map our implants to possible threats to be addressed. In this talk, I provide solutions that can be used on implants; a modified TLS Go package that allows circumventing tools like JA3 by providing desired fingerprints that will help to mimic rightful client software, egression to Gmail servers and techniques like steganography/encryption to hide obvious payloads. All these ideas are tailored into a new network modules for the Siesta Time Framework, to help to automate the creation of desired Implants. As a finale, possible new defensive techniques to improve tools like JA3 will be explained.

Total E(A)gression defcon from Alvaro Folgado Rueda

]]> 172 0 https://cdn.slidesharecdn.com/ss_thumbnails/totaleagression-defcon-200808013156-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 SiestaTime - Defcon27 Red Team Village /slideshow/siestatime-defcon27-red-team-village/163712432 siestatimedefcon27-slideshare-190814041512
Red Team operations require substantial efforts to both create implants and a resilient C2 infrastructure. SiestaTime aims to merge these ideas into a tool with an easy-to-use GUI, which facilitates implant and infrastructure automation alongside its actors reporting. SiestaTime allows operators to provide registrar, SaaS and VPS credentials in order to deploy a resilient and ready to use Red Team infrastructure. The generated implants will blend-in as legitimate traffic by communicating to the infrastructure using SaaS channels and/or common network methods. Use your VPS/Domains battery to deploy staging servers and inject your favorite shellcode for interactive sessions, clone sites and hide your implants ready to be downloaded, deploy more redirectors if needed. All this jobs/interactions will be saved and reported to help the team members with documentation process. SiestaTime is built entirely in Golang, with the ability to generate Implants for multiple platforms, interact with different OS resources, and perform efficient C2 communications. Terraform used to deploy/destroy different Infrastructure. This will help increase companies red teams efficiency, improving industry security standards and make the defenders to catch-up , being ready for real threats. ]]>
Red Team operations require substantial efforts to both create implants and a resilient C2 infrastructure. SiestaTime aims to merge these ideas into a tool with an easy-to-use GUI, which facilitates implant and infrastructure automation alongside its actors reporting. SiestaTime allows operators to provide registrar, SaaS and VPS credentials in order to deploy a resilient and ready to use Red Team infrastructure. The generated implants will blend-in as legitimate traffic by communicating to the infrastructure using SaaS channels and/or common network methods. Use your VPS/Domains battery to deploy staging servers and inject your favorite shellcode for interactive sessions, clone sites and hide your implants ready to be downloaded, deploy more redirectors if needed. All this jobs/interactions will be saved and reported to help the team members with documentation process. SiestaTime is built entirely in Golang, with the ability to generate Implants for multiple platforms, interact with different OS resources, and perform efficient C2 communications. Terraform used to deploy/destroy different Infrastructure. This will help increase companies red teams efficiency, improving industry security standards and make the defenders to catch-up , being ready for real threats. ]]> Wed, 14 Aug 2019 04:15:12 GMT /slideshow/siestatime-defcon27-red-team-village/163712432 AlvaroFolgadoRueda1@slideshare.net(AlvaroFolgadoRueda1) SiestaTime - Defcon27 Red Team Village AlvaroFolgadoRueda1 Red Team operations require substantial efforts to both create implants and a resilient C2 infrastructure. SiestaTime aims to merge these ideas into a tool with an easy-to-use GUI, which facilitates implant and infrastructure automation alongside its actors reporting. SiestaTime allows operators to provide registrar, SaaS and VPS credentials in order to deploy a resilient and ready to use Red Team infrastructure. The generated implants will blend-in as legitimate traffic by communicating to the infrastructure using SaaS channels and/or common network methods. Use your VPS/Domains battery to deploy staging servers and inject your favorite shellcode for interactive sessions, clone sites and hide your implants ready to be downloaded, deploy more redirectors if needed. All this jobs/interactions will be saved and reported to help the team members with documentation process. SiestaTime is built entirely in Golang, with the ability to generate Implants for multiple platforms, interact with different OS resources, and perform efficient C2 communications. Terraform used to deploy/destroy different Infrastructure. This will help increase companies red teams efficiency, improving industry security standards and make the defenders to catch-up , being ready for real threats. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/siestatimedefcon27-slideshare-190814041512-thumbnail.jpg?width=120&height=120&fit=bounds" /><br> Red Team operations require substantial efforts to both create implants and a resilient C2 infrastructure. SiestaTime aims to merge these ideas into a tool with an easy-to-use GUI, which facilitates implant and infrastructure automation alongside its actors reporting. SiestaTime allows operators to provide registrar, SaaS and VPS credentials in order to deploy a resilient and ready to use Red Team infrastructure. The generated implants will blend-in as legitimate traffic by communicating to the infrastructure using SaaS channels and/or common network methods. Use your VPS/Domains battery to deploy staging servers and inject your favorite shellcode for interactive sessions, clone sites and hide your implants ready to be downloaded, deploy more redirectors if needed. All this jobs/interactions will be saved and reported to help the team members with documentation process. SiestaTime is built entirely in Golang, with the ability to generate Implants for multiple platforms, interact with different OS resources, and perform efficient C2 communications. Terraform used to deploy/destroy different Infrastructure. This will help increase companies red teams efficiency, improving industry security standards and make the defenders to catch-up , being ready for real threats.

SiestaTime - Defcon27 Red Team Village from Alvaro Folgado Rueda

]]> 487 1 https://cdn.slidesharecdn.com/ss_thumbnails/siestatimedefcon27-slideshare-190814041512-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-AlvaroFolgadoRueda1-48x48.jpg?cb=1634610898 Focused in penetration testing by learning new attack vectors and accomplishing different hacking challenges every day. Self-motivated, good team player and never giving up. I also have performed some security research and I have shared the vulnerabilities found with the community. In relation with this research, I had the opporunity to give talks in different conferences. Decided to face a technical challenge,I have obtained my OSCP Certification. https://cdn.slidesharecdn.com/ss_thumbnails/totaleagression-defcon-200808013156-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/total-eagression-defcon/237660385 Total E(A)gression d... https://cdn.slidesharecdn.com/ss_thumbnails/siestatimedefcon27-slideshare-190814041512-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/siestatime-defcon27-red-team-village/163712432 SiestaTime - Defcon27 ...