BHIS | OPSEC Fundamentals for Remote Red Teams - Michael Allen - 1-Hour
ฝัง
- เผยแพร่เมื่อ 9 มิ.ย. 2024
- Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhillsinfosec.com/
0:00:00 - PreShow Banter™ - It’s Not Delivery, Its Frozen
0:09:36 - PreShow Banter™ - One Rural to Rule Them All
0:11:51 - PreShow Banter™ - Proudly Sucking at Charity
0:13:08 - PreShow Banter™ - SPECIAL GUEST: Rural Tech Fund
0:20:39 - PreShow Banter™ - Meth Lab For Computers
0:25:41 - FEATURE PRESENTATION: OPSEC Fundamentals for Remote Red Teams
0:27:00 - WHOAMI
0:30:42 - Why OPSEC is Important For Red Teams
0:34:01 - Possible Countermeasures
0:36:37 - Other Red Team Threats
0:38:06 - Assessing Red Team Actions
0:39:26 - Building OPSEC Standard Procedures
0:40:42 - Local Workstation Setup
0:45:01 - OS Modifications
0:49:44 - TOOL Configurations
0:56:35 - Source IP Addresses
1:01:36 - Fail-Safe VPN
1:02:57 - Other Third-Party Services
1:10:05 - Network Services
1:15:19 - Testing New Tools
1:21:42 - Got Questions
1:27:03 - PostShow Banter™ - Access Granted
Description: During remote red team exercises, it can be difficult to keep from leaking information to the target organization's security team. Every interaction with the target's website, every email sent, and every network service probed leaves some trace that the red team was there.
Mature blue teams can correlate those pieces of information to identify red team actions and infrastructure, and use that information to either block the red team outright or execute deception operations to frustrate further attacks.
In this Black Hills Information Security (BHIS) webcast, Michael discusses common sources of data leakage during remote red team exercises and steps red teamers can take to eliminate or disguise the leakage outright, or to compartmentalize their actions and keep the blue team from connecting the dots.
He also discussed how red teamers can see the attack from the defender's point of view so that these concepts can be applied to new tools and technologies in the future.
Slides:s1hb.sharepoint.com/:b:/g/Con...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest TH-cam: / wildwesthackinfest
Active Countermeasures TH-cam: / activecountermeasures
Antisyphon Training TH-cam: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
I on the other hand love watching and hearing the pre-show banter, great stuff as always from everyone at BHIS
Good job bro
Amazing, thank you Mike!
Fantastic video, lots of great info covered.
Great content.You are awesome guys ..
Okays so on a lighter side a situation when a attacker is attacked .
Red team basically known for attacking and offensive security is really scared of Blue team.
SHEEESH that intro music is fire
Why does the blue team have to play by the rules? They should be using some of the red team techniques.. How often do you see the system say apache when its a windows IIS or vice versa.. ? ,
7:03 watching videos at 2x speed is so relatable ^^ ps: I also like turtles!
is that a Bear Grylls photo on the left?
What type of rules do you have to abide by? I feel like someone could easily social engineer any company out there... if they were good at it. regardless cool stuff... man that's gotta be some fun times :-p and no sleep probably lol