Conference:  Defcon 31

Authors: R.J. McDown Principal Red Teamer

2023-08-01

The future isn’t certain, nor is the continued access to our compromised endpoints. At some point, every red team operator faces the gut-wrenching event of losing command and control (C2) access. This often occurs when post exploitation activity is detected and associated to the C2 process and channel. Further link analysis may lead to the discovery of other compromised endpoints, secondary C2, and compromised credentials. Needless to say, a single mistake can cause a huge disruption in access and even lead to the detriment of the entire engagement. This talk will present and demonstrate the methodologies and techniques built into Obligato, a covert implant tasking and communications framework, designed with the Primary objectives of breaking process chaining events, disassociating network communication from the implant, providing a means for maintaining or regaining access, and evading dynamic analysis. Technical information will be explained and demonstrated at both high and low levels, so prior knowledge is not required. However, to get the most out of the talk, attendees are encouraged to have a basic understanding of general Windows architecture, networking, and programming concepts.

Conference:  Cloud Native SecurityCon North America 2022

Authors: Mohan Atreya

2022-10-24

The presentation discusses the challenges of managing RBACs and access control in Kubernetes at scale and introduces an open-source project called Periscope to automate the process.

• Managing RBACs and access control in Kubernetes at scale is a challenge for organizations with hundreds of clusters and developers.
• Manual management of RBACs is impractical and requires automation to ensure the right people have access to the right things.
• Periscope is an open-source project that automates RBAC management and access control in Kubernetes.
• Periscope allows for secure access to clusters behind a firewall and dynamically injects RBACs just in time.
• Periscope also provides strong authentication for all user access and allows for governance and compliance by tracking commands run against clusters.