The goal of the Red Team Village CTF is serve as a plaform for red team tactics knowledge sharing and excercises. We constantly create new real world scenarios and challenges for our CTF villages, where cyber security enthusiasts can participate in real world challenges and learn new attack vectors, techniques and more. The idea behind this CTF is to touch on a little bit of everything – from OSINT to post exploitation techniques.
A target company named Victim Corporation has been set up that has a wide list of assets. The assets can be digital, physical, or even employees. There will be Windows Active Directory infrastructure, Linux systems, IoT devices, even phishing campaigns and other attack frameworks. Digital lockers and other physical challenges would be introduced.
The final challenge would be for the Red Teams to attack a target monitored by a Blue team/SoC and retrieve flags without getting caught!
Workshop: Penetration Testing of ECU (Red Team Version)
· Briefing of Vehicle Networks
· Briefing of Vehicle Protocols
· Understanding and briefing CANBUS protocols
· Briefing of CANBUS frame
· Briefing of CAR hacking Tools
· Reverse Engineering of CANBUS – Identify the Arbitration ID of specific vehicle event
· Replay the CANBUS message
· Sending Forged CANBUS messages
· DOS Attack on CANBUS network
· Introduction to Vehicle Diagnostics
List of Components
· Instrument Cluster
· Hardware tool for CanBus testing
· Exposure to vehicle protocol threats.
· An understanding of doing vehicle security modules.
· Significance and hands-on usage experience of various tools in this specific flavor of security.
Panel discussion: Pre-empting attacks – Relevance of red teaming in enterprises
Manu Zacharia, President at ISRA, Founder of c0c0n International Hacking & Information Security Conference
Zero trust networks: Opportunities and challenges for red team Ops
Dan Levy, Senior Manager at EY Israel Advanced Security Center.
Work from home is on the rise (thanks COVID), and with it, proponents of the zero-trust model are also gaining in popularity. But what does this entail for red team operations? What will hacking enterprises look like in the upcoming few years?
We’ll review together major trends surrounding cyber security in the zero-trust era – and not marketing concepts, buzz words or academic theory. This talk will look at the future of network security, how our favorite vendors are aligning their tool stack for 0-trust security, but also the up and rising start-ups that have already raised millions of $ to help enterprises implement zero trust.
Evolution of Offensive Security – it was always about providing business value
Jorge Orchilles, CTO – SCYTHE & Bryson Bort, CEO – SCYTHE
Celebrating 15 Years of Security Weekly means we should go through the evolution of offensive security/ethical hacking. Where did this all start, where are we now, and where are we going? This talk covers everything from the early days of vulnerability scanning, vulnerability assessment, and vulnerability management (probably the hardest part of infosec today!). We then evolved to penetration testing to gain access and further test defenses.
We realized that attackers don’t just go after technology, so we began testing people and process as well as testing assumptions. Eventually we realized we had to work closer with the blue team (defenders) and built a purple team function to collaborate and more efficiently improve. Understanding and collaborating with the defenders led us to leverage cyber threat intelligence to provide the best business value by performing adversary emulations.
This talk will cover all of these, best practices, tips, tricks, and of course, a use case where we can demonstrate it’s value so you too can convince management to perform similar assessments.
Attacking Storage Services : the Lynchpin of Cloud Services
Anant Shrivastava, Technical Director, NotSoSecure Global Services
Privilege Escalation in da House
Carlos Polop Martin, Sec-1 (Claranet)
Local privilege escalation techniques are far beyond checking the Windows/Kernel version, looking for unquoted service paths or checking SUID binaries. Moreover, a local privilege escalation could make a huge difference when trying to comprise a domain. Several tools have been created to find possible privilege escalation paths, but most of the tools for Red Team and Pentesting just check for a few possible paths, so pentesters need to use several tools and do some manual recon to check for everything.
During this talk I will present a suite of open source privesc enumerators that I have created called PEASS (Privilege Escalation Awesome Scripts Suite). The goal of this suite is to check and highlight every possible privesc path so professionals don’t need to execute several different tools and can very easily find the vulnerabilities. At the moment, this suite contains the most complete and user friendly privesc enumerators for Windows (in .Net and bat) and Unix (Linux, MacOS, OpenBSD, FreeBSD). Moreover, I will also show the privilege escalation parts of my book (https://book.hacktricks.xyz/) so people interested the topic can learn more more after the talk.
Notice that independently of the technical level of the audience I’m sure that they will learn some new privilege escalation vector.
Threat Hunting With Elastic Security
Aravind Putrevu, Developer Advocate, Elastic & Haran Kumar, Solutions Architect – Security Specialist at Elastic
The workshop will be based on a real world attack scenario such as Advanced persistent threats(APT) and hunting malicious artifacts efficiently. Get hands-on with latest APT detections and threat investigations.We will be using a threat hunting platform like Elastic including SIEM and machine learning in efficiently finding known unknown and unknown unknowns. We will also utilise the MITRE ATT&CK framework throughout the exercise.
LAB 1 : Analyse and Visualise MITRE TTPs
LAB 2 : Overview of Elastic SIEM
LAB 3 : Hunt the artifacts
LAB 4 : Using the Detection Engine
LAB 5 : Using Cases for collaborative incident response
Visibility In The Clouds: Introducing a New Open Source Tool for Cloud Security
Ilia Rabinovich, Adversarial Tactics Team Leader, Sygnia & Oleg Lerner, Cyber Security Expert, Sygnia
The accelerated transition to cloud services and the rising adoption of cloud hybrid architecture is being leveraged by threat actors, who are both targeting cloud environments and weaponizing them as an attacking surface. On-premise misconfigurations and vulnerabilities have been replaced with new risks and attack paths which abuse cloud and cross-platform connectivity. In this session, the Sygnia team will discuss a few of the major trends in cloud environment attacks and present a new open-source tool, designed to support rapid visualization and the identification of potential attack paths in cloud environments.
Offensive Embedded Exploitation : Getting Your hands dirty with Hardware Hacking and Firmware Analysis
kaustubh Padwad, Security Researcher & Arun Mane, Founder and Director, Amynasec Labs LLP
The world is moving towards smart culture everything nowadays is smart, and mostly all are those smart devices are basically embedded devices with internet connectivity or some provision to connect with the internet. Since these devices are booming in the market this also tempting lots of people/groups for hacking.
In this 1 hour talk we will discuss how to test the embedded/IoT devices, it would give you a methodology for assessment, how to extract firmware from storage chipset with help of Hardware Testing, how to perform firmware analysis, identifying vulnerable components, basic approach for reverse-engineering the binaries to discover potential remote code execution, memory corruption vulnerabilities by looking for native vulnerable functions in C or bad implementation of functions like System, popen, pclose etc.
After conducting static analysis, firmware analysis we will move towards a dynamic testing approach which includes web application testing, Underlying OS security testing, identifying vulnerabilities and misconfiguration in the device. At last, we will move towards fuzzing the device via web application parameters and installing an appropriate debugger on the device to identify memory corruption vulnerabilities.
Payload delivery for initial access in Red Team engagement and Adversary Simulation
Jean Marie Bourbon, Head of Forensics & Offensive Security Dept., POST Luxembourg
Old Still Cool: Classic SE formats merge for high complex context in three peculiar tales
Daniel Isler, Sr Social Engineer Pentester, Dreamlab Technologies
Obtaining access and sensitive information of critical and high awareness areas through the combination of classic formats of Social Engineering attacks.
Controls and filters advance according to market demands and it is becoming increasingly difficult to perform generic phishing simulations with a considerable scope, without these being rejected by security systems, reaching the spam mailbox or alerting security filters and preventing the integrated display of malicious mail.
How to bypass an antivirus in a service under a black box format? How to bypass firewalls so that systems can be accessed without being stopped? Is it necessary to go unnoticed? As a unit we have specialized in the last five years in the development of pretexting, persuasion techniques and extremely particular and effective simulation scenarios.
This paper presents 3 cases of mergers of classic Social Engineering formats united under concepts that we call Physical Spear Phishing and Vishing Web Scam. The physical-digital tools and techniques used for the realization of objectives will be explained. One of the first difficulties we have in SE services is the short time we have in relation to an organized criminal band. They manage to carry out effective attacks after periods of six to twelve months of research and testing. We only have 5 to 10 days for the entire project: Information gathering, execution and reporting. So, trying to replicate the real-time flow of an attack’s entirety is unworkable and trying to emulate it in such a narrow time only yields results that are not close to reality, thus generating false security in the collaborators involved in the simulation.
For this we were obliged to look for processes and techniques that would place us in a realistic scenario of high reach.
Red Team Village Organizing Crew
Red Team Village (https://redteamvillage.org) is a community driven combat readiness platform for Adversarial attack simulation, Red teaming tactics and Offensive security operations. This community is managed by a group of cyber security and red team tactics enthusiasts. A red teamer needs to be skilled in every aspect of Adversarial Simulation and offensive security operations. We can consider this as a platform to share tactics, techniques, and tools related to various domains of adversarial attack simulation.
We have been organizing workshops, talks, demonstrations, open discussions, Capture the flag challenges (CTF) and other exercises at Cyber Security conferences for the past 4 years. We do design real life corporate CTF scenarios with the same network architecture and defensive mechanisms used by the organizations. The CTF players needs to do the red teaming against this infrastructure which protected and monitored by Blue teams. This village welcomes Red teams, Blue teams and Purple teams. Blue teams get to know the attack tactics used by the adversaries, and Red teams get to learn the security monitoring/detection techniques used by the SoC teams. A collaborative purple teaming culture can be cultivated.
We have organized more than 10 villages (Talks, CTF and training) along with cyber security conferences such as Nullcon, c0c0n, OWASP, DEFCON Group Trivandrum etc