Texas Cyber Summit II

Same as BN-1012
Pentesting or ethical hacking as it is more commonly known has become a much sought-after job by people in IT, InfoSec, or those just trying to get into the industry. In this presentation, Phillip Wylie shares the blueprint for becoming a pentester. The presentation combines Phillip’s experience as a pentester and ethical hacking instructor to give attendees a guide on how to pursue a career as a pentester. Phillip shares what has worked for his students and people that he has mentored over his years as a pentester. This presentation covers the knowledge and skills needed to become a pentester as well as the steps to achieve them.

Pentesting or ethical hacking as it is more commonly known has become a much sought-after job by people in IT, InfoSec, or those just trying to get into the industry. In this presentation, Phillip Wylie shares the blueprint for becoming a pentester. The presentation combines Phillip’s experience as a pentester and ethical hacking instructor to give attendees a guide on how to pursue a career as a pentester. Phillip shares what has worked for his students and people that he has mentored over his years as a pentester. This presentation covers the knowledge and skills needed to become a pentester as well as the steps to achieve them.
There is another class at 11:00am PT-1012 if this one fills up.

IPv6 Hacking Tools, IPv6 basics then some of the hacking/testing tools specifically designed for IPv6.

In this talk, come witness BackdorOS a new stealth malicious in-memory OS through a demo that will then be released directly in your hands. This malicious OS, just like a regular OS, provides a software platform on top of which application programs can run. Then I will explore already-existing applications that can run on top of it and how to develop new applications for BackdorOS. Wait for it! I then touch upon how to detect and remediate such threat
Notes: My company specializes in developing breach and attack simulation software. We’re focused on researching novel attack methods. This is one of the many projects that we publish. (Examples for past projects: “The Adventures of AV and the Leaky Sandbox” and “Crippling HTTPS with Unholy PAC”

Larry will walk you thorugh the technical details of building nimble Red Team infrastructure that
leverages cloud native orchestration frameworks such as Kubernetes and service meshes
such as Istio. Special attention will be paid to containerizing and developing deployment
artifacts in Helm for popular C2 frameworks. Automated Kubernetes cluster deployment will be covered for AWS, Google Cloud, and Azure. Details will be given on configuring the Envoy proxy as a redirector and filter in order to obfuscate the infrastructure from unwanted probing by defenders. Techniques for real time monitoring of implant communication will be addressed. The talk will also review the recipes currently available in the Kubered framework (https://github.com/cloudc2/kubred) and other resources helpful for cloud native Red Team operations.

This talk is focused on red teaming techniques and tools against MacOS hosts in enterprise environments. Below is the outline of topics that will be discussed:

-Intro
-Agenda
-A Look at MacOS Enterprise Deployments (Common technologies, Remote management, Local admin rights, Misconfigurations)
-Phishing techniques (Payload types, Credential harvesting techniques)
-Gatekeeper (What is it?, How does it work?, Ways around it/limitations)
-Post Exploitation Methods and Examples
-Common patterns/detection techniques (Parent-child processes, Command line arguments, Network connections)
-Migrating to API Calls (How?, Why This is Harder to Detect, Examples)
-Defensive Recommendations (Host-based, Network-based)
-Q&A