Slide 1

Slide 1 text

Breaching The Perimeter Tips From The Red Team

Slide 2

Slide 2 text

Who am I Harold Rodriguez aka superkojiman ● Security researcher with a focus on offensive security ● Penetration testing, red teaming, tool development, vulnerability research ● Cut my teeth on CTFs back in the day ● Certificates ○ Offensive Security Certified Professional (OSCP) ○ Offensive Security Certified Expert (OSCE) ○ Certified Red Team Operator (CRTO)

Slide 3

Slide 3 text

What is this talk about Different techniques we've used to gain access to a company's network ● What is a red team ● Reconnaissance ● Creative ways to break in

Slide 4

Slide 4 text

What is a red team ● Real world attack simulation to test a company's defense and responsiveness ● Blue team is unaware that it's taking place ● Objective oriented; e.g. access database hosting customer data ● Different flavours such as traditional and assumed breach

Slide 5

Slide 5 text

Reconnaissance

Slide 6

Slide 6 text

Physical Reconnaissance ● Number of entrances ● Access controls; locks and card access ● Cameras ● Places to hide out ● WiFi SSIDs and security protocols ● Network ports and power outlets ● Printers and computers ● Receptionists ● Security guards ● Employee seating ● Employee hangouts (cafes, lobbies) ● People traffic ● Dress code

Slide 7

Slide 7 text

Digital Reconnaissance ● Website and online presence ● Subdomains ● Other websites operated by the company ● Employee information from LinkedIn ● Company login portals ● Company reviews from employees ● Company job postings ● Credentials from data leaks ● Services used by the company (cleaning staff, maintenance, ISP, phone provider) ● Company floor plans

Slide 8

Slide 8 text

Execution

Slide 9

Slide 9 text

Password attacks ● Look for published password leaks and database dumps ● Don't underestimate people's ability to create weak passwords ● Even IT will use easy passwords for new employees ○ Welcome1! ○ CompanyName123! ● People will use weak passwords that conform to password policies ○ Winter2023! ○ January2024! ● People will use predictable password patterns ● Exploit using slow password spraying attacks with rotating IP addresses

Slide 10

Slide 10 text

Examples of password attacks Got credentials? ● Try to VPN into the company's network ● Login to Azure portal and enumerate the domain and users ● Login to Microsoft 365 and look for sensitive documents / emails ● Upload malware into Sharepoint and share with other employees ● Social engineer or phish other employees

Slide 11

Slide 11 text

Phishing ● Have a clear goal of what you want your target to do; capture credentials or download and run a file ● Use tools like ChatGPT to get you started with the text ● Take advantage of what's happening in the world like holidays, major events ● Get creative, don't limit yourself to email; try snail mail, faxing, SMS, QR codes

Slide 12

Slide 12 text

Examples of phishing login credentials These examples trick the user into authenticating to a login page designed to capture their credentials ● Email developers notifying them that they have successfully added a new email address to their GitHub account with a link to a fake GitHub login page ● Email employees about new employee benefits and promotions that requires them to click on a link and login to a fake login page ● Send snail mail to employees with a QR code for them to scan and login to a fake login page to claim a gift

Slide 13

Slide 13 text

Examples of phishing login credentials

Slide 14

Slide 14 text

Social engineering ● Have a clear goal of what you want to accomplish; get access to a location or some information, or get the target to do something ● Blend in and act like you belong ● Give your target a reason for your reaching out to them ● Mention things that give you credibility ● Be friendly but persuasive ● Don't be afraid to use props

Slide 15

Slide 15 text

Social engineering examples ● Pretending to be a customer or guest to distract a receptionist so your teammate can sneak in ● Having your hands full with a box of donuts and coffee so someone lets you tailgate in ● Pretending to be a courier delivering flowers to employees during Valentine's Day, had receptionist leave her desk to bring flowers to employees, install backdoor on her laptop

Slide 16

Slide 16 text

Hardware implants A device plugged into a network port or computer that gives you a foothold into a network or a user's computer ● Company might have a tight external defense but internal security might be more relaxed ● May require some social engineering or sneaking around to pull off

Slide 17

Slide 17 text

Hardware implant examples

Slide 18

Slide 18 text

Hardware implant execution

Slide 19

Slide 19 text

Closing tips ● Intel gathering increases your chance of success ● Some things you try might end in failure, learn from it and refine your technique ● Get creative, think outside the box and don't over complicate things Socials: ● Web: https://techorganic.com ● Discord: @superkojiman ● GitHub: https://github.com/superkojiman