Hack Red Con 2024
-
End the Burnout - 3 things your CISO wishes you knew.
Mark Thacker
-
Doors, Cameras, and Mantraps: Oh, my!
Dylan "The Magician" Baklor
-
Registration Opens
Oct. 25
-
Opening Ceremony
Oct. 25
-
Keynote Round Table - Ed Skoudis, Dave Kennedy, Ken Nevers, Amanda Berlin
Oct. 25
-
Intro to Infrastructure Automation for Offensive Security
Alex MartirosyanOct. 25
-
Securing Derby 150
Jason PaytonOct. 25
-
Creating Intelligence From Malware Samples
Jon "Wally" Prather and Jeff SmealOct. 25
-
CISO Roundtable
Oct. 25
-
Tough Adversary? Don’t Blame Sun Tzu
Dr. Gregory CarpenterOct. 25
Ryan O'Donnell
Ryan O'Donnell is an Offensive Security Engineer at Microsoft. Over the last 13+ years, Ryan has been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has conducted hands-on workshops at Hack Space Con, Bsides LV, and BSides NoVa. Ryan has a Masters in Cybersecurity from GMU and the following certifications: OSCP, OSEP, CRTO, and GREM.
Workshop Description:
Operational security (OpSec) is a cornerstone in red teaming, necessitating continuous refinement of tools and techniques to avoid detection. This workshop is designed for penetration testers, aspiring red teamers, and individuals seeking to enhance their offensive capabilities. It focuses on customizing the Impacket toolset to improve OpSec during engagements.
Impacket tools such as wmiexec, smbexec, and secretsdump are staples in the toolkit of any red teamer due to their versatility and flexibility in Windows environments. However, their detectability has increased as defensive measures have become more sophisticated. This session proposes modifications to these tools to avoid default IOCs and detections.
Participants will explore various customization strategies, including changing default settings, altering network signatures, and integrating stealthier execution methods. Practical exercises will guide attendees through the process of modifying the Impacket scripts, demonstrating how these changes can significantly enhance operational security in simulated environments.
Attendees will gain hands-on experience modifying the Impacket tool set to remove common IOCs. The workshop aims to foster a deeper understanding of both the tools and the underlying network protocols, enabling participants to tailor their approaches to specific operational contexts and defensive landscapes.