Defense
Where SensePost meets the real world
SensePost Training at Blackhat USA
What is SensePost infrastructure training about and what does it give you as a novice pentester? What does it give you as a pentester looking to move into infrastructure hacking? Training at SensePost focuses on learning the Trade and not just the trick, thus our focus is on your testing methodology rather than simply showing you some cool tools. And what is this methodology you may ask, well it is one that aims to emulate real-world scenarios and push you into doing the attacks that are actively happening.
RAT-a-tat-tat
Hey all,
So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison Ivy NSE script as well as the DarkComet config extractor.
Rat a-tat-tat from SensePost nmap-service-probes.pi poison-ivy.nse extract-DCconfig-from-binary.py An example of finding and extracting Camellia key from live Poison Ivy C2’s:
nmap -sV -Pn --versiondb=nmap-service-probes.pi --script=poison-ivy.nse <ip_address/range)
Finding Poison Ivy, DarkComet and/or Xtreme RAT C2’s:
nmap -sV -Pn --versiondb=nmap-service-probes.pi <ip_range>
Offence oriented defence
We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders and auditors, rather then hackers (the con is oriented that way), although it’s odd that I feel the need to apologise for that ;)
The talks primary point, was that by understanding how attackers attack, more innovative defences can be imagined. The corollary was that common defences, in the form of “best practise” introduce commonality that is more easily exploited, or at least degrade over time as attackers adapt. Finally, many of these “security basics” are honestly hard, and we can’t place the reliance on them we’d hoped. But our approach doesn’t seem to want to acknowledge the problem, and much like an AA meeting, it’s time we recognise the problem.
Page 1 of 1