Tales of a Red Team: Fun, Facts, and Facepalms

Abstract

Three years of penetration testing and red team experience make for some adrenaline resistance, many technical challenges, and interesting war stories with a facepalm factor. Sprinkled in between, there is also a bit of custom malware development, small gadgets and tools of our own tinkering, next-gen security bypasses, and one or two minor zero days.

This talk aims to share some of that fun: Giving insights into realistic adversary simulation (including both digital and physical intrusion). The talk will first introduce methodological approaches typically pursued by a red team. Once the foundation has been laid, the talk will focus on a set of examples for each phase of a typical red team engagement. These examples will be tightly interwoven with anonymized accounts of several assessments we have performed all over Germany. Explanations will be provided on how to get past antivirus, IT administrators/the blue team, next-gen firewalls, doors, windows, Windows, security guards, and cleaning ladies (hint: being nice is the best way to be evil). Through the talk, participants will gain an understanding of how a red team (in this case, ours) thinks, plans and acts, solved technical and non-technical challenges, and had lots of fun - which, hopefully, the attendants will have too.

Rafael Fedler

Rafael Fedler has been dabbling in security for a few years now. After doing academic security research (mostly on Android security and software security) while in uni for his M.Sc., Rafael found offensive things to be a lot of fun, so he staid. He has three years of experience in penetration testing and red team engagements and thus has seen one or two networks, databases, active directories, and buildings from the inside. Most importantly, though, he follows his curiosity wherever it takes him and is always looking for the next intellectual challenge. This often leads to havoc and things breaking.