45      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778544 - Red Teaming with Dark Web and GitHub PoC Exploits


Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm



Credits: None available.

Description

Examined is a collection of open source tools that are used in an authorized red team engagement of a cloud-native Kubernetes cluster environment to discover application security defects. Our collection of dark web and GitHub proof-of-concept (PoC) tools provide a red team with an advanced adversarial advantage over traditional commercial tooling across all stages of an engagement. We report the results in relation to our understanding of the cloud shared responsibility model as it applies to IaaS, PaaS, and SaaS. Several flaw discovery and exploit tools with be demonstrated to show their utility. We explore how CVEs are weaponized on the internet and how having red team a-priori knowledge of them can help organizations create defense-in-depth mitigating controls.

Learning Objectives:
  • Plan a penetration test using open source tools.
  • Recall specific dark web toolkits for red teaming.
  • Demonstrate an understanding of GitHub proof-of-concept (PoC) exploits and their applicability to red teaming engagements.

Speaker(s):

Tags: Intermediate

Credits

  • 1.00 - CPE

You must be logged in and own this session in order to post comments.

David Zarsky
11/10/21 10:16 pm

Good to hear the comments about zero-days being less common and the thoughts about more info out on Github.