Collaborate Disseminate
Chris ‘Lopi’ Spehn is a consultant on Mandiant’s red team. Chris was formerly a penetration tester for major credit card companies and retailers. Chris is also the founder of Illinois State University’s first information securit… Continue reading Chris Spehn, Mandiant’s Red Team – Paul’s Security Weekly #568
Chris ‘Lopi’ Spehn is a consultant on Mandiant’s red team. Chris was formerly a penetration tester for major credit card companies and retailers. Chris is also the founder of Illinois State University’s first information securit… Continue reading Chris Spehn, Mandiant’s Red Team – Paul’s Security Weekly #568
Watch out very own Larry Pesce deliver his presentation from MACCDC 2009 on RFID hacking in this week’s throwback! Subscribe to our YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly Continue reading THROWBACK – RFID Hacking with Larry Pesce (MACDCC 2009)
Over the past few years, I have been organizing, participating in, and frequently writing software for CCDC red teams. This year, as I’ve been starting to dust off the code, spin up VM’s and test things to see if they still work, it seems my last-ditch covert channel for control and data exfiltration is no longer working. This method was one of my favorites, and to my knowledge was never found by the blue teams…
More advanced solutions, rather than establishing a connection in or out, use a legitimate third party service you can both send data to and read data from as a dead drop site. Dead drop style C2 is more complex, since you must encode and encapsulate your data to fit the medium; there is normally no inherent direction of data flow, just posted or not. Data blobs will almost certainly be read multiple times, out of order, and by every client that is using this C2 method. As a result, you must largely implement your own addressing, sequencing and tagging, and de-duplication for this to be more than a toy proof of concept. Continue reading How I used dead drop C2 to hide malicious traffic