Backdoors & Breaches - Introducing the RED CANARY Expansion Deck!
HTML-код
- Опубликовано: 15 июл 2024
- Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
00:00 Introductions
00:20 What is Backdoors and Breaches?
01:09 What is Red Canary?
02:07 What is Atomic Red Team?
04:25 Backdoors and Breaches Github - Download and play on-prem
04:45 Playmats for purchase in Spearfish General Store
06:20 Naming the cards
07:58 Begin Initial Compromise Cards
08:06 USB Drive By
09:02 Links on cards explained
10:45 Compiled After Delivery
11:30 Gatekeeper Bypass
12:57 Obfuscated Payload Delivery
15:16 RFID Theft
17:14 Begin Pivot and Escalate Cards / Explanation
18:25 Disabling Windows Defender to install Atomic Red Team (Fight the PowerShell)
20:57 Process Injection
21:46 LSASS Credential Dump
23:08 Application Control Bypass
24:19 Read/Write With CHMOD777
26:07 PsExec Abuse / Printer & FAX machine vulns
28:22 Lateral Tool Transfer
29:56 PsExec is not necessarily evil
30:30 Begin C2 and EXFIL Cards
31:13 Cloud Services as EXFIL
32:52 Authorized Remote Tools
34:18 Bluetooth as EXFIL
36:36 Malicious Access Point
39:04 Begin Persistence Cards
39:23 Event-Triggered Execution
39:43 Scheduled Task
39:56 Rename Process
40:47 Spawn Web Shell
41:34 Begin Injects Cards
41:56 Missed Payday
43:16 Not a Red Team
44:28 Deez Registry Keyz Plz?
45:16 Quishing (It's a thing)
47:20 Undocumented System
48:26 Call a Consultant Card
49:38 Post-Show wrap-up
51:52 Q & A
51:55 Is there a home lab for Red Canary?
52:44 Is blue_hydra effective as a tool for defending with Bluetooth as exfil with Ubertooth?
54:02 Is the ability to combine decks a planned feature?
55:12 Practical baselining
56:49 In theory, couldn't you catch syslogs of Bluetooth on managed devices and see what is getting transferred to kick off a playbook?
57:28 Can the incident captain play an Inject Card at any time?
58:06 C2 via TikTok?
🔗 redcanary.com
🔗 Play/explore online interactive version of Backdoors & Breaches:
play.backdoorsandbreaches.com
dev.backdoorsandbreaches.com
🔗 Download and play Backdoors & Breaches on-prem:
github.com/blackhillsinfosec/...
🔗 Backdoors & Breaches Playmat:
spearphish-general-store.mysh...
Description: The Black Hills Infosec and Red Canary teams combined forces to create a new expansion deck for the incident response card game, Backdoors & Breaches.
During this webcast, we'll teach you how to get started playing Backdoors & Breaches with your teams to learn cybersecurity and conduct fun and effective incident response tabletop exercises. As we introduce the new Red Canary expansion deck, we'll use it to teach you about the attacks and inject cards.
The new expansion deck will be included in the free online version at play.backdoorsandbreaches.com
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest RUclips: / wildwesthackinfest
Active Countermeasures RUclips: / activecountermeasures
Antisyphon Training RUclips: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
🎉🎉🎉
awsome