44CON2022

The purpose of this workshop is to give a hands-on introduction to forensic codebreaking – something that is usually not taught in public lessons. The lecturer will introduce the most important pencil-and-paper solving techniques along with links to free codebreaking software.

In the main part of the workshop, the attendees will have the chance to break authentic crime-related ciphertexts themselves. For this purpose, the lecturer will choose the most suitable messages from his large collection. Different difficulty levels, based on the participants’ skills, will be provided. Whenever necessary, the lecturer will assist and give hints. At the end of the session, detailed solution descriptions will be provided.

For this workshop, a laptop is helpful, but not required.

Whilst Cobalt Strike is still arguably the most popular red teaming toolkit as a commercial offering, several open source frameworks have emerged in the last few years that have comparable feature sets, reduce the cost barrier to entry and provide stable platforms to develop, customise and extend red teaming tradecraft and approach. SliverC2 is an open source adversary emulation red teaming framework created by BishopFox and is written in Golang. The framework has gained popularity with red teamers and Russian Foreign Intelligence Services alike .

In this workshop I will take you through the deployment, configuration, and usage of SliverC2 against a fictious company. The goal of the workshop is to provide hands-on experience of the SliverC2 toolset.

Requirements

The environment will be provided and participants will need to have a laptop that has a functional Linux component either as a virtual machine or native operating system. The ability to run Golang will also be needed. An internet connection will be needed to install armoury packages, so a laptop with an ethernet connection that is used to be part of the environment and a secondary connection such as a wireless device is required for that section.

In this session you’ll learn to how to use AWS APIs to not just discover infrastructure, but discover insecure or badly configured AWS infrastructure. Starting nearly from scratch, you’ll build a shell-script or python-based tool that can invoke AWS APIs, interrogate and understand the responses, and use that to guide your exploration of AWS infrastructure.

Requirements:

In order to get value from this workshop, you need to bring the following. There will not be time to open an AWS account, install the AWS CLI, and set up your environment during the workshop. You need to do that in advance. You can use a personal AWS account: the techniques in this workshop can be executed with literally 0 cost. Creating (empty) buckets, security groups, NACL rules and IAM policies are all free actions, as are the discovery APIs that we will call.

Before the workshop you need:

Access to an AWS account
You need some king of identity:
create an IAM user and give it some privileges
use an existing identity and use it at the command line
A laptop where you can write code and run commands at the command line
install a recent version of bash. Any Linux will do. (Windows Subsystem for Linux works fine) or Python 3.8 or later
install the AWS CLI
install jq (for parsing JSON)
if you are using Python, you need to install Boto3 (pip install boto3)
A code editor that you know how to use. We use VSCodium, but it’s up to you.
If you can run the following comment and get sensible output, you have met the prerequisites:

aws sts get-caller-identity

Sensible output looks like:

{

"UserId": "AIDAEXAMPLEEXAMPLE",

"Account": "111122223333",

"Arn": "arn:aws:iam::111122223333:user/paco"

}