Adversarial Post-Exploitation: Lessons From The Pros presented at bsidesdc 2016

by Justin Warner,

Summary : With the recent evolution in red teaming and a shift towards adversary emulation for network assessments, the source of inspiration for offensive tactics, techniques and procedures (TTPs) must change. An offensive force looking to deliver realistic engagements can and should use analysis of adversarial toolkits to better their tradecraft. First, this talk will cover the process of deconstructing real world toolkits for practical analysis and use. To apply the process, this talk will analyze certain post-exploitation features seen in the wild and how adversaries use them to accomplish their malicious objectives. Next, similarities will be drawn between the objectives of the adversary and the objectives of the red team to demonstrate how these novel tradecraft ideas can be beneficial for training as well. Finally, PowerShell code built to emulate the adversary actions will be demoed and released for practical use in engagements.