BSidesSF 2018 has ended
Back To Schedule
Sunday, April 15 • 4:10pm - 4:40pm
Tales of Red Teaming, aka "Continuous Intrusion Continuous Deception"

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This talk explores various avenues of techniques used to attack a large scale corporate networks. It begins by discussing about the compromise of misconfigured deployment systems to obtain access to production servers. We will also show how it is possible to backdoor software packages with minimal to no effort and gain SYSTEM level access to many of production boxes. Then we will move on to show methods to break out of containers such as docker & we talk about misconfigurations in Kubernetes clusters that can be useful in compromising sensitive assets in multi-tenant systems. This talk also explores webhook trickery in slack for phishing and we end this talk by exploring the implementation of a technique for real-time 2FA bypass that we used in a red team exercise.

avatar for Aladdin Mubaied

Aladdin Mubaied

Sr. Principal Security Engineer, Oath Inc
Aladdin Mubaied (@0xshellrider) is a Sr. Principal Security Engineer in Oath’s Red Team. He enjoys exploiting vulnerabilities and getting shells. Aladdin has conducted research in various areas, including web security, exploit development, public key cryptography and distributed... Read More →
avatar for Rahul Nair

Rahul Nair

Security Engineer, Oath Inc
Rahul Nair (0xrnair) works as a Security Engineer in Oath’s Red team. He likes working on various things such as ugly JS frameworks, binary exploitation,crackmes and dabbling with the human aspect of security. Once in a while he tinkers around with sandboxes and stares at kernel... Read More →

Sunday April 15, 2018 4:10pm - 4:40pm PDT