10-18, 12:00–12:50 (America/New_York), Track 1 (206b)
Language: English
When performing Red Team or penetration testing, we occasionally need to put some hardware on the internal network. While it sounds simple, building out a basic "dropbox" that provides testers a secure, stable, and stealthy(?) pivot into a network can quickly turn into a painful adventure in balancing technology, project requirements and, restrictions. In this session we discuss the decisions, options, and compromises we face in building out a dropbox. Understanding the choices to be made helps us build the reliable tools that support productive testing engagements.
Penetration Testing and Red Team attack simulations performed against internal networks or applications require a reliable connection to that environment. While this connection is often achieved via software agents, virtual machines, or on-site penetration testers, the use of a purpose built "dropbox" computer for remote access is a preferred method for many engagements.
In building out these testing platforms, the testing goals we are looking to achieve help us define the dropbox we assemble. A covert Red Team challenging defender's skills in detection, discovery, and attribution will require a very different build than a system supporting concurrent penetration testers and vulnerability scanning. We will cover the myriad of hardware, software, power, and communication decisions to work through and infrastructure needed to support those choices.
Although specific hardware and software options will be mentioned, this presentation focuses on helping us make the best decisions from the available choices rather than providing detailed but instantly out-of-date build instructions.
We will wrap things up by discussing some of the dropbox systems penetration testers and threat actors have been using in the field and cover a few legal considerations that will help keep you on the right side of the law.
Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, ShowMeCon, DeepSec, CypherCon and helps to organize “BurbSec”, the best attended Information Security monthly gatherings in the US.