11-23, 17:00–18:00 (Europe/Vienna), Track 1 (Dachssal)
This talk seeks to demystify red team operations against compromised Linux hosts. We'll briefly discuss the sort of things a hacker stands to gain, but the bulk of the talk will walk through a reasonably representative operation, mainly sticking with common command-line tools and demonstrating what goes on when a Linux host is compromised and, more importantly, why.
What really happens when the Red Team ends up on a Linux box? What are they looking for? Does anybody really use ed(1)? Oh, then, what do they use and why?
There's often quite a bit happening in that often mysterious bit between initial access (i.e. code running somewhere someone would rather it not) and the meeting to discuss findings. Turns out, though, that behind the shroud of mystery is equal parts party tricks and good old-fashioned Linuxing; no magic, superpowers, or arcane incantations necessary.
In this talk we'll walk through (the fun bits of) a poking at a single server, with a twist. We'll first have a quick look at a handful of the whys behind compromising an arbitrary host, but the bulk of our time will be spent taking our initial access and turning it into full compromise without fancypants hacker tools or TTPs; in other words, we'll hack sysadmin-style.
Stuart is a Lead Engineer on the Offensive Security team at Klarna, where he focuses on Red Teaming, Unix, and general Swiss Army knifery. He's been on the offensive side of public and private sector security for seven years, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools.