|08:00 às 08:50||Credenciamento||Palestrante|
Arthur Paixao and Diego Mariano
This paper presents a novel methodology that combines red team and blue team exercises to enhance cybersecurity resilience in the Brazilian healthcare sector. The methodology is designed to go beyond the traditional roles of red teams and blue teams. It incorporates threat injection exercises with a newly created prioritization method, training the Red Team to assist the CSIRT in responding to incidents and creating a new role for the Red Team. Additionally, a new technique called Offensive Intel monitors the threat landscape of competitors and provides insights on how to protect our own landscape.
Our research presents a method for injecting and executing code in memory that circumvents the need for memory pages with execution permissions. Instead, we leverage specific sections within trusted software DLLs, which offer memory sections with read, write, and execute (RWX) permissions. By exploiting these sections, we have developed a technique that allows us to bypass user land EDR (Endpoint Detection and Response) hooks. This innovation opens up new avenues for evading detection and enhancing the stealth of code execution, significantly impacting the field of cybersecurity.
A proposta é falar sobre como se dá um assessment no Active Directory, o que precisa ser levado em conta, quais são as considerações que precisam ser consideradas. Além disto, o entendimento de como funciona o protocolo Kerberos é fundamental.
Fabricio Gimenes aka FgP
A ideia dessa talk e mostrar algumas Fases/Técnicas que podemos utilizar durante um exercício Redteam ou ate mesmo em um Pentest em ambiente Windows. O foco principal é mostrar técnicas de bypass e persistência utilizando o próprio Windows como nosso aliado. Todos as PoCs aqui foram feitas em um ambiente de Laboratório controlado, onde foi construido alguns mecanismos de proteção como “ Constrained Language, elevação de privilégio utilizamos AlwaysInstallElevated e persistência utilizando Windows EventLog” Durante todos teste busquei utilizar técnicas diferentes das existentes trazendo assim uma nova abordagem. Bypass CLM “PowerShell Constrained Language Mode” Elevação de Privilegio Utilizando WIX File para obter acesso como NT/AUTHORITY Persistência Utilizando o Windows EventLog
Andriel Biagioni aka Dril
The talk consists of explaining in depth and technically the public vulnerability (CVE-2019-16253) in the SamsungTTS application - available on all Samsung cell phones. In addition, the talk will bring a little-known way to exploit the vulnerability in current Samsung devices. This approach can be extended to all Android devices as well. This study was motivated by the news through this link: https://www.xda-developers.com/tts-samsung-exploit-how-it-works/
Elbert Cirino aka tuxtrack
In this presentation, we will explore how attackers can abuse Azure attack paths by leveraging Graph API permissions. We will start by examining the different types of Graph API permissions and how they can be used to gain access to sensitive information and resources on Azure. We will also look at real-world attack scenarios that exploit these permissions, such as token theft, privilege escalation, and data exfiltration. Next, we will demonstrate how attackers can use the Graph API to perform reconnaissance on Azure environments, including identifying vulnerable endpoints and potential targets.
Relying on LSPosed SDK, Gaspar proposes an evasive reliable and fast argumentation framework directly on Android Run Time (ART) hooking and interposition abstraction
"Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike."