After our participation in blackhat USA 2016 (Las Vegas), loyal to the appointment with the largest event for cyber-security we attended this year's blackhat Asia 2017 in Singapore. The brightest professionals and researchers in the industry came together for a total of four days-- two days (28-29 of March) of deeply technical hands-on Trainings, followed by two days (30-31 of March) of the latest research and vulnerability disclosures at the event Briefings, and open-source developed tools demonstration in the event's Arsenal.
Dark Side Ops was updated to include even more sophisticated red-teaming tactics, stealthy application white-listing bypasses, configuration and maintenance of covert C2 infrastructure, and obscure techniques used by real-world attackers to escalate privileges and pillage an environment for sensitive data.
Blackhat hackers penetrate enterprise networks in the flash of an eye, ravage endpoints for sensitive data, and silently exfiltrate the keys to your kingdom without ever popping an AV alert, flagging the SIEM, or being blocked by the proxy. Dark Side Ops: Custom Penetration Testing enabled us to "break through" to the next level by removing our dependence on 3rd-party penetration testing tools, allowing for outside-the-box thinking and custom tool development leveraging the latest in API abuse and advanced code execution techniques.
We were provided with hands-on experience into the black hat techniques currently used by hackers to bypass network-based enterprise intrusion detection and prevention systems (IDS/IPS), layer 7 web proxies, and data loss prevention (DLP) solutions. We used advanced evasion techniques of corporate host-based countermeasures including antivirus and application white-listing solutions by developing, compiling, and deploying custom backdoors, payloads, and persistence deep into protected enterprise networks.
In the next two days, we watched a plethora of very interesting Briefings on Network Defense, Data Forensics and Incident Response (DFIR), Exploits Development, Cryptography, Reverse Engineering.
As always, there was a special area for public demonstration of open source tools and products. In this Arsenal, we watched live presentations of independent open source researchers, tested the tools and discussed implementations and usages with the presenters.