Adversary Village - Autonomous Lateral Movement

DEF CON

Wampouille, Stephan

Formal Metadata

Title

Title of Series

DEF CON 29

Number of Parts

Author

Wampouille, Stephan

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/54355 (DOI)

Publisher

DEF CON

Release Date

2021

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

See autonomous lateral movement in a live environment. In this Linux-based attack, multiple benign behaviors - each designed not to be detected - are chained together to complete a lateral movement action. Using a creative approach to parsing indicators of compromise out of RAT responses and injecting them automatically into commands later down the kill chain, this lateral movement demonstration will be fully hands-off. The techniques and TTPs in this demonstration will be made open-source following the talk.