This month (October 2018) our team members presented at two hacker conferences:
- The MS Office magic show at DerbyCon
- Mirror on the wall: using blue team techniques in red team ops at BruCON
Below, you can find the video recordings of these presentations.
The MS Office magic show
At DerbyCon 8.0 “Evolution”, Pieter and Stan presented the MS Office magic show: a talk filled with offensive tricks (ab)using Microsoft Office products, which can be used in red team operations. Expect XLM macros, SYLK files, VBA hiding, abusing P-Code, fooling OLEtools, AMSI circumvention, HTML/dot polyglots and much more fun!
Videos of other DerbyCon 8.0 presentations can be found here.
Mirror on the wall: using blue team techniques in red team ops
Marc and Mark presented at BruCON 0x0A and announced the public release of RedELK. This tool is a red team’s SIEM that we use heavily in our daily operations. The presentation details how we collect and parse data from our red team infrastructure into an ELK stack and how we can use this data to detect investigative actions of the blue team.
Videos of other BruCON 0x0A presentations can be found here.