DumpsterFire Toolset - Generating Network & System Shenanigans to Manipulate Blue Teams
During red team engagements (and blue team drills) it can be useful to induce specific responses from blue team members. Possibilities include luring an admin to a compromised system to capture their login credentials, generating distractions on a different subnet to draw attention away from your activities, or chaining sequences of events to mislead and exhaust availability of limited staff. Additionally, blue teams may want to create and execute repeatable, time-delayed malicious activities to perform detection & response drills across SOC shifts. This presentation will introduce various techniques for attracting, distracting, and overwhelming incidence response teams & system administrators, as well as corresponding scenarios for each. The techniques are all part of DumpsterFire, a new Python-based tool, which will be released on GitHub in conjunction with the presentation. Attendees will learn how to use DumpsterFire's capabilities in their own operations, with sample use cases for each DumpsterFire module, and steps for creating their own custom modules.
TryCatchHCF is Principal Security Researcher & Red Team member at a Fortune 500 company, with 25+ years of industry experience, including principal infosec engineer, pentest lead, and appsec team lead. His childhood experiments started with Heathkit electronics kits and coding in 6502 assembly, leading to a 300 baud modem and the discovery of BBS's from which he collected way too much ASCII art. He is the creator of the CloakifyFactory data exfiltration toolset (https://github.com/TryCatchHCF/Cloakify). Education includes a bachelors degree in Cognitive Science, a masters degree in Information Assurance, and the shared mind-threads of the global hacking community.