从欺骗到隧道：红队用于初始访问和规避的新型网络技术.pdf

《从欺骗到隧道：红队用于初始访问和规避的新型网络技术.pdf》由会员分享，可在线阅读，更多相关《从欺骗到隧道：红队用于初始访问和规避的新型网络技术.pdf（125页珍藏版）》请在三个皮匠报告上搜索。

1、1From Spoofing to Tunneling:New Red Teams Networking Techniques for Initial Access and EvasionSpeaker:Shu-Hao,Tung(123ojp)2Just Another Normal Day of ITSeeing my Intranet LDAP server logP.S.All addresses are example addresses.3Just Another Normal Day of ITSeeing my Intranet LDAP server logSeeing my

2、Intranet LDAP server logP.S.All addresses are example addresses.4Just Another Normal Day of ITSeeing my Intranet LDAP server logSeeing my Intranet LDAP server logP.S.All addresses are example addresses.5Just Another Normal Day of ITSeeing my Intranet LDAP server logWhy a public IP is brute forcing m

3、e?How?Its an intranet server with no DNATSeeing my Intranet LDAP server logP.S.All addresses are example addresses.6Just Another Normal Day of ITSeeing my Intranet LDAP server logOkay I banned 9.9.9.9Seeing my Intranet LDAP server log7Just Another Normal Day of ITOh no how!?Seeing my Intranet LDAP s

4、erver logP.S.All addresses are example addresses.8Whoami Shu Hao Tung(123ojp)From Taiwan Threat Researcher(Red Team)Graduate of NTHU Previous President of HackerSir 123ojp shu-hao-tungo123ojp9AgendaIntroduction&BackgroundRed Teaming Techniques with IP Spoofing in IntranetTwo Methods to Replace Initi

5、al FootholdBOOM!Initial AccessNightmare of VxLAN Tunnel HijackingRouting Protocols Running on Buggy VxLAN Leading to IP Hijacking Leading to Domain CompromisesConclusions&TakeawaysQ&A10Spoofing Source IP11Spoofing Source IP in PublicPublic Internet2.2.2.21.1.1.13.3.3.3ip.srcip.dst3.3.3.3Spoofing1.1.

6、1.1DNS RequestsWe all know that packet spoofing is still possible on public networks.P.S.All addresses are example addresses.12Spoofing Source IP in Publicip.srcip.dst1.1.1.13.3.3.3DNS ResponsePublic Internet2.2.2.21.1.1.13.3.3.3We all know that packet spoofing is still possible on public networks.P