Cracking the Code: Unveiling Infostealers in PDF Structures

This session delves deep into the intricate structures of PDF files, offering a meticulous analysis of each segment with a focus on identity threats. Unveiling the covert strategies of threat actors, we explore how they ingeniously incorporate malicious components into file structures, often leveraging identity-related data for targeted attacks. The session elucidates the meticulous collection of IOCs (Indicators of Compromise) and the construction of IOAs (Indicators of Attack) for behavioral analysis, empowering defenders to anticipate and thwart novel attack vectors that threaten identity security.
Our technical journey navigates through the PDF file's anatomy, encompassing headers, bodies, cross-reference tables, and trailers. Live demonstrations dissect malicious PDFs using tools like pdfid, pdf-parser, and pdftk, providing hands-on insights into the analysis process. The presentation unravels encoding techniques and exposes how threat actors exploit identity data to establish Command and Control (C&C) channels within PDFs. The session concludes with an opportunity for questions, equipping participants with advanced knowledge for robust malware analysis and proactive defense strategies, especially concerning identity security.

Graph-Based Cloud Attacks: Unraveling Cross-Platform Vulnerabilities

Practical demonstration of how the attackers can use misconfigurations across major cloud platforms, including AWS, Azure, GCP and OCI. Attendees will gain invaluable insights into the multifaceted challenges posed by misconfigurations within these cloud environments. Leveraging the power of graph-mode visualization, we will dissect and map potential attack paths arising from misconfigurations, providing a visual narrative of the complex relationships at play using open-source tools through the neo4j/memgraph database to explain some possible attacks.
The heart of the discussion will revolve around practical mitigation approaches tailored to each cloud platform, ensuring a holistic defense strategy using open-source tools and free tools to help organizations increase their security posture. Real-world examples and case studies will illustrate the impact of misconfigurations and how a proactive approach, guided by graph-mode visualization, can significantly enhance security.
By the end of the presentation, participants will be well-equipped to navigate the nuanced landscape of misconfigurations in AWS, Azure, GCP and OCI. This knowledge will empower cloud security professionals to implement effective mitigation strategies, fortifying their cloud environments against evolving cyber threats across diverse platforms. Attendees will gain invaluable insights into the multifaceted challenges posed by misconfigurations within these cloud environments. Leveraging the power of graph-mode visualization, we will dissect and map potential attack paths arising from misconfigurations, providing a visual narrative of the complex relationships at play.

Identity-Driven Attack Paths: What Every CEO and Board Needs to Track

Most modern breaches originate not at network boundaries, but through the compromise and abuse of digital identities. From credential theft to privilege escalation, identity-driven attack paths present a direct threat to business continuity, regulatory compliance, and reputation. This executive briefing demystifies how attackers exploit identity weaknesses, what business leaders should monitor beyond basic user credentials, and how to quantify and communicate identity risk to key stakeholders—including the Board. Walk away with actionable insights to prioritize identity security and close the most consequential gaps in your organization’s defenses.

Machine Identity & Attack Path: The Danger of Misconfigurations

In today's rapidly evolving digital landscape, security within multi-cloud environments is more critical than ever. This talk aims to illuminate the complex challenges and emerging threats presented by multi-cloud setups, focusing specifically on Attack Paths and Machine Identity management.
Attendees will gain a comprehensive understanding of how attackers exploit vulnerabilities and improperly implemented security measures across cloud platforms. By delving into the intricacies of attack vectors and the pivotal role of machine identities, this presentation will provide actionable insights for fortifying cloud infrastructures.
The session will showcase the power of open-source tools—SecBridge, Cartography an AWSPX—in enhancing the security posture of multi-cloud environments. Participants will learn how these tools can effectively map environments, visualize IAM permissions, and improve tool integrations to secure their cloud operations.
Whether you're a cybersecurity professional, cloud architect, or IT manager, this discussion will equip you with the knowledge and strategies needed to safeguard your organization's digital assets in a complex multi-cloud world. Join us to explore innovative solutions that address the pressing security needs of today's cloud ecosystems.

Malware Attack in PDFs: An Adversary Real Attack Analysis

Join us for an in-depth exploration of how PDFs, a ubiquitous document format, can be exploited as a vessel for executing malicious JavaScript malware. This presentation will delve into real-world vulnerability that have been targeted to execute harmful code within PDF files—posing a serious threat in today's cybersecurity landscape.

Key exploit techniques we'll explore include:

Heap Spray Attacks: Using shellcode to strategically overwrite memory, thereby enabling attackers to execute arbitrary code and gain control over target systems.

Data Exfiltration Tactics: Methods for covertly extracting critical information, such as email addresses and system details, from users without their knowledge or consent.
Embedding Malware in PDFs: An examination of how attackers embed harmful scripts into PDFs, tricking users into activating exploits within Adobe Reader through seemingly ordinary actions.

We'll dissect malicious actions such as shellcode injection, buffer overflow attacks, Adobe Reader exploit, and memory manipulation, all designed to execute malware effectively.

This session is perfect for offensive security professionals seeking to deepen their understanding of PDF-based exploits and enhance their penetration testing and threat emulation capabilities. Discover how these sophisticated threats operate and learn strategies to counteract them within your security frameworks. Join us to stay ahead in the ever-evolving world of cyber threats.

More information about the presentation you can find in this article - https://labs.segura.blog/unmasking-the-threat-a-deep-dive-into-the-pdf-malicious-2/

Cloud Offensive Breaches: The Graph-Based Exploitation of Misconfigurations

During this talk, we will cover the critical importance of permissions management in integrations, especially in cloud environments, and how an inappropriate permissions standard can create significant vulnerabilities for attackers. We will explore how an attacker can leverage legitimate permissions to perform privilege escalation in the cloud, highlighting the fundamental differences between Attack Vector and Attack Path. Additionally, we will examine the most effective and shortest path an attacker can take to achieve success in their goals. We will also discuss strategies to improve security in this context and mitigate these threats.

Structural Insights: PDF Analysis for Detecting and Defending Against Threats

We’ll walk through the structures of a PDF, analyzing each part of it, demonstrating how Threat Actors work in the inclusion of malicious components in the structures of the file, in addition to demonstrating the collection of IOC(Indicators of Attack)s and how to build IOA(Indicators of Attack) for analysis by behavior, to anticipate new attacks. Demonstrating structures in the binaries as a PDF(header/ body/cross-reference table/trailer) and performing a comparison of malicious PDFs, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code.

Malware Hunting - Using python as an attack weapon

The purpose of this presentation is to use python scripts to perform some tests of efficiency and detection in various endpoint solutions, during our demonstration we’ll show a defensive security analysis with an offensive mind performing an execution of some python scripts responsible for downloading some malware in Lab environment. The first objective will be to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, running this script, the idea is to download these artifacts directly on the victim’s machine. The second objective is to run more than one python script with daily malware, made available by MalwaresBazaar upon request via API access, downloading daily batches of malwares . With the final product, the front responsible for the product will have an instrument capable of guiding a mitigation and / or correction process, as well as optimized improvement, based on the criticality of the risks.

Malware Attack using Exploitation with Reverse Shell, PowerShell, and malicious VBS

The purpose of this presentation, it was to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by CrowdStrike, this presentation brings the result of the defensive security analysis with an offensive mindset using reverse shell techniques to gain access inside the victim’s machine and after that performing a Malware in VBS to infect the victim machine through use some scripts in PowerShell to call this malware, in our environment. Regarding the test performed, the first objective it’s to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by Signatures, NGAV, and Machine Learning, running this script, the idea is to use the reverse shell technique to gain access on the victim’s machine. After the execute this attack, the second objective consists in performing the PowerShell Script to run this script, to download a VBS Malicious file on the victim’s machine and execute itself, calling this malware provided through Malwares Bazaar by API request.

Malware Hunting - Practical Offensive Approach

We’ll walk through the structures of a PDF, analyzing each part of it, demonstrating how Threat Actors work in the inclusion of malicious components in the structures of the file, in addition to demonstrating the collection of IOC(Indicators of Attack)s and how to build IOA(Indicators of Attack).
Developing offensive thinking that it’s the highlight of this training, you’ll be able to create different strategies to send some attacks, and to know how you can deliver that, and so on. Will have the experience of learning to execute several efficiencies and detection tests in your lab environment, bringing the result of the defensive security analysis with an offensive mindset performed some types of the attacks that are used in cybercrime and being able to take practical actions to identify these threats. Understanding how Cyber Kill Chain works, learning Static and Dynamic Analysis of some types of files, and executing your own attacks…

Knowing differences between Cyber Resistance and Cyber Resilience

You’ve probably heard about Cyber Resilience, but what should be the differences between the two terms in the context of Cybersecurity? Cyber Resistance is the same or not?. Prioritizing where to focus efforts first when attack scenarios are almost endless is a complex task. There are often millions of potential attack paths. Most organizations do not know what those paths are or how to prioritize which ones to close first if they can be closed at all. During this presentation, we will be understanding the differences between Cyber Resistance and Cyber resilience, and how we can apply both concepts to our current technology landscape, besides understanding how we can identify the High-Value Target (HVT) in our organization.

Hacking Docker Environment using Pivoting Techniques

Demonstrating an exploit in a Container environment (three dockers) across three different networks, I will demonstrate different pivot, vulnerability exploit, and privilege escalation techniques on all machines using Alpine Linux, Gogs app, and other linux platforms. Using Pentest methodologies such as recon, enumeration, exploitation, and post-exploitation. By the end of this “talk” everyone will be able to see different ways that exist in working with a single form of pivot and how to overcome different obstacles in different networks within this “new” environment called Docker;

Exploitation with Shell Reverse and Infection with PowerShell using VBS file

The purpose of this presentation, it was to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by CrowdStrike, this presentation brings the result of the defensive security analysis with an offensive mindset using reverse shell techniques to gain access inside the victim’s machine and after that performing a Malware in VBS to infected the victim machine through use some scripts in PowerShell to call this malware, in our environment. Regarding the test performed, the first objective it’s to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by Signatures, NGAV, and Machine Learning, running this script, the idea is to use the reverse shell technique to gain access on the victim’s machine. After the execute this attack, the second objective consists in performing the PowerShell Script to run this script, to download a VBS Malicious file on the victim’s machine and execute itself, calling this malware provided through Malwares Bazaar by API request.

Effects Malware Hunting in Cloud environment

During this presentation, I’ll demonstrate the risks that a PDF can bring to your Cloud environment if it’s exploited by malware, I’ll be explaining how each session works within a binary, and explain how cyber attackers are using different techniques, like packers, obfuscation with JavaScript (PDF), demonstrating how these malwares works and where it would be possible to locate the malicious code. At the end of this conversation, it will be clear to everyone how Dev/ Research should look better at their cloud environment, in addition to providing clear guidance on how people can seek more basic knowledge, with file structures, software architecture and language. schedule.

Do you know HVT and how the attacker can exploit it in the Cloud?

The Adversaries leverage the attack surface complexity to their advantage. They look for the shortest and easiest attack path to access high value targets quickly, before they are detected. It is a race of time between the attacker and the defender, during this talk we gonna explain how the permission default used in many integrations can give advantages to the attackers mainly in Cloud such as AWS, OKTA, Azure AD among others explaining differences between Attack Vector vs Attack Path and what would be the shortest path used by the attacker that probably focuses to have the success!.

BlueTeam - Threat Hunting - Using a creative way to do a detection and efficiency tests in security

During this presentation we’ll show our tests performed in three different solution endpoint security (CrowdStrike,Sophos and Cybereason Solution), where we simulate targeted attacks using many strategies of attacks to obtain a panoramic view of the resilience presented by the solutions, with regard to the efficiency in its detection by signatures, NGAV and Machine Learning, running scripts, such as: Download many malwares within the victim machine, moving all those malware to other folder(expectation of detection without execution), and as well as, an idea in to download these artifacts directly on the victim’s machine using malwares from The Zoo Repository and furthermore, we’ll running scripts with PowerShell downloading daily malwares batches, provide by MalwareBazaar by request using API access. And the end of this presentation, the front responsible for the product will have an instrument capable of guiding a process of mitigation and / or correction, as well as optimized improvement, based on the criticality of risks.

Building your code safe applying DevSecOps Culture with OpenSource tools

Practical demonstration of how a Developer can use a SAST tool for static analysis in code vulnerability, executing it in source code, byte code and/or binary and identifying security holes during the development process, analyzing many languages and codes.
The ecosystem will have the opportunity to know about an open source tool that orchestrates other security tools and identifies security flaws or vulnerabilities in projects and put all results in a database for analysis and generation of metrics, working this analysis with select the languages ​​and/or tools to be used on the project based on the available stack.

I intend to cover during this talk:
-Presentation – 2min
-Differences between SDLC and SSDLC – 3min
-Differences between SAST, DAST, IAST, SCA, RASP, Container Scanning – 5 min
-How you can improve your Pipeline in a Secure way – 5 min
-What is Horusec (OpenSource) – 3min
-Installing Horusec – 3 min
-Run scanning in vulnerable code – 5 min
-Using Horusec in IDE – 5 min
-Using Horusec in your pipeline based on GitHub Actions – 7 min
Question

Articles published :
https://pentestmag.com/product/pentest-secure-development-lifecycle-and-pentesting/

Similar Presentations:
- https://www.youtube.com/watch?v=c74D17JsWTc
- https://www.youtube.com/watch?v=L_CYYeSTXbg

AWS Attack based on Misconfiguration

The Adversaries leverage the attack surface complexity to their advantage. They look for the shortest and easiest attack path to access high-value targets quickly before they are detected. It is a race of time between the attacker and the defender, during this talk, we gonna explain how the permission default used in many integrations can give advantages to the attackers mainly in Cloud, and how the attacker can use true permission, to escalate privilege in the cloud, explaining differences between Attack Vector vs Attack Path and what would be the shortest path used by the attacker that probably focuses to have the success!.

Keep your code safe during the development path using Opensource tools.

Practical demonstration of how a Developer can use a SAST tool for static analysis in code vulnerability, executing it in source code, byte code and/or binary and identifying security holes during the development process, analyzing many languages and codes.
The ecosystem will have the opportunity to know about an open source tool that orchestrates other security tools and identifies security flaws or vulnerabilities in projects and put all results in a database for analysis and generation of metrics, working this analysis with select the languages ​​and/or tools to be used on the project based on the available stack.

Effects Malware hunting in Cloud environment

During this presentation, I’ll demonstrate the risks that a PDF can bring to your Cloud environment if it’s exploited by malware, I’ll be explaining how each session works within a binary, and explain how cyber attackers are using different techniques, like packers, obfuscation with JavaScript (PDF), demonstrating how these malware works and where it would be possible to locate the malicious code.
At the end of this conversation, it will be clear to everyone how Dev/ Research should look better at their cloud environment, in addition to providing clear guidance on how people can seek more basic knowledge, with file structures, software architecture and language. schedule.

Dissecting and Comparing differents Binaries to Malware Analysis

Demonstrate differents kind of structures in the binaries as a PE (header and your sessions) , ELF (header and your sessions), PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaning too about some anti-desassembly techniques, demonstrating as a is the action of these malwares and where it would be possible to "include" a malicious code.
By the end of this "talk" it will be clear to everyone, differences in binaries structures, how can the researcher should conduct each of these kind of analyzes, besides of course, it should seek more basic knowledge, with file structures, software architecture and programming language.