Robert Pimentel
Director, Offensive Security @ Humana, Inc. | Hacker Hermanos | Github: pr0b3r7
Actions
Robert is a seasoned offensive security professional with more than a decade of experience in Information Security.
He began his career in the U.S. Marine Corps, where he worked on secure telecommunications. Robert holds a master's degree in Cybersecurity, numerous IT certifications, and a background as an instructor at higher education institutions like the New Jersey Institute of Technology and American University.
Robert is committed to sharing his knowledge and experiences for the benefit of others. He enjoys Brazilian steakhouses and cuddling with his pugs while writing Infrastructure as Code to automate Red Team Infrastructure.
Robert is the Director of Offensive Security at Humana, Inc.
Links
Area of Expertise
Topics
Bridge to Nowhere Good: When Azure Relay becomes a Red Teamer's highway
We have exposed critical offensive capabilities in the `azbridge` tool, which has been available in Microsoft Azure's GitHub repository since 2018. This tool is a legitimate utility connecting network-isolated assets. Our research demonstrates how an attacker can weaponize this tool using its default configuration.
`azbridge` supports attackers in establishing covert C2 channels, exfiltrating data, and enabling lateral movement while evading scrutiny by perimeter defenses. It leverages back-end services that serve Azure Relay endpoints (`*.servicebus.windows.net`) and encapsulates malicious traffic in TLS-encrypted connections to `*.cloudapp.azure.com` endpoints, defeating egress filtering and proxy inspection.
We demonstrate how attackers can use it to maintain persistent network access, bypass network security controls, and conduct post-exploitation using Microsoft's tool. More sophisticated adversaries can re-implement the functionality of this tool in their tradecraft (e.g., implants). For our defensive side friends, we provide initial recommendations on recognizing these techniques to defend against adversaries exploiting legitimate infrastructure.
While not a 0-day, as of 03/14/2025, there are no reports of adversaries using `azbridge,` and no researchers have reported this tool’s potential for abuse. Therefore, we believe it is a novel use case or at least one that has not been publicly discussed.
New Skill Unlocked: C2 Infrastructure Automation
Join us for an immersive workshop that will revolutionize your approach to Command-and-Control (C2) infrastructure deployments. Whether you're a seasoned Red Team operator or just starting your offensive security journey, this workshop is designed to equip you with the tools and knowledge to create scalable, operationally secure C2 infrastructure using the power of automation.
In this hands-on session, we'll demystify the process of deploying and configuring C2 components, such as frameworks, redirectors, and associated compute infrastructure.
You'll learn how to leverage infrastructure as code principles to create consistent, reliable, and secure C2 deployments, all while minimizing the risk of human error.
We'll dive deep into the best practices for designing and implementing C2 infrastructure automation, with a strong emphasis on operational security from the ground up.
Our instructor will guide you through real-world examples and provide you with a solid foundation for building your own secure C2 deployments.
Whether you're looking to enhance your Red Team capabilities or simply want to streamline your offensive security workflows, this workshop is perfect for you.
Join us and unlock the ability to spend less time on 'Sysadmin' tasks and more time focusing on what matters most – attacking and improving your organization's security posture!
No prior experience with C2 infrastructure automation is required.
Our instructor will guide you every step of the way, ensuring that you leave the workshop with the confidence and skills to create secure, automated C2 deployments.
Don't miss this opportunity to take your offensive security skills to the next level. Register now and unlock the power of secure C2 infrastructure automation!
Command, Control, and memes: Cordyceps + ant = zombie
Command-and-Control (C2) channels enable remote control of devices compromised through various means. Some C2s use network protocols to relay messages from the compromised asset to the C2 server. While others blend in with commonly used applications and websites that are not malicious and have legitimate use cases in the target environment, making it even harder to detect (e.g. Discord to relay C2 traffic).
Deploying C2 requires knowledge to set up effectively. Components must be deployed and configured before a campaign can start and target assets are exploited to connect back to the C2 infrastructure to wait for commands and/or send gathered data.
It is not a secret that automation helps reduce the risk of human error on repetitive tasks, helps obtain consistent results and decreases the time necessary to perform a set of steps. It can also be applied to the deployment and configuration of C2 infrastructure components such as frameworks, redirectors, and associated compute infrastructure.
This talk intends to raise awareness on the functioning of what comprises a C2 deployment a Red Team can use during offensive cyber operations, how are its components deployed, configured, and secured as well as how this can all be performed in an automated manner. We’ll cover how an enterprise grade Red Team leverages Infrastructure as code with the goal of improving the security posture of the organization by spending less time doing ‘Sysadmin’ tasks and more time attacking!
MCTTP Munich Cyber Tactics, Techniques und Procedures 2025 Sessionize Event
Red Team Village at DEFCON 33 Sessionize Event
Red Team Village at DEFCON 32 Sessionize Event
CactusCon 12 Sessionize Event
Robert Pimentel
Director, Offensive Security @ Humana, Inc. | Hacker Hermanos | Github: pr0b3r7
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top