This year, the Predatech team jetted off to sunny Las Vegas to attend DEFCON 31. The event brought together cyber security professionals, hackers, researchers and enthusiasts to share knowledge and discuss cutting-edge developments. With so much to see in a long weekend the team was spoilt for choice with a range of talks, workshops and activities, each offering new insights and challenges. In this blog we’ll take a look at some of our highlights from the event.
The red-teaming-focused Metasploit demo lab presented the latest updates to the tool’s Active Directory exploits which grant the user additional flexibility when moving laterally through an organisation’s domain. Seeing the tool’s utility for Kerberos interactions made it an informative top-up for a tool that’s already key in a security professional’s arsenal.
The team at Nuclei were demonstrating how their community-driven scanning tool is being used to pick up zero-day vulnerabilities as soon as they appear. Using scanning ‘templates’, the open-source tool is able to identify security issues traditional scanners might miss and score the risk associated with the issue in a pragmatic way.
The ASF demo lab session showcased the tool’s ability to identify an organisation’s assets and find potential security issues, all in one place. It does this by acting as a wrapper around a curated list of popular open-source software such as Nmap, Sublist3r and Nuclei (again). The demo lab offered an insight into a free tool that organisations could use to potentially map out their external attack surface whilst cutting out much of the manual work.
There were a range of talks happening throughout DEFCON on everything from physical exploits to advanced cryptographical flaws. A couple of the major talks we attended focussed on defeating VPN always-on and using artificial intelligence in red teaming.
Defeating VPN Always-On was a major talk which explored flaws in always-on VPN set ups. These flaws could allow users to escape the forced VPN connection and connect to external unauthorised networks. It was an eye-opening reminder that we can’t be too complacent expecting that users or an attacker won’t be able to bypass the VPN security controls that have been put in place.
The Artificial Intelligence in Red Teaming workshop was a thought-provoking discussion around how artificial intelligence can now and in future be used to aid in red teaming activities. We explored how ChatGPT can be used to speed up common red teaming tasks and then we went deeper, looking into how OpenAI could be utilised to one day automate enumeration and identification of an organisation’s security issues.
AI Village GRT Challenge
We were incredibly fortunate to participate in the GRT challenge at the AI village which opened up generative AI chatbot software used by major players such as Google to be tested by the DEFCON community. Participants were tasked with identifying flaws in the software that could be used by malicious parties to cause harm to the platform or other users.
During our allotted time, we were able to submit a couple of vulnerabilities to the AI software vendors and gained valuable insights into how AI platforms try to combat misinformation.
Threat Modelling with OWASP Cornucopia
Threat modelling for applications may not be an activity you often associate with a card game and although I was sceptical at first, OWASP Cornucopia proved to be a practical (and fun) approach to identifying viable application threats. We competed in a team of ten, presenting cards with issues we believed could be the biggest potential threat based on an application diagram.
It was an engaging experience that provoked discussion around how the application could be vulnerable. We were fortunate enough to win the threat modelling game and walked away with our very own OWASP Cornucopia deck!
Predatech is a cyber security consultancy that offers a range of services including CREST accredited penetration testing and Cyber Essentials/Cyber Essentials Plus assessments. What makes us different? We combine expert cyber security with great customer service and value for money. If you’d like to better understand your security posture, and how to strengthen it from attacks, please contact us for a free consultation.