Managing Security Consultant, The Missing Link (Australia)
Fatih Ozavci is a multidisciplinary security manager, engineer and researcher with two decades of experience on offensive and defensive security technologies. He has managed several international security assessment and research projects focused on various technologies including service provider networks, unified communications, application security and embedded systems. He shared his researches, tools, advisories and vulnerabilities in major security conferences such as Black Hat USA, DEF CON and HITB. Nowadays, he combines his skillsets to perform realistic adversary simulations and defence exercises for larger organisations. Fatih is also studying Master of Cyber Security (Advanced Tradecraft) at University of New South Wales at Australian Defence Force Academy.
Threat actors build their tradecraft for each campaign, they need to select the right tactics, techniques. Most of the time they use open source or commercial, but publicly available tools. They even re-purpose or pack existing malware acquired from other threat actors. The reason behind of this decision is tool development takes time, and if the known/current tools already work well, they don’t need upgrades either. However, the adversary simulation specialists need to operate in safer environments, therefore, they’re not allowed to use malicious tradecraft or unknown tools in general. Tradecraft development is an essential skills for an adversary simulation specialist as it needs custom C2 protocols, implants, safer but realistic Mitre Att&ck TTPs, and finally cutting-edge evasions for the modern security controls including EDRs and Cyber Analytics. In this workshop, we’ll walk through reasons and ways of Tradecraft development, talk about where to start, and to go, finding example source codes, walking through the source code of existing C2s, implants, and draft tools. We’ll also discuss about weaponization techniques such as offensive pipelines, modern evasions techniques and tool integrations. Duringthe exercises, we’ll prefer C# for programming, but you can replicate what you learn in various languages after this workshop (e.g. Python, Go, Rust). During the workshop, the participants will be able to develop their own implants, C2s, evasions and more using examples and active tools such as Petaq Purple Team C2 and Malware, TA505+ Adversary Simulation Pack and Tehsat Malware Traffic Generator
