Offensive Security Engineer, Sygnia
Gil has over 5 years of experience in the Cyber Security industry, specializing in Red Team operations, phishing campaigns, and network infrastructure assessments. Gil has been involved in numerous security engagements with Fortune 100-500 client where he brought his extensive experience in the development and research domains to implement complex techniques and automate offensive security processes. Gil is a member of the Adversarial Research team, the offensive security team within Sygnia's Enterprise Security division.
Evolving endpoint protection software with enhanced detection capabilities and greater visibility coverage have been taking red team and purple team operation’s complexity to a higher level. The current situation forces adversaries to take precautions and invest much more time in the weaponization phase to overcome prevention and detection mechanisms. The community has adapted CI/CD pipelines to automate tasks related to offensive tools weaponization. Offensive CI/CD pipelines have been around for a couple of years, with the goal of helping red teams to automate offensive tools creation and evasion techniques implementation. As part of this evolution, we designed and built our own offensive CI/CD pipeline framework that is simple to use, modular, self-managed, automated, collaborative, and fast. Our framework leverages Infrastructure as Code (IaC) to fully automate the deployment of our offensive CI/CD pipeline framework with built in recipes for evading host and network detections. Each recipe is modular and can be customized to fit red team or purple team requirements, such as proprietary techniques or imitation of specific threat actor TTPs.The framework leverages Gitlab CI/CD in conjunction with Kubernetes cluster to automate and manage the process of building and deploying offensive tools at scale.
In this talk, we will discuss the essentials of offensive pipeline and present our innovative approach, while referring to the challenges we solved, and demonstrate how you can leverage our offensive CI/CD framework to empower red team and purple team operations.