Red Ops: Scaling & Automating Your Pwnage

BSidesROC 2016

Presented by: Bryan Harmat, Jared Stroud
Date: Saturday April 23, 2016
Time: 10:00 - 10:50
Location: Track 1

The term “DevOps” has tunneled into every organization that is managing infrastructure in some way shape or form. These utilities enable a Systems Engineer to quickly deploy servers, provision disks, as well as assist in software/configuration management. While these tools offer great assistance to the ever growing number of EC2 instances any given organization may be responsible for, the offensive capabilities of these utilities is often greatly ignored. RedOps: Scaling & Automating Your Pwnage analyzes how you can use these tools to effectively manage your footprint in an environment without bringing in bloated executables or shell scripts to maintain presence on a machine. Additionally, we will analyze the possibility of stumbling across these tools already deployed in an enterprise and what they mean for System Engineers and Penetration Testers.

Jared Stroud

SPARSA Graduate Student Advisors Bryan and Jared are two BS/MS students of the Computing Security Department at the Rochester Institute of Technology. During their academic careers they have engaged in several attack/defend competitions. These competitions have a red team (the attackers) actively seeking to exploit networks, and a blue team (the defenders) which actively defends their environment. This talk is discussing how they are using DevOps tools to effectively control hosts in order to maintain persistence on a network.

Bryan Harmat

SPARSA Graduate Student Advisors Bryan and Jared are two BS/MS students of the Computing Security Department at the Rochester Institute of Technology. During their academic careers they have engaged in several attack/defend competitions. These competitions have a red team (the attackers) actively seeking to exploit networks, and a blue team (the defenders) which actively defends their environment. This talk is discussing how they are using DevOps tools to effectively control hosts in order to maintain persistence on a network.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats