Pentesting labs tend to have isolated boxes representing specific vulnerabilities. This doesn’t do a great job of mimicking real world networks which have active users and network activity. We created a tool set to introduce simulated users to a lab environment which enables us to accurately model real world corporate networks and allows for additional attack vectors to be explored in a safe setting. During this talk we’ll go over the major functions of the tool and showcase its capabilities with a live demonstration.
@swizzlez_ Chris is an experienced penetration tester and red teamer who's led a diverse range of red team assessments: from internal networks, to spear-phishing exercises, to web and mobile applications. These assessments have given him exposure in a breadth of industries (pharma, finance, healthcare, technology, etc.) through which he's developed a unique perspective of the current information security landscape. His areas of interest include exploit development, offensive security training and education, and automation and tool development.
@peewpw Barrett is also a red teamer and security professional with experience performing a variety of red team assessments. His focus has been on assessing externally facing networks, where he has developed a number of useful automation scripts to search for, consolidate, and organize a company's internet presence. More recently, he has created red team tools such as Invoke-PSImage for stealthy payload delivery and Invoke-WCMDump for dumping Credential Manager passwords.