F-Secure Consulting Event

F-Secure Labs presents: Meet the Reds

Postponed - stay tuned for more details

Register your interest to receive updates

Please note that this online event has been postponed. If you have already registered, we will keep you updated. If you would like to attend on the rescheduled date, please fill out the registration form and we'll keep you posted.

Improve your technical capabilities with tooling from the F-Secure Labs team. Designed for red and blue teams, this session contains explainers and demos to transform the way you work.

This session will cover three toolsets: 

  • C3  - Utilising this tool will help you realistically emulate and simulate an adaptive real-world attacker
  • Physmem2Profit – You’ll learn a new approach to credential theft, mitigations and the areas to focus your detection capabilities 
  • Jamf attack toolkit – Understand an attacker's perspective on the security implications behind Jamf adoption and how you can identify these attack paths in your own organization.

On the agenda:

16:00 - 16:30

C3, with Tim Carrington & Janusz Szmigielski
labs.f-secure.com/tools/c3/

C3 enables red teams to rapidly develop and utilize esoteric command and control channels (C2).  Red teams get to focus on the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest. They can operate in critical client environments at a professional level of stability and security, without sacrificing the safe experimentation with, and rapid deployment of, customized Tactics, Techniques and Procedures (TTPs). As a result, red teams can realistically emulate and simulate an adaptive real-world attacker.

What you’ll learn: 

  • Why do we need another C2 framework?
  • How to do more with C3 using its latest features
  • How to generate, send, and execute a spearphishing attack with C3—including a live demo
  • How the framework adds value in targeted attack simulations (TAS) and CBEST projects 
16:30 - 17:00

Physmem2profit, with Timo Hirvonen
labs.f-secure.com/blog/rethinking-credential-theft

Many defensive security solutions focus on lateral movement. Physmem2profit was born from research into credential theft—the process of using privileged access to access an operating system and extract credential material, and an important aspect of lateral movement.

Timo’s research proposed an alternative approach to credential theft by creating a modular framework, extendable to support other drivers that can access physical memory. Rather than a silver bullet that magically bypasses all EDR software, this tooling was created to help security teams rethink credential theft.

What you’ll learn: 

  • A new approach to credential theft: stealing credentials from physical memory
  • How to steal credentials with Physmem2profit without alerting the EDR—including a live demo
  • How to bypass Credential Guard by exploiting a firmware vulnerability
  • Mitigations and the areas to focus your detection activities
17:00 - 17:30

Jamf attack toolkit, with Calum Hall and Luke Roberts
labs.f-secure.com/blog/jamfing-for-joy-attacking-macos-in-enterprise/

More organizations are using Apple products. This means the same device management challenges faced 20 years ago with Windows and Active Directory (AD) are now being faced with macOS. Jamf is one of the third-party device management solutions filling the gap.

Following their presentation at Objective By the Sea, Calum and Luke released an article on the simulated attacks they’d performed against organizations that utilize Jamf to manage their macOS estates. They also introduced the Jamf attack toolkit—a series of open-source tools developed to facilitate the attacks performed. 

This talk will give an attacker's perspective on the security implications behind Jamf adoption in your hybrid Windows and macOS estate. 

What you’ll learn:

  • Lessons from from Calum and Luke’s experiences attacking Jamf-managed macOS estates, ranging from undisclosed attack vectors through to common misconfigurations consistently observed in the world of AD
  • All about our bespoke Jamf exploitation tooling
  • How these attack paths can be identified in your own organization

Keep me posted! Register my interest for Meet the Reds

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Can't attend? Subscribe to our latest insights and upcoming events in your country.

WITH GREAT RESEARCH COMES GREAT RESPONSIBILITY

F-Secure Labs is our dedicated research and development platform where we dissect industry news and trends, publish research and advisories, and share our tools with the security community.

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs