A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Designing & building a stealth C2 LDAP channel - Rindert Kramer Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Designing & building a stealth C2 LDAP channel
Rindert Kramer
Derbycon 2019

When organizations choose to isolate networks, they often choose to implement technologies like private VLANs, use separate hosts and hypervisors and maybe even separate physical locations in order to guarantee the isolation. But what if these separated environments share the same Active Directory environment? It's not hard to come up with ideas why this might seem like a good idea, however, it also provides an opportunity to exchange data over LDAP. After all, even in non-Windows environments LDAP is still used as a central node within the network. During this talk I will go into detail about the process of designing & building a stealth C2 LDAP channel, which makes communication between different strictly firewalled network segments possible.

I started back in 2011 as a system administrator, but came to the conclusion that breaking infrastructures was more fun than actually maintaining it. Since breaking stuff is not particularly appreciated when you're a sysadmin, I joined Fox-IT to use my Windows and Active Directory background to break stuff, which resulted in tools such as Invoke-ACLPwn, Invoke-Credentialphisher and more.

@Nebukatnetsar

Back to Derbycon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast