x33fcon 2024 - Summary

Dates: 2024-06-13 - 2024-06-14

Location: Pomeranian Science and Technology Park

https://www.x33fcon.com

"EntraID guests are assumed to have restricted access and deny-by-default.. this assumption is dangerously wrong. We will show how guests can gain unauthorized access to sensitive data including SQL servers and Azure resources, set up internal phishing apps and deploy persistent backdoors."

"Join Melvin and Oddvar, as they showcase some of their "Oh no, did I really just do that?" moments during Red Team Ops inside of fortune 500 companies. A technical insight into the process of recovery and research that leads to new TTPs, mission advancements and goal domination!"

"This is not "yet another payload obfuscation" talk but the story of how we found an intriguing way to hide stageless payloads and eventually evaded some sophisticated EDRs we faced. We'll cover some topics like x86-64 ASM (superficially), PECOFF, binary Shannon entropy and bin-rev. Also, live-demos!"

"This talk will focus on new research related to abusing page guard permissions to hide data and avoid named pipes on windows. It will include how to build a modular approach for windows c2, and how the demonstrated technique provides a unique way to modularize c2 functionality."

"NTLM relay continues to be one of the most popular and effective attack primitives. Together, we will step through a unique technique to hijack port 445 with minimal OPSEC risks, explore associated Windows drivers, and automate abuse with a tool release. Come enhance your NTLM relay capability!"