S2E09: DerbyCon Edition with Dave Kennedy

State of the Hack - A podcast by Mandiant

Podcast artwork

Categories:

Christopher Glyer and Nick Carr interview Dave Kennedy (@HackingDave) on his experience running DerbyCon over the years, what conferences he plans to attend next, and future plans to build and support DerbyCon Communities (DerbyCom). Red teaming in the last few years has started to get harder due to improvements in security visibility, improved security tools, and better SOC teams. They discussed how Dave's red team's @TrustedSec use security tools to baseline what their activity looks like so they can try and blend in with legitimate activity. The trend of red teams shifting away from PowerShell to C-based tools/backdoors. Finally, they discussed both new and old (but still effective) techniques recently seen in the wild that can evade detection including using py2exe and pyinstaller based backdoors/tools.