TWiET #72 – A Firewall Admin’s Worst NightmareDecember 26, 2013
And, last week, I was on This Week in Enterprise Tech, a second time, to pre-record episode 72, their Christmas special. This time, we went through covert communication and how a low and slow attacker would keep and use a beachhead in a compromised network.
But first, a story:
I usually go on the show with two laptops. One for screensharing and another for Skype video. I wasn’t able to do so this time and we had to get creative. This led to some troubleshooting during the live recording of the episode. The folks on the irc.twit.tv/twitlive chatroom were very gracious and good spirited as we worked through these things. The in-between time of the episode allowed for some fun banter, so it wasn’t all bad. I watched the episode in its edited form and I’m pleasantly surprised. I think it came out really well.
Here’s the episode:
In the video, I use Cobalt Strike’s Beacon to demonstrate this beachhead. To dig more into Beacon, here are the blog posts on this topic:
- Beacon – An Operator’s Guide
- That’ll never work – We don’t allow Port 53 out
- Hacking through a Straw (Pivoting over DNS)
- Stealthy Peer-to-peer C&C over Named Pipes
Once again, I hope you enjoy the trip down into the offensive rabbit hole.