Yossi Sassi

Speaker

Designation :

Hacker, Infosec Researcher, 10root


Talk Title :

(In)Secure Remote Operations: What Sucks, Rocks, And A Super-CLI


Abstract :

Every admin tool is an attack tool, yet there are no good or bad shells - that part is up to you. Coming from dozens of engagements consulting various role-based remote operations architectures & Red Team assessments for organizations in 4 continents, with a fresh research hijacking full tokens from network logon-type sessions - we’ll dive into a technical, hands-on set of examples for both Offensive and Defensive teams, of what SUCKS and what ROCKS on the Windows ‘Living off the land’ remote admin operations, Protocols, and APIs. We'll talk about the Pros and Cons of jump server architectures, as well as role-based shells, limiting PowerShell in creative ways. We'll also introduce fresh research to achieve Full Token hijack from network logon-type sessions, without any hash and/or TGT!

Bio :

Seasoned InfoSec researcher & hacker. Sassi has accumulated extensive experience in information security for ~30 years, in Red-Blue team assessments, conducting DF/IR investigations, and more, including Fortune100 accounts. Advisory board member of Javelin Networks (acquired by Symantec in 2018). Worked for Microsoft for 8 years as Technology Group Manager and coded support tools for Windows Server. Sassi spoke at TED and TEDx events and was awarded 4 Peace and friendship awards. Sassi speaks regularly at various security conferences worldwide.

Want to connect with Yossi Sassi?