Honey I Stole Your C2 Server - A Dive into Attacker Infrastructure

Dive into a 31-minute conference talk exploring attacker infrastructure and investigative techniques. Learn about typical Mandiant investigations, unusual service installations, Metasploit indicators, and initial attack vectors. Discover insights on command and control, encoding methods, and free domain tools. Explore Windows Server and Linux environments, including ISO and VM setups. Gain knowledge about PostgreSQL databases, including password changes, MSF console usage, and bypassing Metasploit. Examine medical credentials, postcrash tables, and database drops. Analyze Postgres sequels, parsers, and headers to gain valuable attacker insights. Conclude with a Q&A session to deepen understanding of cybersecurity investigation methods.

Intro
Who am I
Honey I Stole
Typical Mandiant investigation
We say goodbye
Weird service installs
Metasploit indicators
Metasploit investigation
Initial attack vector
Command and control
Encoding
Free Domain Tools
Windows Server
Linux ISO
Linux VM
PostgreSQL
VMDK
Change password
MSF console
Bypass metasploit
Medical credentials
Postcrash tables
Previous database drops
Postgres sequel
Postgres parser
Postgres header
Rows
Parser
Attacker Insights
Any questions