Using Blue Team Techniques in Red Team Ops

Explore advanced red team operations techniques in this conference talk from BruCON Security Conference. Discover how to leverage blue team methodologies to enhance multi-month, multi-C2teamserver, and multi-scenario engagements. Learn to manage complex infrastructures, track blue team analyses, and dynamically adjust your approach to outsmart defenders. Gain insights into centralizing operational information using ELK stack for intelligent querying and improved post-engagement feedback. Delve into novel detection methods for blue team investigations and explore reactive strategies, including honeypot creation. Cover topics such as dynamic redirectors, domain fronting, decoy websites, and html-smuggling while balancing red team objectives with evolving blue team maturity.

Intro
Red teaming vs other security services
Balance between blue and red teams
Red team infrastructure
Red team operations
CobolStrike lock setup
Beacon transcripts
Blingbling
ELQ
Silence Lady
Blue Eyes
Blue Team Mistakes
RedFoul
RedDummy
Improving red teaming