Racketeer - Prototyping Ransomware Operations - Dimitry Snezhkov - Ekoparty 2021 - Red Zone Space

Explore a comprehensive conference talk on prototyping ransomware operations using Racketeer, an offensive agent and C2 base designed for red and purple teams. Dive into the design considerations and implementation of a controlled ransomware implant that emulates threat actor tactics. Learn about flexible ways to prototype remote ransomware campaign components, including key and data management, and communication techniques. Discover practical safeguards for lights-out operations, strict data control, target containment policies, and operational security measures. Gain insights into disrupting ransomware, simulation techniques, agent presence and communication, and defensive strategies. Presented by Dimitry Snezhkov, an Associate Director specializing in adversarial simulation and offensive security testing, this 46-minute talk from Ekoparty 2021's Red Zone Space offers valuable knowledge for cybersecurity professionals seeking to enhance their understanding of ransomware operations and defense.

Introduction
Ransomware business case
How to disrupt ransomware
Simulation and feedback
Agent presence
Agent communication
Agent comms
Ransomware Toolkit
Implementation
Configuration
Racketeer Overview
Policies
Starting the server
Policy exec
Encryption
Deep dive into policy
Defensive summary
Outro