Exfiltrate and Command Network Nodes Like a Ghost! – Momen Eldawakhly

Presented by: Momen Eldawakhly

When we consider modern threats (detected or known), we can clearly see that they are constantly hiding themselves and their activities in places, and security analysts and security appliances can remain in place for years monitoring networks, believing that no threats are actively present, only to discover that they have been compromised.

Our role as “red teamers” is to try developing techniques that simulate these activities and to improve organisational security by training defensive security teams to check for every single bit (not literally) of data and also anticipate the locations from which attackers may conduct their operations. The technique discussed in this research only shows the basic mindset that can be developed further with each engagement. This technique the TCP flags to convert commands and data into flags-like data type after rotating it without causing noise in the network!

Momen Eldawakhly, also known as CyberGuy, is a senior penetration tester at Samurai Digital Security Ltd and red team engineer with a strong track record in security research and red teaming. He has been recognized by major companies such as Google, Yahoo, Microsoft, Yandex, Redhat, AT&T, Oneplus, SecureBug, Starbucks, Comcast, the United Nations, IBM, Nokia, and Sony for discovering critical and high severity vulnerabilities in their assets. Momen is also dedicated to sharing his knowledge with the cybersecurity community, and has given talks and sessions at various conferences and events. Honors: Some of Momen’s notable honors include being featured in conferences such as Black Hat, The Hack Summit, Wild West Hackin’ Fest, IEEE, Hacken, and GDSC. He has also discovered several zero days during his offensive security research, as listed in the publications section of his profile. Certifications: LPT [Master], CPENT ,OSWP, CRTO, CRTP ,eWAPTXv2.