November to Remember

Today is a day we remember those who gave their lives in the first world war. As we remember their sacrifice, we must also remember that we have a meeting and workshop this week. Please scroll down to the next post for details on the workshop as this post will cover the meeting details.

Our rough agenda is as follows:
19:00 – Announcements with Louai
19:05 – News Roundup with Nick and Adam
19:25 – Rick’s Random Repo Rundown
19:35 – Feature Story with Adam and Louai
19:55 – Guest Speakers Tas and Avneet on LOLBAS
20:25 – Wrap up and refreshments (across the street at the pub)

We have ISSessions on Friday (as well as a workshop this coming Wednesday!). We’ll be doing our usual script followed by a feature story with Adam and Louai and a sweet presentation on LOLBAS by our guest speakers Tas and Avneet!

As attackers, you know it’s hard to bring all the scripts and tools from the outside to the victim network. Modern networks often protected with numbers of (working) security solutions. IDS/IPS, 24/7 Security Analysts, and Advanced Endpoint Protection are some of the example. One of the solutions for this particular problem is to use what is already there, LOLBAS!

LOLBAS or Living Off the Land Binaries And Scripts is numbers of Windows binaries and scripts that can be leveraged by adversary and red team to perform certain tasks, for example code execution or downloading files. These LOLBAS are signed by Microsoft and often whitelisted! This talks will cover LOLBAS in general and we will also try to create a full chain of attack using mostly LOLBAS!

Avneet and Tas are Threat Hunters for Bell Canada Security Operation Center (SOC). They are both located in Mississauga. Their daily tasks, which is hunting, involved researching the use of offensive tools, trying it against on their network while also creating documentations and detections for it. Their team also often involved in major incident response operation and providing training for other team within SOC. Besides their daily job, Avneet and Tas both have strong interest in Malware Analysis and CTF. Tas is also alumni of Sheridan College ISS program graduated in 2018.

We hope to see you all there.