Mohsan Farid
[Ledger Ops ]
Mohsan has ran the gamut in the security space: from penetration testing for Rapid7 as a consultant, penetration testing for numerous federal agencies, testing mobile applications for HP, and contributing exploits to the Metasploit framework.

Mohsan has supported countless cyber security initiatives for Fortune 500 companies in addition to U.S. based law enforcement, government, military, and intelligence organizations.

When Mohsan isn't breaking things, he likes to travel the globe in search of incredible surf, scuba diving, rock climbing, hiking, and is an avid yogi and last but not least mentor/train aspiring penetration testers.

From The Cloud To The Ground

Technical Level (3 being the highest score): 2

When we decided to combine forces and simulate a total take over of a modern organization, we never expected to find what we did.

Starting researching the modern DevOps landscape, Dani ended up abusing serverless functions, Service Meshes, Service Discovery, and discovering new attack vectors such as SMesh poisoning which proved to have devastating consequences.

It started as simple MITM attacks by impersonating services on a service mesh, to data tampering, novel persistence techniques, attacking the CI/CD process for supply chain type attacks, and various privilege escalation techniques.

Finally, Dani will demonstrate a weaponization of a new RCE for taking over a machine running a DB service on the cloud which is a key service with connection to most services so lateral movement is a breeze.

Mo takes the baton from Dani after taking over the important parts of the cloud environment and leveraging the ADFS server as a strategic pivot point gaining access to the wire.

Pivoting from the Cloud into the organization's Internal network all without social engineering, started a skydiving adventure from the cloud to the ground, landing in the organization’s on-premise environment and creating a sophisticated kill chain using AMSI bypasses, undetectable C2’s, undetectable .NET payloads, bypassing relay mitigations and many more techniques discovered in the past year.

All in the path of glory to take over the Cloud, the Ground(Domain Controller), and your prized assets.

Secure your place now!