BSides PDX 2023 – Purple-teaming outbound HTTPS (Anon Hacker)

Red teams: want to exfiltrate sensitive data from outbound HTTPS traffic on that juicy Linux host you just compromised? Blue teams: want to detect the various ways bad actors can intercept outbound HTTPS? This talk is for you! We’ll walk through a number of scenarios discussing trade-offs in steal and complexity. Watch a quick PoC live, and dig into the internals of the solutions offline.

Evading detection in Linux has a special place in my heart. There’s nothing quite as exciting as popping a shell on a host and seeing what you can do with it. Add intercepting outbound HTTPS to your arsenal!
—
BSides Portland is a tax-exempt charitable 501(c)(3) organization founded with the mission to cultivate the Pacific Northwest information security and hacking community by creating local inclusive opportunities for learning, networking, collaboration, and teaching.

bsidespdx.org