Abstract
The talk revolves around one of the most extreme Red team exercises us hackers ever did wherein the target was a billion-dollar pharmaceutical company dealing in all sorts of modern medicine. We were mandated to showcase control of the CROWN JEWELs which included Scientific Data Management Systems (SDMS), Electronic Lab Notebooks (ELN), Chemical Management Systems + lab Sensors and SCADA systems that control Medicine Manufacturing & Inventory Management.
The tale starts with us wardriving around a massive campus spread across several square miles, to gain access to the intranet and ends with us having complete control over Drug Formulas.
We will provide in-depth visibility of the process we carried out to PT in a completely unknown battleground, containing applications a hacker hardly ever comes across. The live case studies and PoCs aim to provide the attendees with a perspective of pwning, escalating, pivoting and exfiltrating in unfamiliar network stacks all while staying covert.
Technically, we will cover the techniques we used for breaking out of DMZs, VLAN hopping, host exploitation, persistence and misconfigurations like RMI loopholes, Misconfigured IPTABLES, Forgotten staging environments, trial software installations, and many more interesting cases. All of these were then finally chained together to take over employee emails, domain forests and gain complete access to the Chemical Management Systems potentially allowing a hacker to alter drug formulas.
This will be followed by various underutilized DATA EXFILTRATION techniques to sneak past DLPs, firewalls, AVs and of course, we will conclude with PATCHES and recommendations.