Joel Gámez Molina Relatore

System administrator with over ten years of experience, he currently works as a Senior Red Team Cybersecurity Expert, where he has been developing adversary simulation exercises (Red Team Operations) for the past 5 years. Previously, he was the Chief Technology Officer (CTO) of the startup Cyberguard. He also teaches courses and masters in ethical hacking, pentesting and PowerShell for high-level organizations and universities, such as the Polytechnic University of Catalonia (UPC). Creator of the blog and speaker at renowned national and international conferences, such as: EkoParty, Hack-én, h-c0n, Black Hat USA/EU, EuskalHack, DeepSec, DEF CON, Navaja Negra, RootedCON or UAD360, among many others. Programmer of hacking tools in his spare time, he has developed tools of all kinds, such as: AutoRDPwn, Cloudtopolis, EvilnoVNC, Invoke-DNSteal, Kitsune, PyShell, PSRansom or Thunderstorm, to name a few.
  • Kitsune: One C2 to control them all One of the most important tools used in audits and Red Team campaigns are those we call "Command and Control". There are currently hundreds of them. Public, private, free or paid. Some are as famous as Cobalt Strike, while others are only known by their own creators. The main problem with these tools is the lack of compatibility between them. Despite sharing many common elements, such as communication protocols or deployment and execution methods. After working on different tools that aim to unify the chaotic world of shells and webshells, this ambitious project was born from the same need and aims to streamline and improve the work of pentesters, grouping different tools and techniques in a single graphical interface. In addition, Kitsune is capable of incorporating new functions to already known tools. Some of them have not even been seen before in other C2s. If you've ever had too many terminals open, forgotten where a remote shell was, or missed a GUI for your favorite tool, this talk is for you. - 12:15/13:00, 08 Jun 2024