$ cat /opt/redtunnel/tomerzait...$ cat /opt/redtunnel/tomerzait •principal security researcher at...
TRANSCRIPT
![Page 1: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/1.jpg)
![Page 2: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/2.jpg)
$ cat /opt/ReDTunnel/TomerZait
• Principal Security Researcher at F5 Networks
• Practical Software Engineer, OSCP, OSCE
• 8 Times Winner Of Israeli CTFs
• Open Source Developer: x64dbgpy, PyMultitor, ReDTunnel and more
• Twitter: @realgam3
• Linkedin: https://linkedin.com/in/realgam3
• Github: https://github.com/realgam3
![Page 3: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/3.jpg)
$ cat /opt/ReDTunnel/NimrodLevy
• CTO and Co-founder at Scorpiones
• Practical Software Engineer, OSCP, OSCE
• 5 Times Winner Of Israeli CTFs
• Open Source Developer: AutoBrowser, Subdomain-Analyzer, ReDTunnel and more
• Twitter: @El3ct71k
• Linkedin: https://www.linkedin.com/in/nimrodlevy
• Github: https://github.com/El3ct71k
![Page 4: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/4.jpg)
Architecture
![Page 5: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/5.jpg)
Source
![Page 6: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/6.jpg)
Functionality
• Get Internal IP
• Scan For Hosts
• Scan For Open HTTP Ports
• Bypass Browser Limitations
• Automate the DNS Rebinding Process
• Manage All Victims In Single Page
• Tunnel Through Victims To Their Internal Network
![Page 7: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/7.jpg)
ReDTunnel Setup
$ docker-compose up --build -d
Creating redtunnel_dns_1 ... done
Creating redtunnel_core_1 ... done
Creating redtunnel_database_1 ... done
![Page 8: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/8.jpg)
ReDTunnel Setup (Register Domain)
![Page 9: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/9.jpg)
ReDTunnel Setup (Set Name Server)
![Page 10: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/10.jpg)
ReDTunnel Setup (Set Glue Record)
![Page 11: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/11.jpg)
ReDTunnel Setup (Set Admin Credentials)
![Page 12: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/12.jpg)
Demo
![Page 13: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/13.jpg)
![Page 14: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/14.jpg)
Future Work
• Test Other Browsers (Tested On Chrome Only)
• Bypass More Browser Limitations (Like Basic Authentication PopUps)
• Faster Scan
• Eliminate Scan False Positives
• Improve Stability
• IPV6 supports
• TTL manipulation
• Threshold rebind(2 IPs from DNS response)
![Page 15: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/15.jpg)
Thanks
• Dima Belski (For The Awesome UI)
• Max Rynke aka muhaack (For The Perfect Logo)
![Page 16: $ cat /opt/ReDTunnel/TomerZait...$ cat /opt/ReDTunnel/TomerZait •Principal Security Researcher at F5 Networks •Practical Software Engineer, OSCP, OSCE •8 Times Winner Of Israeli](https://reader034.vdocuments.net/reader034/viewer/2022050412/5f88d04088a1094ffd4e83b3/html5/thumbnails/16.jpg)
Questions?