Abdulrahman Nour

Senior Red Team Consultant at Google Cloud Security

Google

Speaker sessions

Shells Without Phish: AppSec Tactics and Zero-Day Discovery in Red Team Ops

Initial access isn’t just about phishing anymore. Modern breaches are increasingly rooted in the application layer, where logic flaws, design weaknesses, and overlooked attack surfaces can open paths to compromise.In this talk, we’ll dissect how AppSec-driven tactics can redefine red team operations. We’ll share our methodology for embedding vulnerability research into live engagements, blending code-level analysis, target hunting, and exploit chaining with traditional adversary tradecraft. This isn’t about dropping a pre-packaged exploit—it’s about building one mid-operation.Through case studies against high-profile global targets, we’ll show how this approach surfaced and chained zero-day vulnerabilities to breach external perimeters and operate effectively in mature environments. Whether you’re looking to sharpen your offensive capabilities or expand your initial access playbook, this session delivers hard-earned insights straight from the field.

12:30
Thu
04 Dec

Stage: Briefings 1

Sessions Type: Presentation

Command and Collusion: Flipping the C2 Model for No-Egress Environments

Modern red team operations rarely play out in friendly territory. The days of wide-open egress are fading, replaced by environments where defenders tighten every screw. Outbound traffic is inspected, filtered, and often blocked entirely. A shell on a public-facing server might feel like a win, but in many cases, it comes with no DNS, no HTTP, and no callbacks at all. In these conditions, the familiar C2 playbook runs out of pages, and operators are forced to adapt or stall.In this session, we will flip the C2 model on its head. You will see how to turn "dead-end" footholds into fully functional command channels without a single outbound packet, blending covert tasking into legitimate inbound web traffic. We will break down the design choices, the stealth advantages, and the pitfalls you will want to avoid, then share tooling to make it work with your own implants and frameworks.If you have ever been stuck behind a wall of egress controls, you will walk away with a new blueprint and a few tricks to make the unreachable reachable.