New Red Team Networking Techniques for Initial Access and Evasion
Black Hat USA 2025 · Day 1 · Briefings
Su Hao Tung of Trend Micro demonstrates how attackers can exploit IP spoofing, stateless tunneling protocols (GRE, VXLAN), and misconfigured routing protocols (OSPF) to gain initial access to corporate intranets while creating deliberate breaks in the attack chain that defeat conventional incident response. By forging packet source addresses and hijacking unencrypted tunnels, red teamers can reach internal services without leaving a traceable lateral movement path — and, in the worst cases, compromise an entire Active Directory domain. ---
AI review
Su Hao Tung built a coherent chain from IP spoofing to GRE hijacking to VXLAN compromise to OSPF-mediated domain controller traffic redirection — and put real global scan numbers behind it: 900 exposed VXLAN endpoints, 4,000 internal IPs reachable from the public internet. The forensic anti-attribution angle using NAT abuse is underexplored and sharp. Solid first Black Hat outing.