Endpoint Security Got You Down? No PowerShell? No Problem.
4.6 هزار بار بازدید -
6 سال پیش
-
Join us in the Black
Join us in the Black Hills InfoSec Discord server here: Discord: discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com/
00:00 - Introduction, what is a .NET assembly, and .NET languages
06:13 - Assembly, Load, and Embedding Interpreters/Engines
14:16 - Embedding IronPython, ILMerge, natively embedding on a Windows machine and dynamically resolving assemblies
24:31 - BYOI Payloads vs. Traditional Payloads
29:56 - SilentTrinity, updates, Boolang support
34:21- SilentTrinity demonstration
47:38 - SilentTrinity Detection and future work plans for SilentTrinity
53:20 - Q&A
Description: Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter).
Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way!
We also cover some basic .NET & C# concepts in order to understand why this is possible and all the hype surrounding offensive C# tradecraft. Additionally, we demo SILENTTRINITY, a post-exploitation tool we have developed that attempts to weaponize the BYOI concept AND drop a pretty huge update for it live during the webcast!
P.S — You can get SILENTTRINITY here:
https://github.com/byt3bl33d3r/SILENT...
Download slides: https://www.activecountermeasures.com...
Black Hills Infosec Socials
Twitter: Twitter: BHinfoSecurity
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn: LinkedIn: antisyphon-training
Discord: Discord: discord
Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: wildwesthackinfest
Active Countermeasures YouTube: activecountermeasures
Antisyphon Training YouTube: antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/
#bhis #infosec
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com/
00:00 - Introduction, what is a .NET assembly, and .NET languages
06:13 - Assembly, Load, and Embedding Interpreters/Engines
14:16 - Embedding IronPython, ILMerge, natively embedding on a Windows machine and dynamically resolving assemblies
24:31 - BYOI Payloads vs. Traditional Payloads
29:56 - SilentTrinity, updates, Boolang support
34:21- SilentTrinity demonstration
47:38 - SilentTrinity Detection and future work plans for SilentTrinity
53:20 - Q&A
Description: Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter).
Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way!
We also cover some basic .NET & C# concepts in order to understand why this is possible and all the hype surrounding offensive C# tradecraft. Additionally, we demo SILENTTRINITY, a post-exploitation tool we have developed that attempts to weaponize the BYOI concept AND drop a pretty huge update for it live during the webcast!
P.S — You can get SILENTTRINITY here:
https://github.com/byt3bl33d3r/SILENT...
Download slides: https://www.activecountermeasures.com...
Black Hills Infosec Socials
Twitter: Twitter: BHinfoSecurity
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn: LinkedIn: antisyphon-training
Discord: Discord: discord
Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: wildwesthackinfest
Active Countermeasures YouTube: activecountermeasures
Antisyphon Training YouTube: antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/
#bhis #infosec
6 سال پیش
در تاریخ 1397/12/06 منتشر شده
است.
4,697
بـار بازدید شده