Russell Butturini

In recent years, defensive technologies have moved past the traditional filtering and anomaly detection at Layer 3 and 4, and deep packet and payload inspection have become more prevalent. As penetration testers, it's important to understand how to adapt exfiltration techniques to exploit the limitations next generation firewalls, application aware proxies, URL filters, and data loss prevention packages have. This talk will cover several techniques for building payloads to bypass all of these technologies, from basic file encoding to making and proxying outbound connections as legitimate applications. A completely revamped and extended version of Fireaway, a tool originally designed to bypass next generation firewalls, will be released as part of the talk as well.

Russell Butturini has been in IT and information security for the last 14 years and currently is a member of the penetration testing team at a "Big 5" health insurer. Every once in a while, struck by inspiration between watching horse racing and chasing his 8 year old daughter around, he cobbles together some cool Python code that people seem to like and presents it at various conferences such as DEFCON Derbycon, and various BSides. His tool, NoSQLMap, has been starred 405 times on Github (which is 404 times too many), and was also published in "The Hacker Playbook 2".

Back to BSides Nashville 2017 list