A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


A New Take at Payload Generation: Empty-Nest - James Cook, Tom Steele Derbycon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

A New Take at Payload Generation: Empty-Nest
James Cook, Tom Steele
Derbycon 2017

As the evolution of endpoint, egress, and network security controls continues, adversaries and pentesters are finding it increasingly more difficult to execute malicious payloads within properly-hardened enterprise networks. Although tools currently exist to aid in circumventing these controls, the current state fails to properly account for some of newest techniques used by these controls. Enter Empty-Nest, a command-and-control (C2) toolset created with circumvention in mind. Empty-Nest was designed to provide a flexible payload-generation mechanism and pluggable interface to enable adversaries to easily customize payloads for targeted security control bypass. Our talk discusses the Empty-Nest toolset, demonstrating how to leverage the pluggable interface to create keyed payloads capable of bypassing new-age, cloud-based binary analysis, unloading endpoint software DLLs from running processes, customizing C2 transports, and more.

James Cook - James has over four years’ experience executing penetration tests for a variety of companies across several industries, including Medical, Retail and Financial. James has conducted security assessments that include components such as internal/perimeter network and application penetration testing, social engineering, wireless assessment and vulnerability assessments. James has contributed to the open source community including Metasploit, smbexec, and Veil. Tom Steele - Tom Steele, reigning from Idaho, harnesses his diverse professional software development background to build great tools for Optiv. It doesn't just stop with Optiv, though, Tom has contributed immensely to the open source development community by providing core packages, libraries, security assessment tools, and frameworks. Tom is also an accomplished presenter among a variety of security and development industry conferences such as BlackHat, DefCon, BSidesLV, Schmoocon, just to name a few. Further, he has provided training on a wide range of development and security topics covering offensive execution tactics, assessment tools, mitigation strategies and defensive measures. Tom is the creator and developer behind the LAIR Penetration Testing collaboration framework and is also the co-author to the upcoming No Starch Press book; BlackHat Go.

James Cook - @_jbcook, Tom Steele - @_tomsteele

Back to Derbycon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast