A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


DanderSpritz: How the Equation Group's 2013 tools pwn in 2017 - Francisco Donoso Derbycon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

DanderSpritz: How the Equation Group's 2013 tools pwn in 2017
Francisco Donoso
Derbycon 2017

Everyone has focused on the Equation Group's "weapons grade" exploits but no one has focused on their extremely effective post exploitation capabilities. In this talk I will cover the tools, methods, and capabilities built into the DanderSpritz post exploitation framework. We will review how the Equation Group gained and maintained persistence, bypassed auditing and AV, scan, sampled, subdued, and successfully dominated an entire organization ninja-style. We'll dig into the technical details of how the framework gains persistence, performs key logging, captures traffic and screenshots, steals credentials, gathers target information, owns AV and WSUS servers, exfiltrates secrets, and causes general mayhem.

Francisco has knee-deep in many facets of security. From Network Security Analysis and Engineering, to security consulting for some of the world's most valuable companies, bringing along a marriage of DevOps and Security along the way. Francisco is now focused on leading a team developing Managed Security Services at a Swiss based security organization.

@Francisckrs

Back to Derbycon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast