| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Red teams are always looking for new ways to persist on hosts that could potentially take several days to compromise. The necessity for reliable, stealthy persistence is highlighted when the compromised target is the initial foothold into the internal target network. Common methods and tools used to persist on compromised hosts will be briefly covered before diving into developing custom software operating at the user and kernel level. A couple of opensource projects, and their APIs, will be introduced that make it possible to interact with kernel level drivers from user-mode programs. Both, Python and C APIs are available, allowing for Python prototyping before moving to C, a compiled language. This is great for testing and researching new features, as design flaws can be worked through quicker. Lastly, a demonstration will be given of evading event logs, subverting host firewall configurations, hiding active C2 network connections from the OS, spawning arbitrary sessions (PowerShell Empire, Metasploit, etc.), and harvesting credentials from network traffic. R.J. McDown (BeetleChunks) is a security researcher, penetration tester, and red teamer with experience assessing numerous Fortune 500 companies. In his spare time, he works on developing and researching new tools and techniques to be used on client assessments and IOCs associated with them.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast