A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Red Team Level over 9000! Fusing the powah of .NET with a scripting language of your choosing: introducing BYOI (Bring Your own Interpreter) payloads. - Marcello Salvati Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Red Team Level over 9000! Fusing the powah of .NET with a scripting language of your choosing: introducing BYOI (Bring Your own Interpreter) payloads.
Marcello Salvati
Derbycon 2019

With all of the defenses Microsoft has implemented in the PowerShell run-time over the past few years Red Teamers & APT groups have started too shy away from using PowerShell based payloads/delivery mechanisms and migrate over to C#. However, C# is a compiled language, operationally this has a few major downsides: we can?t be as ?flexible? as we could be with scripting languages, setting up a proper development environment has overhead, things need to be compiled etc... in this talk, I will be covering my approach to solving these operational problems by using some of the (possibly?) lesser known features of the .NET framework and introducing BYOI (Bring Your Own Interpreter) payloads which allow you to embed a scripting language of your choosing into any .NET language!

Marcello Salvati (@byt3bl33d3r) is a Security Analyst at BlackHills Information Security by day and by night a tool developer who discovered a novel technique to turn tea, sushi, alcohol and dank memes into somewhat functioning code. His passions include anything Active Directory related, trolling people on GitHub and developing open-source tools for the security community at large which he?s been doing for the past several years, some of his projects include SilentTrinity, CrackMapExec, DeathStar, RedBaron and many more.

@byt3bl33d3r

Back to Derbycon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast