A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


SharPersist: Windows Persistence Toolkit in C# - Brett Hawkins Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

SharPersist: Windows Persistence Toolkit in C#
Brett Hawkins
Derbycon 2019

PowerShell has been used by the offensive community for several years now. However, recent advances in the defensive security industry are causing offensive toolkits to migrate from PowerShell to reflective C# to evade modern security products. Some of these advancements include Script Block Logging, Antimalware Scripting Interface (AMSI) and the development of signatures for malicious PowerShell activity by third-party security vendors. Several public C# toolkits such as Seatbelt, SharpUp and SharpView have been released to assist with tasks in various phases of the attack lifecycle. One phase of the attack lifecycle that has been missing a C# toolkit is persistence. This talk will be on the public release of a Windows persistence toolkit written in C# called SharPersist.

Brett has worked in Information Security for several years working for multiple Fortune 500 companies across different industries. He has focused on both offensive and defensive disciplines and is currently a Red Team consultant at FireEye Mandiant. He holds several industry recognized certifications from SANS and Offensive Security and has spoken at several conferences including DerbyCon and BSides Cleveland. Brett?s extensive knowledge and experience in a breadth of different Information Security areas gives him a unique and well-rounded perspective.

@h4wkst3r

Back to Derbycon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast