A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Skynet Will Use PsExec: When SysInternals Go Bad - Matt Bromiley & Brian Marks NolaCon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Skynet Will Use PsExec: When SysInternals Go Bad
Matt Bromiley & Brian Marks
@mbromileyDFIR, @brianDFIR

The Sysinternals Suite: A set of legitimate tools designed to make system administrator?s lives easier. However, often times system administrators are not alone: Attackers really love these tools too! This presentation will take a hard look at how attackers, both legal and not, are bending the Sysinternals suite to their will. Without needing any 0-days, custom malware, or advanced knowledge of network topology, attackers are moving through compromised networks with skill and ease. We?re going to expose how attackers are utilizing these tools, and common flaws that we see within many networks. We won?t name names, but it might get embarrassing! We?ll look at how the red team can use these tools to blend in too. We?re also going to discuss common forensic artifacts these tools leave behind, and how our blue teamers can up their game and make sure that the lowest hanging fruit isn?t the most ignored fruit. While this knowledge may seem trivial to seem, we are still seeing advanced attackers using these tools on a daily basis. The goal of this presentation is to help the red team find some new tools, and help the blue team defend a bit better against these commonly-abused tools.

Matt, from Dallas, and Brian, from Chicago, are incident response consultants who both work for reputable consultant firms. They both thrive on chasing bad guys on a daily basis. Matt and Brian have spent time developing ways to perform digital forensics faster, including building out automated scripts and rapid forensic analysis platforms.

Recorded at NolaCon 2017

Back to NolaCon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast