A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Splinter the RAT Attack: Creating Custom RATs to Exploit the Network - Solomon Sonja (TakeDownCon Rocket City 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Splinter the RAT Attack: Creating Custom RATs to Exploit the Network - Solomon Sonja

By now, most people understand the overall concept of botnets and Remote Administration Tools (RAT). It is always rewarding to maintain access and establish unhindered command and control (C2) to your zombie machines throughout the penetration test for prolonged periods of time. As security professionals, many of us may turn to well-known and highly capable tools to backdoor systems and allow us unrestricted entry to the victim machines. Although this clearly has its advantages, a drawback to this approach is that the chances of detection increase with the popularity of well-known exploit tools. Sometimes the easiest way to evade detection, establish your C2, maintain persistence, exfiltrate data, and launch even greater exploits on the victim box is to first develop the RAT yourself and incorporate custom payloads as you progress through the attack. We show you exactly how to accomplish this! In this session, we will show how to create the dropper, implant bots, master controller, and launch new payloads on the victim box through the use of Splinter The RAT, an open-source red-team collaboration framework we developed and released to the community to show the ease at which RATs can be created to exploit computer systems. New demos are included in this presentation that incorporates additional tools through the RAT to enable greater attacks to be executed once we have access to the victim box. This session concludes with an appreciation that although necessary, network security still has its limitations. Vulnerabilities will almost always exist in any enterprise network. Sometimes the best way to discover the weaknesses and better defend these systems is to master the art of exploiting them.

Bio: Solomon Sonya (@Carpenter1010) is a passionate reverse engineer and software developer focusing on the analysis of malware, covert channels, steganography, and computer network exploitation. Solomon has devoted many hours in academia mentoring students and teaching Computer Science techniques. Regarding network security, Solomon brings experience as a previous director of Computer Intrusion Response. Solomon received his Undergraduate Degree in Computer Science, and Master’s degrees in Computer Science and Information System Engineering. Solomon’s current research areas include remote administration tools, command and control protocols, digital forensics, computer system exploitation, and network security distributed systems.

Back to TakeDownCon Rocket City 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast