Videos

Published on February 25th, 2019 📆 | 2245 Views ⚑

0

Endpoint Security Got You Down? No PowerShell? No Problem.

iSpeech

For Penetration Testing, Threat Hunting, and Red Teaming: www.blackhillsinfosec.com
Presented by: Marcello Salvati

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? 

In this one-hour webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter). 

Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way! 

We also cover some basic .NET & C# concepts in order to understand why this is possible and all the hype surrounding offensive C# tradecraft. 

Additionally, we demo SILENTTRINITY, a post-exploitation tool we have developed that attempts to weaponize the BYOI concept *AND* drop a pretty huge update for it live during the webcast!

This webcast was recorded on 2/14/2019 with our very own Marcello Salvati.

P.S — You can get SILENTTRINITY here:
https://github.com/byt3bl33d3r/SILENTTRINITY

Also, you can now register for our Cyber Deception class at Black Hat 2019 here: https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124

source

Tagged with: .net • BHIS • Black Hills Information Security • Bring Your Own Interpreter • BYOI • C# • derbycon • EDR • endpoint • endpoint security • Ethical Hacking • hackers • hacking • information security • infosec • irongeek • John Strand • Marcello Salvati • metasploit • offensive security • Pen Test • Penetration Testing • powershell • problem • red team • security • Security Weekly • silenttrinity • Tooks • Windows Defender