EPISODE · Mar 6, 2019 · 54 MIN
BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem.
from Talkin' Bout [Infosec] News · host Black Hills Information Security
Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour podcast, originally recorded as a live webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter). Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way! We also cover some basic .NET & C# concepts in order to understand why this is possible and all the hype surrounding offensive C# tradecraft. Additionally, we demo SILENTTRINITY, a post-exploitation tool we have developed that attempts to weaponize the BYOI concept *AND* dropped a pretty huge update for it live during the webcast! This podcast was originally recorded on 2/14/2019 as a live webcast with our very own Marcello Salvati. P.S — You can get SILENTTRINITY here: https://github.com/byt3bl33d3r/SILENTTRINITY Also, you can now register for our Cyber Deception class at Black Hat 2019 here: https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124
What this episode covers
Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour podcast, originally recorded as a live webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter). Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way! We also cover some basic .NET & C# concepts in order to understand why this is possible and all the hype surrounding offensive C# tradecraft. Additionally, we demo SILENTTRINITY, a post-exploitation tool we have developed that attempts to weaponize the BYOI concept *AND* dropped a pretty huge update for it live during the webcast! This podcast was originally recorded on 2/14/2019 as a live webcast with our very own Marcello Salvati. P.S — You can get SILENTTRINITY here: https://github.com/byt3bl33d3r/SILENTTRINITY (https://github.com/byt3bl33d3r/SILENTTRINITY) Also, you can now register for our Cyber Deception class at Black Hat 2019 here: https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124 (https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124)
NOW PLAYING
BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem.
No transcript for this episode yet
Similar Episodes
Sep 18, 2020 ·119m
Sep 4, 2020 ·99m
May 29, 2020 ·90m
May 26, 2020 ·94m