Weaponizing the Windows API with Metasploit's Railgun

Presented at DEF CON 20 (2012), July 29, 2012, 1 p.m. (50 minutes)

No part of the Metasploit Framework has been shrouded in more mystery and confusion than the Railgun extension. Railgun is one of the most powerful tools in the Metasploit arsenal when it comes to Post Exploitation. In this talk we will examine what Railgun is, and how we can use it to turn Windows completely against itself by weaponizing the Windows API libraries. We will demystify Railgun by explaining exactly how it works under the covers and how you can use it to create powerful post modules.

Presenters:

• David Maloney / thelightcosine - Software Engineer, Metasploit - Rapid7   as David "thelightcosine" Maloney
  David "thelightcosine" Maloney is a Software Engineer on the Metasploit Team at Rapid7. Before joining the team, he was a frequent contributor to the open source side of the project. As a contributor he specialized in Post Exploitation. Before Rapid7 he was a Penetration Tester, most recently for Time Warner Cable. David is also one of the founders of Hackerspace Charlotte in Charlotte, North Carolina. Twitter: @thelightcosine

Links:

• https://defcon.org/html/defcon-20/dc-20-speakers.html#Maloney
• https://infocon.org/cons/DEF CON/DEF CON 20/DEF CON 20 video and slides/DEF CON 20 - David Maloney - Weaponizing the Windows API with Metasploits Railgun - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=cZ-evXHTWIQ

Similar Presentations:

• DerbyCon 2.0 Reunion (2012) / Introduction to Metasploit Post Exploitation Modules
• DerbyCon 2.0 Reunion (2012) / Privilege Escalation with the Metasploit Framework
• DEF CON 17 (2009) / App Assessment the Metasploit Way