Offensive Forensics: CSI for the Bad Guy

Presented at DEF CON 21 (2013), Aug. 2, 2013, 1 p.m. (20 minutes).

As a pentester, when was the last time you 'recovered' deleted files from the MFT of a pwned box? Ever used an index.dat parser for identifying your next target? Do you download browser remnants of your victims to gather their saved form data?

Despite the sensitive information uncovered through forensic techniques, the usage of such concepts have primarily been limited to investigations and incident response. In this talk, we will cover the basics of "Offensive Forensics", what information to look for, how to find it, and the use of old tools in a new way. After looking at the post-exploitation potential, we'll dive into real-world examples and release the first ever "Vulnerable [Forensics] by Design" machine!


Presenters:

Links:

Similar Presentations: