Snakes on a Screen: Taming Offensive IronPython Techniques

Presented at DEF CON 31 (2023), Aug. 11, 2023, 9 a.m. (240 minutes)

IronPython is a powerful and flexible programming language that has been increasingly used by attackers due to its ability to bypass security controls. This practical workshop will explore the inner workings of IronPython and its unique features that enable sophisticated offensive techniques. Participants will gain hands-on experience in developing IronPython payloads that can evade modern security controls and execute malicious code on target systems. The workshop will cover the following topics: 1. Introduction to IronPython: Basic syntax and usage of IronPython, and how it can be used in offensive scenarios. 2. BYOI and DLR: Bring Your Own Interpreter (BYOI) and Dynamic Language Runtime (DLR) concepts and their role in developing offensive payloads. 3. Malware Development with IronPython: Develop sophisticated payloads that can bypass modern security controls and execute malicious code on target systems. 4. Anti-Forensics and Evasion Techniques: Techniques to make the payloads more resilient to forensic analysis and detection. 5. Advanced Techniques: Advanced techniques like using IronPython with C# and PowerShell and integrating the payloads with other offensive tools. This workshop is designed for offensive security professionals, red teamers, penetration testers, and anyone interested in exploring the capabilities of IronPython for offensive purposes. Participants should have a basic understanding of Python and programming concepts. By the end of the workshop, participants will have a deeper understanding of IronPython and its capabilities for developing offensive payloads. Skill Level: Intermediate Prerequisites for students: - A familiarity with python is preferred, but not required. Materials or Equipment students will need to bring to participate: - Laptop with Windows or other Windows VM

Presenters:

• Vincent "Vinnybod" Rose - Lead Developer at Empire and Starkiller
  Vincent "Vinnybod" Rose is the Lead Developer for Empire and Starkiller. He is a software engineer with a decade of expertise in building highly scalable cloud services, improving developer operations, and building automation. Recently, his focus has been on the reliability and stability of the Empire C2 server in the most recent major update (Empire 5). Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.
• Gannon “Dorf” Gebauer - Security Consultant at BC Security
  Gannon “Dorf” Gebauer is a Security Consultant at BC Security and specializes in threat intelligence and embedded system testing. He has led teams through the Cyber Patriot, a USAF CTF that tests both defense and offensive capabilities. Currently, his expertise is focused on building automation tools for range deployments. Dorf has taught courses at both, Blackhat and DEF CON.
• Anthony Rose / Cx01N - Director of Security Researcher at BC Security   as Anthony "Coin" Rose
  Anthony "Coin" Rose, CISSP, is the Director of Security Researcher at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, HackSpaceCon, HackMiami, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / IronPython... omfg
• 44CON 2019 / BYOI (Bring Your Own Interpreter) payloads: Fusing the powah of .NET with a scripting language of your choosing