BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery

Presented at DEF CON 32 (2024), Aug. 9, 2024, noon (105 minutes).

BypassIT is a framework for covert delivery of malware, using AutoIT, AutoHotKey, and other Live off the Land (LotL) tools to deliver payloads and avoid detection. These techniques were derived from reversing attacks observed in the wild by DarkGate and other MaaS actors, revealing universal principles and methods useful for red teaming or internal testing. The framework will consist of a series of tools, techniques, and methods along with testing and reporting on effectiveness, as it relates to evading multiple specific antivirus products.

Presenters:

  • Ezra Woods - Information Security Analyst, Department of Economic Security at Arizona
    Ezra Woods is a recent cybersecurity graduate from Grand Canyon University, working as an Information Security Analyst for Arizona's Department of Economic Security. Captain of Grand Canyon University's collegiate cyber defense team, and Team Lead for the Arizona Cyber Threat Response Alliance's Threat Intelligence Support Unit (TISU).
  • Mike Manrod - Chief Information Security Officer at Grand Canyon Education
    Mike serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. He also serves as Adjunct Faculty for Grand Canyon University, teaching Malware Analysis and Threat Intelligence. Previous experiences include serving as a threat prevention engineer for Check Point and working as a consultant and analyst for other organizations.

Similar Presentations: