A New Take at Payload Generation: Empty-Nest

Presented at DerbyCon 7.0 Legacy (2017), Sept. 22, 2017, 1 p.m. (50 minutes).

As the evolution of endpoint, egress, and network security controls continues, adversaries and pentesters are finding it increasingly more difficult to execute malicious payloads within properly-hardened enterprise networks. Although tools currently exist to aid in circumventing these controls, the current state fails to properly account for some of newest techniques used by these controls. Enter Empty-Nest, a command-and-control (C2) toolset created with circumvention in mind. Empty-Nest was designed to provide a flexible payload-generation mechanism and pluggable interface to enable adversaries to easily customize payloads for targeted security control bypass. Our talk discusses the Empty-Nest toolset, demonstrating how to leverage the pluggable interface to create keyed payloads capable of bypassing new-age, cloud-based binary analysis, unloading endpoint software DLLs from running processes, customizing C2 transports, and more. James Cook - James has over four years’ experience executing penetration tests for a variety of companies across several industries, including Medical, Retail and Financial. James has conducted security assessments that include components such as internal/perimeter network and application penetration testing, social engineering, wireless assessment and vulnerability assessments. James has contributed to the open source community including Metasploit, smbexec, and Veil. Tom Steele - Tom Steele, reigning from Idaho, harnesses his diverse professional software development background to build great tools for Optiv. It doesn't just stop with Optiv, though, Tom has contributed immensely to the open source development community by providing core packages, libraries, security assessment tools, and frameworks. Tom is also an accomplished presenter among a variety of security and development industry conferences such as BlackHat, DefCon, BSidesLV, Schmoocon, just to name a few. Further, he has provided training on a wide range of development and security topics covering offensive execution tactics, assessment tools, mitigation strategies and defensive measures. Tom is the creator and developer behind the LAIR Penetration Testing collaboration framework and is also the co-author to the upcoming No Starch Press book; BlackHat Go. James Cook - @_jbcook Tom Steele - @_tomsteele

Presenters:

Links:

Similar Presentations: