Red Team Level over 9000! Fusing the powah of .NET with a scripting language of your choosing: introducing BYOI (Bring Your own Interpreter) payloads.

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 8, 2019, 10 a.m. (45 minutes).

With all of the defenses Microsoft has implemented in the PowerShell run-time over the past few years Red Teamers & APT groups have started too shy away from using PowerShell based payloads/delivery mechanisms and migrate over to C#. However, C# is a compiled language, operationally this has a few major downsides: we can’t be as “flexible” as we could be with scripting languages, setting up a proper development environment has overhead, things need to be compiled etc... in this talk, I will be covering my approach to solving these operational problems by using some of the (possibly?) lesser known features of the .NET framework and introducing BYOI (Bring Your Own Interpreter) payloads which allow you to embed a scripting language of your choosing into any .NET language!

Presenters:

  • Marcello Salvati / byt3bl33d3r as Marcello Salvati
    Marcello Salvati (@byt3bl33d3r) is a Security Analyst at BlackHills Information Security by day and by night a tool developer who discovered a novel technique to turn tea, sushi, alcohol and dank memes into somewhat functioning code. His passions include anything Active Directory related, trolling people on GitHub and developing open-source tools for the security community at large which he’s been doing for the past several years, some of his projects include SilentTrinity, CrackMapExec, DeathStar, RedBaron and many more.

Links:

Similar Presentations: