SharPersist: Windows Persistence Toolkit in C#

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 4 p.m. (30 minutes).

PowerShell has been used by the offensive community for several years now. However, recent advances in the defensive security industry are causing offensive toolkits to migrate from PowerShell to reflective C# to evade modern security products. Some of these advancements include Script Block Logging, Antimalware Scripting Interface (AMSI) and the development of signatures for malicious PowerShell activity by third-party security vendors. Several public C# toolkits such as Seatbelt, SharpUp and SharpView have been released to assist with tasks in various phases of the attack lifecycle. One phase of the attack lifecycle that has been missing a C# toolkit is persistence. This talk will be on the public release of a Windows persistence toolkit written in C# called SharPersist.


Presenters:

  • Brett Hawkins
    Brett has worked in Information Security for several years working for multiple Fortune 500 companies across different industries. He has focused on both offensive and defensive disciplines and is currently a Red Team consultant at FireEye Mandiant. He holds several industry recognized certifications from SANS and Offensive Security and has spoken at several conferences including DerbyCon and BSides Cleveland. Brett’s extensive knowledge and experience in a breadth of different Information Security areas gives him a unique and well-rounded perspective.

Links:

Similar Presentations: