1. InfoconDB
  2. ekoparty
  3. ekoparty 14 (2018)
  4. Post-Explotation Art: Powershell Empire and Many Others

Post-Explotation Art: Powershell Empire and Many Others

Presented at ekoparty 14 (2018), Sept. 28, 2018, 4 p.m. (120 minutes).

Once a machine is compromised, it is time for post-exploitation. Empire Project allows us to seize Python´s or Powershell´s maximum power, so as to carry out different actions: collection, elevation, pivoting... and a lot more! Are you ready? This workshop aims to show different techniques used in the post-exploitation stage, mainly in Windows environments, being also capable of showing a Linux and OSX example, though. The workshop´s basis are showing the Empire tool of the Empire Project. This framework allows the attendants do any post-exploitation action by using modules. It is a similar Metasploit framework, but seizes the Python (system function) and Powershell power at its máximum. Content: What is Empire? Is it only for Windows systems? No! Architecture and parts of empire 3a. Agents. 3b. Listeners. 3c. Stagers 3d. Modules. Types of listeners and their setup. Turning a stager into an agent. Scenario 1: turning the exploitation in post-exploitation. System entrance and agent control. Scenario 2: collection of credentials and information in the system. Scenario 3: privileges rising. Possibilities with the agent. Scenario 4: lateral movement. Executing agents in other machines of the network. Integration with Metasploit and usage of Mimikatz embedded in the empire agent.

Presenters:

  • Pablo González
    Pablo Gonzalez works at Telefónica in Spain. He is an informatics engineer and has a post-graduate degree in informatics security. He has been speaker in Black Hat Europe 2017, 8dot8 2014 y 2015, Rooted CON, among others. MVP in Microsoft 2017-2018. Author of several books in cybersecurity: Metasploit para Pentesters, Ethical Hacking, Pentesting con Kali, Hacking con Metasploit, Got Root, Pentesting con Powershell de la editorial 0xword. Passionate for disclosure and cybersecurity. He is co-founder a¿in Flu-Project and founder of the HackersClub. He has been working for more than 10 years in cybersecurity. He is professor of varied master-degrees in cybersecurity in different Universities (UEM, UNIR, UOC, URJC).

Links:

Similar Presentations: