Sceaphierde Sheep in Wolf’s Clothing

Presented at ShmooCon 2022 Rescheduled, March 25, 2022, noon (60 minutes).

This talk will showcase a new custom C2, Scheapierde, written in golang that implements a full TTY shell, file upload and download, and port forwarding, all over websockets protected by MTLS. The core functionality of Scheapierde allows for creation of a purposefully vulnerable service to be exploited yet provides no weakened attack surface. This talk will go through the design decisions while making the C2, as well as the reason it was created instead of just grabbing something off the self.


Presenters:

  • Michael Hoffman
    Michael Hoffman (@0x1nd0) is a offensive security red team operator working for Oracle Cloud Infrastructure (OCI). He has interests in the creation of offensive malware development and security research in MacOS and Linux operating systems. Prior to OCI, he worked as a penetration tester for PayPal and a partner in a security startup. Recently, his main focus is writing golang malware and MacOS persistence mechanisms.

Similar Presentations: