Vomiting Shells: Tracking the Splatter Patterns

Presented at THOTCON 0x6 (2015), May 14, 2015, 3 p.m. (50 minutes)

Penetration testers and attackers alike use tools without understanding the impact or what is left behind. This presentation will look at a variety of different methodologies for delivering shells and then track the artifacts that are left behind. For attackers, we will be discussing some additional ways to limit your footprint. For defenders, we will highlight common areas for review and show patterns for a number of the most common ways of achieving shells. Along the way we will highlight the IOCs that will help defenders more easily identify the tools and methodologies used for attacks, as well as ways to limit their impact.


  • Ryan Linn
    Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant at Nuix.

Similar Presentations: