Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?
In this one-hour podcast, originally recorded as a live webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter).
Download slides: https://www.activecountermeasures.com/presentations/
Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way!
We also cover some basic .NET and C# concepts in order to understand why this is possible and all the hype surrounding offensive C# tradecraft.
Additionally, we demo SILENTTRINITY, a post-exploitation tool we have developed that attempts to weaponize the BYOI concept *AND* dropped a pretty huge update for it live during the webcast!
This podcast was originally recorded on 2/14/2019 as a live webcast with our very own Marcello Salvati.
P.S — You can get SILENTTRINITY here:
Also, you can now register for our Cyber Deception class at Black Hat 2019 here: https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124
Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.