A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore.
All is not lost!
Using some relatively simple programming techniques, and tactical changes, we can still gain malware execution to establish our C2 channels. With some additional tactical changes post-exploitation, we can still move around below the radar but we need to move with greater care and stealth than ever before.
Join the BHIS Discord Community– https://discord.gg/aHHh3u5
00:00 – The Soundboard Has Too Many Buttons
04:10 – FEATURE PRESENTATION: Malware Execution in the Age of Advanced Defenses
05:36 – Attacker / Threat Actor Emulation
09:41 – That Matrix
10:34 – Endpoint Defense Maturity
13:25 – C2 Implant Execution
19:41 – Metasploit: Why Is My Network Traffic Caught?
23:09 – C2 – Customize and LOL
41:13 – The More You Know…
44:11 – Recon/Discovery Artifacts
46:15 – Amusement with AMSI
47:33 – Simple!
48:10 – AMSI Bypass
50:27 – Event Tracing Bypass
51:34 – Attack Combo!
52:24 – Conclusion
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2021/03/SLIDES_MoveAsideScriptKiddies.pdf
Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.