Cracking the Perimeter with SharpShooter - Dominic Chell - Hack in Paris - 2019
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore advanced payload generation techniques for red team engagements in this 42-minute conference talk from Hack in Paris. Learn how to bypass next-generation endpoint protections, including Cylance, Palo Alto TRAPS, and FireEye, using the open-source SharpShooter framework. Discover methods for profiling organizations, circumventing static analysis on disk, in-memory, and across networks, and evading sandboxing through payload keying. Delve into novel scriptlet execution techniques using XML stylesheets, COM, and application whitelisting bypasses. Gain insights into targeting Skype for Business, understanding signature-based detection, and leveraging various payload delivery methods such as HTML smuggling and DLL hijacking. Examine the MSZM architecture, OMSI, and Squiggly Calm staging workflow for enhanced evasion. Conclude with a discussion on detection prevention strategies and tradecraft considerations for red teamers.
Syllabus
Introduction
Getting a foothold
SharpShooter
What does it do
NetTJScript
HTML Smuggling
SharpShooter Tricks
Targeting Skype for Business
SharpShooter Demo
Signatures
VirusTotal
MSZ
MSZ Architecture
OMSI
Squiggly
Calm Staging
Workflow
XML DOM
Exploit
Example
AMZ payload
DLL hijacking
MG scam before patch
Excel for trick
Excel for payload
Tradecraft
Indicators
Dry Permissions
Injection
Spoofing
Demo
Detection Prevention
Prevention Strategies
Conclusions
Taught by
Hack in Paris
Related Courses
NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in ParisHack in Paris via YouTube All Roads Lead to OpenVPN Pwning Industrial Remote Access Clients - Sharon Brizinov - Hack in Paris - 2021
Hack in Paris via YouTube Exploits in Wetware - R. Sell - Hack in Paris - 2019
Hack in Paris via YouTube All Your GPS Trackers Belong to Us - C. Kasmi, P. Barre - Hack in Paris - 2019
Hack in Paris via YouTube In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass - E. Carroll - Hack in Paris - 2019
Hack in Paris via YouTube