Cracking the Perimeter with SharpShooter - Dominic Chell - Hack in Paris - 2019
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore advanced payload generation techniques for red team engagements in this 42-minute conference talk from Hack in Paris. Learn how to bypass next-generation endpoint protections, including Cylance, Palo Alto TRAPS, and FireEye, using the open-source SharpShooter framework. Discover methods for profiling organizations, circumventing static analysis on disk, in-memory, and across networks, and evading sandboxing through payload keying. Delve into novel scriptlet execution techniques using XML stylesheets, COM, and application whitelisting bypasses. Gain insights into targeting Skype for Business, understanding signature-based detection, and leveraging various payload delivery methods such as HTML smuggling and DLL hijacking. Examine the MSZM architecture, OMSI, and Squiggly Calm staging workflow for enhanced evasion. Conclude with a discussion on detection prevention strategies and tradecraft considerations for red teamers.
Syllabus
Introduction
Getting a foothold
SharpShooter
What does it do
NetTJScript
HTML Smuggling
SharpShooter Tricks
Targeting Skype for Business
SharpShooter Demo
Signatures
VirusTotal
MSZ
MSZ Architecture
OMSI
Squiggly
Calm Staging
Workflow
XML DOM
Exploit
Example
AMZ payload
DLL hijacking
MG scam before patch
Excel for trick
Excel for payload
Tradecraft
Indicators
Dry Permissions
Injection
Spoofing
Demo
Detection Prevention
Prevention Strategies
Conclusions
Taught by
Hack in Paris
Related Courses
I Simulate Therefore I Catch - Enhancing Detection Engineering with Adversary SimulationYouTube Embrace the Red - Enhancing Detection Capabilities with Adversary Simulation
YouTube So You Think You Can Secure Your Cloud - Red Team Engagements in GCP
Security BSides San Francisco via YouTube Ferris Bueller's Guide to Abuse Domain Permutations
Security BSides San Francisco via YouTube ICS OSINT - An Attacker’s Perspective
RSA Conference via YouTube