YoVDO

Cracking the Perimeter with SharpShooter - Dominic Chell - Hack in Paris - 2019

Offered By: Hack in Paris via YouTube

Tags

Hack in Paris Courses Cybersecurity Courses Adversary Simulation Courses

Course Description

Overview

Explore advanced payload generation techniques for red team engagements in this 42-minute conference talk from Hack in Paris. Learn how to bypass next-generation endpoint protections, including Cylance, Palo Alto TRAPS, and FireEye, using the open-source SharpShooter framework. Discover methods for profiling organizations, circumventing static analysis on disk, in-memory, and across networks, and evading sandboxing through payload keying. Delve into novel scriptlet execution techniques using XML stylesheets, COM, and application whitelisting bypasses. Gain insights into targeting Skype for Business, understanding signature-based detection, and leveraging various payload delivery methods such as HTML smuggling and DLL hijacking. Examine the MSZM architecture, OMSI, and Squiggly Calm staging workflow for enhanced evasion. Conclude with a discussion on detection prevention strategies and tradecraft considerations for red teamers.

Syllabus

Introduction
Getting a foothold
SharpShooter
What does it do
NetTJScript
HTML Smuggling
SharpShooter Tricks
Targeting Skype for Business
SharpShooter Demo
Signatures
VirusTotal
MSZ
MSZ Architecture
OMSI
Squiggly
Calm Staging
Workflow
XML DOM
Exploit
Example
AMZ payload
DLL hijacking
MG scam before patch
Excel for trick
Excel for payload
Tradecraft
Indicators
Dry Permissions
Injection
Spoofing
Demo
Detection Prevention
Prevention Strategies
Conclusions


Taught by

Hack in Paris

Related Courses

I Simulate Therefore I Catch - Enhancing Detection Engineering with Adversary Simulation
YouTube
Embrace the Red - Enhancing Detection Capabilities with Adversary Simulation
YouTube
So You Think You Can Secure Your Cloud - Red Team Engagements in GCP
Security BSides San Francisco via YouTube
Ferris Bueller's Guide to Abuse Domain Permutations
Security BSides San Francisco via YouTube
ICS OSINT - An Attacker’s Perspective
RSA Conference via YouTube