Meterpreter - Understanding the New Shiny

Explore the evolution and advanced features of Meterpreter in this comprehensive conference talk from the 44CON Information Security Conference. Dive into the latest developments that have transformed Meterpreter into a more powerful tool for red team engagements. Learn about core functionalities and newly introduced capabilities, including stageless payloads, transport modification, paranoid mode, and persistence techniques. Gain insights into avoiding common pitfalls that cause shells to fail and discover how to leverage new features for establishing stronger footholds in target networks. Cover technical aspects of the Extended API (extapi), including ADSI domain queries, service enumeration and control, and clipboard manipulation. Examine the integration of Mimikatz 2.0 (kiwi) and understand the differences between stagers and stageless payloads. Delve into configuration blocks, transport data URLs, and other critical components that enhance Meterpreter's effectiveness in modern security assessments.

Intro
Background knowledge
The new shiny
Extended API (extapi)
extapi - adsi_domain_query
extapi - Service enumeration
extapi - Service control
extapi - Clipboard
Mimikatz 2.0 (kiwi)
Recap - stagers
Recap - WinINET vs WinHTTP
Recap - Establishing Meterpreter
Stager and Stage Changes
Configuration Block
Configuration requirements
Transport Data URLS
Stageless Configuration