Black Hills Information Security

Black Hills Information Security


Webcast: Move Aside Script Kiddies – Malware Execution in the Age of Advanced Defenses

January 18, 2021

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore.

All is not lost!

Using some relatively simple programming techniques, and tactical changes, we can still gain malware execution to establish our C2 channels. With some additional tactical changes post-exploitation, we can still move around below the radar but we need to move with greater care and stealth than ever before.

Join the BHIS Discord Community– https://discord.gg/aHHh3u5

00:00 – The Soundboard Has Too Many Buttons

04:10 – FEATURE PRESENTATION: Malware Execution in the Age of Advanced Defenses

05:36 – Attacker / Threat Actor Emulation

09:41 – That Matrix

10:34 – Endpoint Defense Maturity

13:25 – C2 Implant Execution

19:41 – Metasploit: Why Is My Network Traffic Caught?

23:09 – C2 – Customize and LOL

41:13 – The More You Know…

44:11 – Recon/Discovery Artifacts

46:15 – Amusement with AMSI

47:33 – Simple!

48:10 – AMSI Bypass

50:27 – Event Tracing Bypass

51:34 – Attack Combo!

52:24 – Conclusion