BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem. - podcast episode cover

BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem.

Talkin' Bout [Infosec] News
Mar 06, 201954 minEp. 1
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?

In this one-hour podcast, originally recorded as a live webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter).

Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way!

We also cover some basic .NET & C# concepts in order to understand why this is possible and all the hype surrounding offensive C# tradecraft.

Additionally, we demo SILENTTRINITY, a post-exploitation tool we have developed that attempts to weaponize the BYOI concept *AND* dropped a pretty huge update for it live during the webcast!

This podcast was originally recorded on 2/14/2019 as a live webcast with our very own Marcello Salvati.

P.S — You can get SILENTTRINITY here:

https://github.com/byt3bl33d3r/SILENTTRINITY

Also, you can now register for our Cyber Deception class at Black Hat 2019 here: https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124

For the best experience, listen in Metacast app for iOS or Android