Deadwood 2020 (Virtual Con)
Back To Schedule
Friday, September 25 • 3:00pm - 3:50pm
Modern Red Team Weaponization

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

With offsec tooling migrating from PowerShell to C# these last few years, it's made it easier to leverage the .NET framework in a way that equips operators seamlessly on their red team operations; giving them time to really focus on what matters -- the engagement. Additionally, building tooling and payloads on the fly can leave behind forensic artifacts that contribute to early detections and a reduced dwell time, leading to frustrated operators and potentially burned infrastructure.
In an effort to seamlessly equip operators and reduce leaving breadcrumbs, this presentation will walk through methods for modern red team weaponization of offsec tooling. First we will step through the build process which will include automated builds, continuous integration/deployment, and C2 framework integration. Next, we will step through OPSEC considerations for payloads and tooling in an effort to reduce the breadcrumbs being left behind from assemblies. Finally, we will take a look at payload tradecraft for calling managed code (C# tooling) from unmanaged C++ (stub/launchers), low-level syscalls using C#, and code execution leveraging the Windows kernel.

avatar for Mike Felch

Mike Felch

Mike is currently a Red Team R&D Engineer at CrowdStrike and prior Black Hills Information Security red teamer. He began his career in 1997 as a Linux administrator which eventually led to numerous offensive security and engineering roles with a focus on hardware/software security... Read More →

Friday September 25, 2020 3:00pm - 3:50pm MDT
Track 2