Wild West Hackin' Fest 2020 - Deadwood

With offsec tooling migrating from PowerShell to C# these last few years, it's made it easier to leverage the .NET framework in a way that equips operators seamlessly on their red team operations; giving them time to really focus on what matters -- the engagement. Additionally, building tooling and payloads on the fly can leave behind forensic artifacts that contribute to early detections and a reduced dwell time, leading to frustrated operators and potentially burned infrastructure.
In an effort to seamlessly equip operators and reduce leaving breadcrumbs, this presentation will walk through methods for modern red team weaponization of offsec tooling. First we will step through the build process which will include automated builds, continuous integration/deployment, and C2 framework integration. Next, we will step through OPSEC considerations for payloads and tooling in an effort to reduce the breadcrumbs being left behind from assemblies. Finally, we will take a look at payload tradecraft for calling managed code (C# tooling) from unmanaged C++ (stub/launchers), low-level syscalls using C#, and code execution leveraging the Windows kernel.