Will It Run? Fooling EDRs With Command Lines Using Empirical Data | Wietze Beukema скачать в хорошем качестве

Will It Run? Fooling EDRs With Command Lines Using Empirical Data | Wietze Beukema

🔗 Join us in-person and virtually at our Wild West Hackin' Fest: information security conferences — https://wildwesthackinfest.com/ 🔗 Register for Infosec Webcasts, Anti-casts & Summits. – https://poweredbybhis.com There is a wealth of system-native programs, particularly on Windows operating systems, that happily accept ‘unexpected’ command-line transformations, such as character substitutions, deletions or insertions. An implication of this is that command-line-based detections can be bypassed with minimal effort, and unlike command-line spoofing, without the need for special system calls. Tools vulnerable to this include those often leveraged in attacks that ‘live off the land’ (also known as LOLBins or LOLBAS). This talk will show, based on empirical analysis of the 60 most commonly used LOLBins, how many detections can bypassed making minimal tweaks to how a LOLBins are called. Furthermore, we will introduce a new web-based tool that not only documents the results for all these executables, it allows everyone to generate obfuscated command lines themselves with the click of a button. ///Black Hills Infosec Socials Twitter:   / bhinfosecurity   Mastodon: https://infosec.exchange/@blackhillsi... LinkedIn:   / antisyphon-training   Discord:   / discord   ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.mysh... ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/ser... Penetration Testing: https://www.blackhillsinfosec.com/ser... Incident Response: https://www.blackhillsinfosec.com/ser... ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pa... Live Training: https://www.antisyphontraining.com/co... On Demand Training: https://www.antisyphontraining.com/on... Antisyphon Discord:   / discord   Antisyphon Mastodon: https://infosec.exchange/@Antisy_Trai... ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube:    / wildwesthackinfest   Antisyphon Training YouTube:    / antisyphontraining   Active Countermeasures YouTube:    / activecountermeasures   Threat Hunter Community Discord:   / discord   Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/