Bypassing Antivirus: With Understanding Comes Ease | Jeff McJunkin | WWHF Deadwood 2020 Virtual скачать в хорошем качестве

Bypassing Antivirus: With Understanding Comes Ease | Jeff McJunkin | WWHF Deadwood 2020 Virtual

Bypassing Antivirus: With Understanding Comes Ease 00:00 - Japan Based Banter 03:09 - Bypassing Antivirus with Jeff McJunkin 03:46 - The Three Seashells 08:22 - WHOAMSI 09:35 - Fundamental Limitations of AV 12:46 - False Positives False Negatives 16:31 - DEMO: Mimikatz with Static Signatures 32:17 - Disadvantages for Security Professionals 36:21 - Antivirus Bypass Methods 46:53 - Application Control 49:56 - A Better Approach With A.V. 54:28 - A.V.’s Own Attack Surface 55:48 - Closing Statement Join the WWHF Discord Community –   / discord   The job of a penetration tester is to emulate real-world, realistic adversaries to compromise the client and explain the business risks of the technical findings. Those pesky real-world adversaries bypass AV all the time, even with essentially the same malware, over and over. How do they do it? Simple. By understanding what traps AV is setting, you can step around, jump over, or disable those traps before sauntering to your destination unhindered. I can't help with your saunter, but I can help you understand and bypass AV using arbitrary payloads (whether Cobalt Strike, Metasploit, Covenant, Mystic, SILENTTRINITY, or whichever) in many ways, all in less than an hour. Jeff McJunkin is the founder of Rogue Valley Information Security, a consulting firm specializing in penetration testing and red team engagements. Jeff has a long background in systems and network administration that he leveraged into web and network penetration testing, especially involving Active Directory. He has taught dozens of classes in network penetration testing for the SANS Institute and is the author of the "Metasploit Kung Fu for Enterprise Pen Testing" course. He specializes in not only finding end-to-end realistic attack scenarios for clients, but also in helping technical staff as well as senior leadership in understanding the attack, its ramifications, detective controls, and assisting in safe remediation. Jeff has competed in many security competitions and has won many of them, along with designing and presenting several iterations of the SANS Core NetWars Tournaments to thousands of attendees.