WWHF | A Master Class on Offensive MSBuild | Chris Truncer & Joe Leon | 1 Hour скачать в хорошем качестве

WWHF | A Master Class on Offensive MSBuild | Chris Truncer & Joe Leon | 1 Hour

–––– Chat in Discord: Join the WWHF Community Discord:   / discord   –––– Chapters: 00:00:00 - PreShow Banter™ 00:26:52 - FEATURE PRESENTATION 01:25:53 - Questions and Closing As red team operators, we all have favorite tools and tactics. For FortyNorth Security's offensive security team, our favorite initial access, persistence, lateral movement and post-exploitation technique leveraging application whitelisting bypasses. While there are hundreds of applications that can bypass application whitelisting, our most reliable and frequently used tool is MSBuild. Our red team rarely conducts an assessment without using MSBuild for some element of the attack lifecyle. The goal of this talk is to create an authoritative and exhaustive reference for security engineers to understand the full capabilities of using MSBuild on offensive engagements. We'll cover using MSBuild within initial access payloads, persistence, lateral movement and post-exploitation jobs. We'll also demonstrate multiple ways of executing arbitrary code stored both locally and remotely with MSBuild. For every offensive technique we demonstrate, we'll also highlight defensive measures to detect or prevent these actions. Coinciding with this talk, FortyNorth Security will release a GitHub repository containing a comprehensive review of all known techniques for using MSbuild on offensive engagements. Join the WWHF Discord Community to participate in discussion with the presenter and attendees:   / discord