13. Gordon Long: Who Guards the Guards? Hiding your C2 Comms in Plain Sight
Vložit
- čas přidán 12. 09. 2024
- This talk will focus on new research related to abusing page guard permissions to hide data and avoid named pipes on windows. It will include how to build a modular approach for windows c2, and how the demonstrated technique provides a unique way to modularize c2 functionality.
Pesky EDR getting in the way of your C2? Trying to decide how to even start designing a C2? Ready to learn new ways to abuse built in Microsoft features? Want to see C++ for fun? This talk will cover these questions and more! Detailing research which focuses on abusing Windows memory page permissions and coincidentally can help avoid the traditional use of Named Pipes, this talk will highlight ways to design your Windows C2 to better stay under the radar, be customizable and modular, and yes will include code samples. After this talk you should be able to incorporate this approach relatively quickly into any custom baked C2 tooling, as it is designed to show a general technique as opposed to overly specific tooling. We will also discuss some other existing research in the area and how these techniques are becoming increasingly leveraged to hide in plain sight.
