Talkin' Bout [Infosec] News

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore.

All is not lost!

Using some relatively simple programming techniques, and tactical changes, we can still gain malware execution to establish our C2 channels. With some additional tactical changes post-exploitation, we can still move around below the radar but we need to move with greater care and stealth than ever before.

Join the BHIS Discord Community– https://discord.gg/aHHh3u5

00:00 – The Soundboard Has Too Many Buttons

04:10 – FEATURE PRESENTATION: Malware Execution in the Age of Advanced Defenses

05:36 – Attacker / Threat Actor Emulation

09:41 – That Matrix

10:34 – Endpoint Defense Maturity

13:25 – C2 Implant Execution

19:41 – Metasploit: Why Is My Network Traffic Caught?

23:09 – C2 – Customize and LOL

41:13 – The More You Know…

44:11 – Recon/Discovery Artifacts

46:15 – Amusement with AMSI

47:33 – Simple!

48:10 – AMSI Bypass

50:27 – Event Tracing Bypass

51:34 – Attack Combo!

52:24 – Conclusion

Show Notes

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore. All is not lost! Using some relatively simple programming techniques, and tactical changes, we can still gain malware execution to establish our C2 channels. With some additional tactical changes post-exploitation, we can still move around below the radar but we need to move with greater care and stealth than ever before. Join the BHIS Discord Community– https://discord.gg/aHHh3u5 00:00 – The Soundboard Has Too Many Buttons 04:10 – FEATURE PRESENTATION: Malware Execution in the Age of Advanced Defenses 05:36 – Attacker / Threat Actor Emulation 09:41 – That Matrix 10:34 – Endpoint Defense Maturity 13:25 – C2 Implant Execution 19:41 – Metasploit: Why Is My Network Traffic Caught? 23:09 – C2 – Customize and LOL 41:13 – The More You Know… 44:11 – Recon/Discovery Artifacts 46:15 – Amusement with AMSI 47:33 – Simple! 48:10 – AMSI Bypass 50:27 – Event Tracing Bypass 51:34 – Attack Combo! 52:24 – Conclusion
  • (00:00) - The Soundboard Has Too Many Buttons
  • (04:10) - FEATURE PRESENTATION: Malware Execution in the Agge of Advanced Defenses
  • (05:36) - Attacker / Threat Actor Emulation
  • (09:41) - That Matrix
  • (10:34) - Endpoint Defense Maturity
  • (13:25) - C2 Implant Execution
  • (19:41) - Metasploit: Why Is My Network Traffic Caught?
  • (23:09) - C2 - Customize and LOL
  • (41:13) - The More You Know...
  • (44:11) - Recon/Discovery Artifacts
  • (46:15) - Amusement with AMSI
  • (47:33) - Simple!
  • (48:10) - AMSI Bypass
  • (50:27) - Event Tracing Bypass
  • (51:34) - Attack Combo!
  • (52:24) - Conclusion

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET