Just got the word that @aleph___naught and I will be presenting a talk and workshop at DEF CON 25.
- Talk: Koadic C3: COM Command & Control
- Workshop: Advanced Windows Post-Exploitation / Malware Forward Engineering
Our talk is a post-exploitation RAT using the Windows Script Host. Executing completely from memory with tons of ways to fork to shellcode. Will contain some original research (with the help of @JennaMagius and @The_Naterz) and amazing prior work by @tiraniddo, @subTee, and @enigma0x3. Queue @mattifestation interjecting with something about app whitelisting!
The workshop is not just the tactics, but the code and reverse engineering behind all the stuff in penetration testing rootkits such as Meterpreter and PowerShell Empire. It will include a deep look into Windows internals and some new concepts and ideas not yet present in the normal set of tools.
All slides and code will be posted at the end of DEF CON.