The Veil-Framework is a project that aims to bridge the gap between pentesting and red team toolsets. It began with Veil-Evasion, a tool to generate AV-evading payload executables, expanded into payload delivery with the release of Veil-Catapult, and branched into powershell functionality with the release of Veil-PowerView for domain situational awareness. This talk will unveil the newest additional to the Veil-Framework, Veil-Pillage, a fully-fledged, open-source post-exploitation framework that integrates tightly with the existing framework codebase.
We’ll start with a quick survey of the post-exploitation landscape, highlighting the advantages and disadvantages of existing tools. We will cover current toolset gap areas, and how the lack of a single solution with all the options and techniques desired drove the development of Veil-Pillage. Major features of the framework will be quickly detailed, and the underlying primitives that modules build on will be explained.
Veil-Pillage, released immediately following this presentation, makes it easy to implement the wealth of existing post-exploitation techniques out there, public or privately developed. Currently developed modules support a breadth of post-exploitation techniques, including enumeration methods, system management, persistence tricks, and more. The integration of various powershell post-exploitation components, assorted methods of hashdumping, and various ways to grab plaintext credentials demonstrate the operational usefulness of Veil-Pillage. The framework utilizes a number of triggering mechanisms with a preference toward stealth, contains complete command line flags for third-party integration, and has comprehensive logging and cleanup script capabilities. Welcome to Veil-Pillage: Post-Exploitation 2.0.