Network defenses are evolving at an unprecedented rate. Our open source toolkit has become ever more difficult to use while pentesting or red teaming on the top tier of networks. Moving into the next generation of offensive operations, we will need to begin testing with tools that closely mirror legitimate application and network behavior. Gryffindor is a pure JavaScript post-exploitation agent that splits the standard model for command and control. It weaponizes the target's web browser to perform all network communication and leverages the Windows Scripting Host (WSH) for the purposes of system execution. In this talk we will walk through the model for idealized remote access including the use social media sites as a platform for covert communication. By leveraging inherent JavaScript capabilities, security professionals can acquire interactive sessions within a browser, harvest sensitive information against arbitrary origins, and pivot into internal networks. Between the browser and the host, there is ripe potential for catastrophic damage.
Matthew Toussain is a penetration tester with Black Hills Information Security and an instructor for the SANS Institute. Matthew regularly hunts for vulnerabilities in computer systems and releases tools to demonstrate the effectiveness of attacks and countermeasures. He has been a guest speaker at many conference venues, including DEFCON. Matthew is an author of SEC460: Enterprise Threat and Vulnerability Assessment. After graduating from the U.S. Air Force Academy, where he architected and instructed the summer cyber course that now trains over 400 cadets per year, Matthew served as the Senior Cyber Tactics Development Lead for the U.S. Air Force. He directed the teams responsible for developing innovative tactics, techniques, and procedures for offensive operations as well as for cyber protection teams (CPT). Later, as a member of the 688th Cyber Warfare Wing he managed the Air Force's transition of all 18 CPTs to fully operational capability. He earned his master's degree in information security engineering as one of the first graduates of the SANS Technology Institute and supports many national and international cyber competitions including the CCDC, Netwars, and the National Security Agency's Cyber Defense Exercise as a red team member and instructor.