“For many years Penetration Testers have relied on gaining shell access to remote systems in order to take ownership of network resources and enterprise owned assets. AntiVirus (AV) companies are becoming increasingly more aware of shell signatures and are therefore making it more and more difficult to compromise remote hosts. The current industry mentality seams to believe the answer is stealthier payloads and super-complex obfuscation techniques. I believe a more effective answer might lie in alternative attack methodologies involving authenticated execution of native Windows commands to accomplish the majority of shell reliant tasks common to most network level penetration tests. The techniques I will be discussing were developed precisely with this style of attack in mind. Using these new tools, I will demonstrate how to accomplish the same degree of network level compromise that has been enjoyed in the past with shell-based attack vectors, while avoiding detection from AV solutions and leaving little to no trace of presence on target systems. ”
Royce Davis is a Senior Consultant on the Accuvant LABS Enterprise Tactical Attack & Penetration team. He has several years of professional experience in Information Security. Specializing in Network-Level Penetration and Red Team exercises, Royce has lead numerous engagements for clients in several industries over the past three years while also obtaining certifications from Offensive Security and the SANS institute. In 2011 Royce co-founded the pentestgeek.com website. Royce has written code for open source security projects such as the Metasploit Framework and is also the author of the Jigsaw.rb Email Address Harvesting tool. Royce holds an Associate of Applied Science degree from Dakota County Technical College in Information Systems Management.