Pages from a Sword-Maker’s Notebook pt. II

ShmooCon XIV - 2018

Presented by: Vyrus
Date: Saturday January 20, 2018
Time: 11:00 - 11:50
Location: Main Room
Track: Bring It On

This talk is an encapsulation of implemented solutions for achieving common requirements when constructing software designed to perform long term covert intelligence gathering. It is a “grab bag” of “tips and tricks” developed and or abstracted from previous works by the presenter in a variety of intelligence gathering operations, none of which will be specifically disclosed. Full source code (almost all of it written in Golang) will be provided for tactic snippets, as well as several publicly available practical examples of solutions to various covert intelligence gathering roadblocks.

The technical details of this presentation will be prefaced by a small summery of “which tactics work from a methodical perspective and why” from a human perspective. Beyond this, specific mappings will be drawn from these methods to the specific technical capabilities disclosed in the latter portion of the presentation. The technical subjects in question will include but not be limited to. — anti virus evasion (with special emphasis on modern machine learning based solutions) — anti attribution techniques — covert channel methods — C2 “castle guarding” — covert administration & devops — solution scaling — persistence — future proofing — counter intelligence / anti reverse engineering.

Vyrus

Vyrus (@vyrus001) may or may not have begun his offensive security training in early childhood through a series of allegedly criminal acts for a hacker collective still active on the internet today. Over the last approximately 2 decades these experiences have expressed themselves through participation within a variety of both independent, as well as corporate; technically legal information security professions. While the specific nature of many of these professions has yet to be disclosed, the professional skills Vyrus has been known to utilize throughout employment include but are not limited to: reverse engineering, penetration testing, “red teaming”, security controls analysis, proof of concept malware development, incident response, implant development, exploit development, long term electronic surveillance, traffic analysis, complex systems risk analysis, many forms of wireless security, hardware security assessment, and general IT solution development & support.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats