BHIS logo L 768x768
Most organizations fail to realize that both the threats and vulnerabilities they face are dynamic. Security is not an attainable static state, but an ongoing practice – constant diligence is required. Penetration testing can be the security review an organization needs to see how to keep their infrastructure updated and ready. The team at Black Hills Information Security is outstanding at not only finding ways through your security defenses but working closely with you to protect your organization’s most critical assets.
john s quote

Sign up for the BHIS Mailing List to receive updates about upcoming webcasts, blogs, and open-source tools from our testers.

Subscribe to our mailing list

* indicates required

Download Marcello’s SILENTTRINITY: https://github.com/byt3bl33d3r/SILENTTRINITY

Silent Trinity

Black Hills Information Security - Technical Segment

  • SILENTTRINITY Updates by Marcello Salvati

    No PowerShell? No Problem! Red Teaming using the BYOI (Bring Your Own Interpreter) lifestyle. Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way! In this tech segment I’ll be demoing SILENTTRINITY, a post-exploitation tool I’ve developed that attempts to weaponize some of the BYOI concepts I’ll be explaining how it works at a high level & talking about some of the updates in the 0.1.0 version which is fresh off the presses!

  • SILENTTRINITY: Advanced Windows Backdoor Techniques by Marcello Salvati

    Over the course of the last few years, PowerShell has been the number one way of conducting essentially any type of offensive operation on Active Directory networks and Windows endpoints. It allows offensive personnel to execute implants completely in memory, stealthily conduct situational awareness, and dynamically leverage the underlying power of .NET. Due to recent protections put in place by Microsoft, PowerShell is becoming increasingly less viable to use offensively. These protections are “baked in” to the latest versions of the Windows operating systems and allow AV/EDR/Logging solutions to gain an overwhelming amount of insight into PowerShell execution, and even, in some cases, completely shut down any type of malicious PowerShell tooling/tradecraft. It’s been a good run, and PowerShell has served us well. However, the future is upon us, and it’s our job to adapt; we have to go deeper! With that in mind, what if I told you that everything PowerShell does can also be done with Python–without dropping anything to disk and bypassing every protection that Microsoft has put in place for PowerShell? Welcome to the wonderful world of IronPython, where rainbows and unicorns *still* gallivant as if it were 2009! In this talk, we will be looking at my approach to solving the tradecraft problem of gaining complete, unrestricted, and dynamic access to the .NET runtime without going through PowerShell in any way.