BHIS logo L 768x768
Most organizations fail to realize that both the threats and vulnerabilities they face are dynamic. Security is not an attainable static state, but an ongoing practice – constant diligence is required. Penetration testing can be the security review an organization needs to see how to keep their infrastructure updated and ready. The team at Black Hills Information Security is outstanding at not only finding ways through your security defenses but working closely with you to protect your organization's most critical assets.
john s quote

Contact BHIS today to schedule your penetration test!

Black Hills Information Security - Technical Segment

  • SilentTrinity: Advanced Windows Backdoor Techniques by Marcello Salvati

    Over the course of the last few years, PowerShell has been the number one way of conducting essentially any type of offensive operation on Active Directory networks and Windows endpoints. It allows offensive personnel to execute implants completely in memory, stealthily conduct situational awareness, and dynamically leverage the underlying power of .NET. Due to recent protections put in place by Microsoft, PowerShell is becoming increasingly less viable to use offensively. These protections are “baked in” to the latest versions of the Windows operating systems and allow AV/EDR/Logging solutions to gain an overwhelming amount of insight into PowerShell execution, and even, in some cases, completely shut down any type of malicious PowerShell tooling/tradecraft. It’s been a good run, and PowerShell has served us well. However, the future is upon us, and it’s our job to adapt; we have to go deeper! With that in mind, what if I told you that everything PowerShell does can also be done with Python–without dropping anything to disk and bypassing every protection that Microsoft has put in place for PowerShell? Welcome to the wonderful world of IronPython, where rainbows and unicorns *still* gallivant as if it were 2009! In this talk, we will be looking at my approach to solving the tradecraft problem of gaining complete, unrestricted, and dynamic access to the .NET runtime without going through PowerShell in any way.