Lazy to Hack: Blackhat Asia 2016

08 April 2016

Blackhat Asia 2016

Glad to be back at this amazing conference. I attended the last one held in 2015, with access to all briefings and the session content are intriguing and scary at the same time.

But as they say, no defense is 100% foolproof. They WILL get in anyhow, it's how long you take to to detect and respond.

Some highlights from Arsenal:

o CrackMapExec

§ Aims to be a one-stop-shop for pentesting Active Directory environments! Think smbexec on steroids, combining the latest and greatest techniques for AD ownage in a single tool!

§ From enumerating logged on users and spidering SMB shares to executing psexec style attacks, concurrently auto-injecting Mimikatz/Shellcode/DLL's into memory using Powershell, dumping the NTDS.dit, querying and executing commands through MSSQL DB's and more!

§ The biggest improvements over the current tools are:

· Pure Python script, no external tools required

· Fully concurrent threading

· Uses ONLY native WinAPI calls for discovering sessions, users, dumping SAM hashes etc...

· Opsec safe (no binaries are uploaded to dump clear-text credentials, inject shellcode etc...)

§ Fully open-source and hosted on Github!

o VirusTotal

§ A free online file and URL scanner that everyone knows.

§ However there are many free features that many users don't know about such as:

· A free public API for anyone to automate file or URL analysis.

· IP address and domain reputation. See malware files known to be associated with a particular IP address or domain, and history Passive DNS info

· Sysinternals, Carbon black, etc. integrations

· Static analysis of files, structural analysis of many file types (PE, ELF, APK, ZIP, RAR, MACHO, .NET, office, etc)

· Sandbox dynamic analysis of PE, APK, Apple Mach-O, and applications.

· ROMS, BIOS, and firmware files

· SSDEEP, authentihash, imphash, and other similarity indexes

· Certificate checks on signed files

· Whitelisting of trusted files

· Free desktop scanning applications for Windows, MAC, and open source for compilation on linux.

Had a short chat with the developer of CrackMapExec, he mentioned that this tool runs entirely in memory and does not have any footprint. It is basically undetectable, except that the only tell-tale signs of execution would be spikes in the CPU and RAM usage.

Demonstration of CrackMapExec by @byt3bl33d3r

= Disclaimer =

The author is not responsible for the actions, content or accuracy of the opinions expressed in Lazy2Hack, nor for privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information. The views, conclusions, findings and opinions of the author are solely those of the author and do not necessarily reflect the views of the government of the author's local precinct or any other organization which the author may represent.

This website/blog includes links to other sites operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. The author has not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of Lazy2Hack.

The author reserves the right to edit, remove or deny access to content that is determined to be, in his sole discretion, unacceptable.

Lazy to Hack

::Trend Micro Threat Resource Center::

08 April 2016

Blackhat Asia 2016

= Why =

:: Twitter Feed ::

= Latest Virus Alerts =

= Safe Web Browsing Tips =

= Daily Reads =

= On the go =

= Archives =

Labels

= Disclaimer =