This class will provide students with detailed guidance and workshop based instruction on how to design and deploy custom implants that monitor target hosts for adjacent targets, subsequently replicating onto them autonomously. Students will gain knowledge around a variety of methods of proliferation based persistence on multiple platforms; As well as, binary autonomous transformation techniques designed to allow offensive practitioners the freedom of writing conventional binaries, yet maintaining the mobility of shellcode like operating conditions.
This class builds upon the elements covered in “Scalable Post-Compromise Utility Development Tradecraft”. Similar libraries and code samples will be used, but new material will be distributed to facilitate the additional subject matter. Participants will utilize a complement of open source libraries and utilities centered around the Go programming language to design and construct:
a) A multi-platform, multi architecture implant capable of performing remote command execution
b) An inject capable of deploying the implant in a variety of environments
c) A command and control system specifically designed to utilize the full functionality of the aforementioned implant.
As well as:
d) An implant capable of detecting adjacent attack vectors and utilizing them to self replicate
e) A command and control system capable of mapping the dynamically created network of compromised assets
f) Technology that allows the student to organically locate persistence opportunities within compromised assets at the point of infection.
Students should have a working knowledge of basic programming concepts, as well as basic operating system and tcp/ip networking fundamentals. Students will also preferably be somewhat versed in executable binary file structure on multiple operating systems and have some basic knowledge of x86 and or X86_64 assembly language.