Skip to content
Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)
Batchfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Evading_Autoruns_Slides.pdf Add slides and reference materials Sep 24, 2017
LICENSE
README.md Update README.md Oct 16, 2017
pocs.bat Add slides and reference materials Sep 24, 2017
shady.inf Add slides and reference materials Sep 24, 2017

README.md

Evading Autoruns - DerbyCon 7.0

Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)

Watch the talk on YouTube

Abstract

When it comes to offense, maintaining access to your endpoints is key. For defenders, it's equally important to discover these footholds within your network. During this talk, Kyle and Chris will expose several semi-public and private techniques used to evade the most common persistence enumeration tools. Their techniques will explore ways to re-invent the run key, unconventionally abuse search order, and exploit trusted applications. To complement their technical explanations, each bypass will include a live demo and recommendations for detection.

For the past 10 years, Kyle Hanslovan has supported defensive and offensive cyber operations in the U.S. Intelligence Community and currently is the CEO of Huntress Labs. He actively participates in the ethical hacking community as a Black Hat conference trainer, STEM mentor, and Def Con CTF champion. Additionally, he serves in the Maryland Air National Guard as a Cyber Warfare Operator. Chris Bisnett is a veteran information security researcher with more than a decade of experience in offensive and defensive cyber operations. While serving with the NSA RedTeam, he attacked government networks and systems to identify and remedy vulnerabilities. He is also a recognized Black Hat conference trainer for the “Fuzzing For Vulnerabilities” and ""Embedded Fuzzing"" courses.

References

Credits

Thanks to:

You can’t perform that action at this time.