Explore a comprehensive analysis of Netrepser, a JavaScript-based targeted attack framework, in this 25-minute conference talk from BSidesSF 2018. Delve into the unique approach of this espionage tool, which combines freeware utilities to create a complex malware framework. Examine its technical details, including macros, VB scripts, main payload, and various jobs such as registration, WinRAR, system file listing, and credential collection. Investigate the attack's communication techniques, impact on victim data, and how it differs from military-grade APTs. Gain insights into the core job, SDelete function, and kill switch mechanisms. Understand how Netrepser's simplicity allows it to blend into target environments while still carrying out sophisticated espionage operations against high-profile institutions.
Overview
Syllabus
Introduction
Quick Facts
Technical Details
Macros
Statistics
VB Macros
Main payload
Registration script
WinRAR job
Systemfilelist job
Report job
Collect credentials
Login credentials
Key logger
Path download
Analysis
Core Job
SDelete
KillSwitch
Summary
Taught by
Security BSides San Francisco
