Explore a powerful tool for evading antivirus, sandboxes, and IDS/IPS systems in this 27-minute conference talk from NorthSec. Learn about a technique that abuses polyglot files and compact low-level obfuscation using assembly to create payloads that can be executed through various vectors like PowerShell or Windows executables. Discover how this tool can obfuscate a wide range of payloads, from classic meterpreter and empire payloads to Cobalt Strike beacons, DLLs, and executables. Understand the tool's ability to deobfuscate executables in memory and execute shellcode, providing a simple yet effective way to bypass multiple layers of security with a single payload. Gain insights into the tool's components, including macros, bitmap manipulation, shellcode vs. assembly, and PowerShell oneliners. This presentation is essential for pentesters targeting environments with multiple security products.
Overview
Syllabus
Introduction
Who am I
Solution
Macros
bitmap
valid
malicious payload
shellcode vs assembly
Introducing the cat
Modifying the image
Changing the image size
Changing the bitmap format
Changing the payload
Testing the payload
Testing the image on PowerPoint
Endpoint Problem
The Lazy Way
Visual Explanation
Shellcode
Endpoint Fire
PowerShell
Shell Code
Last Episode
PowerShell Oneliner
Cut Cave
Image Embedding
Taught by
NorthSec
