Malware Design: Abusing Legacy Microsoft Transports and Session Architecture

Explore a DEF CON 31 conference talk that delves into advanced malware design techniques focusing on Legacy Microsoft Transports and Session Architecture. Learn about maintaining persistent command and control (C2) access during red team operations through the demonstration of Obligato, a covert implant tasking and communications framework. Discover methodologies for breaking process chaining events, disassociating network communication from implants, and implementing evasion techniques against dynamic analysis. Gain insights into maintaining and regaining access to compromised endpoints while minimizing detection risks. While basic understanding of Windows architecture, networking, and programming concepts is beneficial, the presentation covers both high-level concepts and technical details suitable for various expertise levels.