Explore an innovative approach to offensive cybersecurity operations using IronPython in this 49-minute conference talk from Hack in Paris. Discover how to gain dynamic access to the .NET runtime without relying on PowerShell, bypassing recent Microsoft protections. Learn about the progression from initial concept to building a full Implant/C2 framework, covering topics such as .NET assemblies, managed and unmanaged code, interoperability, and the advantages of using IronPython. Gain insights into the development of SILENTTRINITY, an implant/C2 framework implementing this research, and understand potential defenses and countermeasures. Delve into the future of offensive tradecraft and adapt to evolving cybersecurity landscapes.
Overview
Syllabus
Intro
Agenda
PowerShell
Dotnet
Dotnet Assembly
Managed Unmanaged Code
Dotnet Languages
Assembly That Load
Interoperability
Why CSharp
PowerShell in CSharp
Common problems
Required assemblies
IronPython
Demo
BooLang
ClearScript
Advantages
Other languages
Django
To v20
Defenses
CounterStep
Biggest Giveaway
Long Term Goal
Taught by
Hack in Paris
