BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:af60f1e0-e283-4667-8f09-a3ec4adc96d9 DTSTAMP:20260429T154558Z SUMMARY:Ek47 ā€“ Payload Encryption with Environmental Keys - Kevin Clark\, Skyler Knecht DESCRIPTION:Ek47 ā€“ Payload Encryption with Environmental Keys\n\nFriday A ugust 11\, 12:00 ā€“ 13:55\, Committee Boardroom\, Forum\n\nKevin Clark & Skyler Knecht\n\nEk47 is a payload encryptor that leverages user-selected environmental keys associated with a target execution context. In the abse nce of these environmental keys\, Ek47 payloads will not decrypt and execu te. This creates a strong resistance to automated/manual analysis and reve rse engineering of payloads. Ek47 supports many different environmental ke ys such as current user\, domain\, computer name\, installed programs\, an d more. Additionally\, Ek47 supports packing payloads of .NET assemblies\, unmanaged DLLs\, and raw shellcode. Ek47 payloads are themselves .NET ass emblies and can be uploaded to disk or executed reflectively via any execu te-assembly method. By default\, a standard AMSI/ETW bypass is executed be fore the main payload is executed\, but Ek47 makes it easy to add custom b ypasses for more advanced evasion functionality. Additional miscellaneous features are provided such as entropy management\, PE header stomping\, an d generation of service executables.\n\nKevin Clark is a Software Develope r turned Penetration Tester at TrustedSec. He focuses on initial access an d Active Directory exploitation. He contributes to open-source tools such as PowerShell Empire and Metasploit. He also writes his own custom securit y tools such as Badrats and Ek47. Kevin has a passion for education and vo lunteers on the Midwest Collegiate Cyber Defense Competition (CCDC) red te am. He teaches courses with BC-SECURITY at BlackHat and other venues about Evasion\, Red Teaming\, Empire Operations\, and Active Directory. Kevin a uthors a cybersecurity blog at https://henpeebin.com/kevin/blog.\n\nSkyler Knecht is a Information Security Specialist who performs a variety of sec urity assessments including\, phishing\, internal/external penetration tes ts and red teaming. Skyler Knecht worked as a consultant for three years a nd has recently pivoted to an internal team at Navy Federal Credit Union. Skyler Knecht is continually researching all fields of study but is primar ily focused developing offensive tooling such as command and control frame works and implants.\n\nAudience - Offense\, Red Team\n\n\nā€‹ URL:https://forum.defcon.org/node/246229 DTSTART:20230811T200000Z DTEND:20230811T215501Z LOCATION:Committee Boardroom\, Forum END:VEVENT END:VCALENDAR