Tweet
Title: BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery
Presenter: Mike Manrod
Co-Presenter: Ezra Woods
Location: W304
Day,Time: Fri Aug 9 , 12PM - 1:45PM
Audience: Offense, Defense, Malware
Project:
Abstract:
BypassIT is a framework for covert delivery of malware, using AutoIT, AutoHotKey, and other Live off the Land (LotL) tools to deliver payloads and avoid detection. These techniques were derived from reversing attacks observed in the wild by DarkGate and other MaaS actors, revealing universal principles and methods useful for red teaming or internal testing. The framework will consist of a series of tools, techniques, and methods along with testing and reporting on effectiveness, as it relates to evading multiple specific antivirus products.
Bios:
* Presenter:
Mike serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. He also serves as Adjunct Faculty for Grand Canyon University, teaching Malware Analysis and Threat Intelligence. Previous experiences include serving as a threat prevention engineer for Check Point and working as a consultant and analyst for other organizations.
* Co-Presenter:
Ezra Woods is a recent cybersecurity graduate from Grand Canyon University, working as an Information Security Analyst for Arizona's Department of Economic Security. Captain of Grand Canyon University's collegiate cyber defense team, and Team Lead for the Arizona Cyber Threat Response Alliance's Threat Intelligence Support Unit (TISU).
Presenter: Mike Manrod
Co-Presenter: Ezra Woods
Location: W304
Day,Time: Fri Aug 9 , 12PM - 1:45PM
Audience: Offense, Defense, Malware
Project:
Abstract:
BypassIT is a framework for covert delivery of malware, using AutoIT, AutoHotKey, and other Live off the Land (LotL) tools to deliver payloads and avoid detection. These techniques were derived from reversing attacks observed in the wild by DarkGate and other MaaS actors, revealing universal principles and methods useful for red teaming or internal testing. The framework will consist of a series of tools, techniques, and methods along with testing and reporting on effectiveness, as it relates to evading multiple specific antivirus products.
Bios:
* Presenter:
Mike serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. He also serves as Adjunct Faculty for Grand Canyon University, teaching Malware Analysis and Threat Intelligence. Previous experiences include serving as a threat prevention engineer for Check Point and working as a consultant and analyst for other organizations.
* Co-Presenter:
Ezra Woods is a recent cybersecurity graduate from Grand Canyon University, working as an Information Security Analyst for Arizona's Department of Economic Security. Captain of Grand Canyon University's collegiate cyber defense team, and Team Lead for the Arizona Cyber Threat Response Alliance's Threat Intelligence Support Unit (TISU).