RiskSense Security Researchers to Reveal New Microsoft Windows Vulnerability at DEF CON 25
Experts to Present Research Findings with KOADIC C3 Hacking Tool and Defensive Measures; Session to be Followed by Microsoft Windows Pen Testing Workshop
SUNNYVALE, Calif. and ALBUQUERQUE, N.M. – July 18, 2017 – RiskSense®, Inc., the pioneer and market leader in pro-active cyber risk management, today announced that two of its security researchers will present findings from developing an open source hacking tool called KOADIC™ C3 and reveal a new remote Microsoft® Windows® vulnerability at the DEF CON 25 conference next week.
Sean Dillon, senior security analyst at RiskSense, is a Microsoft Windows kernel expert and penetration tester. He was the first researcher to reverse engineer the DOUBLEPULSAR SMB backdoor. Sean is also a co-author of the ETERNALBLUE Metasploit® module and has made other contributions to the project. He has worked as a software engineer in the avionics and video game hacking industries.
Zach Harding, senior security analyst at RiskSense, previously served in the US Army as a combat medic. He helped improve the leaked NSA code to release the EXTRABACON 2.0 Cisco® ASA exploit package.
KOADIC C3, or COM Command and Control, is a Microsoft Windows post-exploitation tool similar to other penetration testing rootkits such as Metasploit Meterpreter and PowerShell Empire. Unlike these other tools, KOADIC performs most of its operations using the Microsoft Windows Script Host (a.k.a. Jscript / VBScript), which is tightly coupled to the core Microsoft Windows operating system. The 45-minute session titled "KOADIC C3 - Windows COM Command and Control Framework" will explore default COM objects as an attack surface in Microsoft Windows. It will include live demonstrations using KOADIC, obscure Microsoft Windows scripting techniques, interesting workarounds, and exploit basic Microsoft Windows Script Host functions. The speakers will also present defenses for protecting Microsoft Windows systems and networks against attacks that use this type of tool. During the presentation, a 20+ year-old remote Windows 0-day vulnerability that has been disclosed to Microsoft, will be revealed.
In the four-hour workshop, "Advanced Windows Post-Exploitation / Malware Forward Engineering", Sean and Zach will demonstrate and explain key Microsoft Windows penetration testing techniques. They will present a deep dive on the low-level code that makes it all work, and explore shellcode, COM, WMI, Windows API, and .NET, using open source tools including PowerShell Empire, KOADIC C3, and Metasploit Meterpreter. Attendees will also gain an in-depth understanding of anti-virus detection and evasion methods.
"KOADIC C3 - Windows COM Command and Control Framework"; Saturday, July 29, 2017 at 1:00 PM PDT, Track 2
"Advanced Windows Post-Exploitation / Malware Forward Engineering"; Saturday, July 29, 2017 from 2:30 PM to 6:30 PM PDT in Octavius 5
DEF CON 25, Caesars Palace, Las Vegas, NV
About RiskSense RiskSense®, Inc., is the pioneer and market leader in pro-active cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing attack surface.
The company’s Software-as-a-Service (SaaS) Platform transforms cyber risk management into a more pro-active, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries. As part of a team that collaborated with the U.S. Department of Defense and U.S. Intelligence Community, RiskSense founders developed Computational Analysis of Cyber Terrorism against the U.S. (CACTUS), Support Vectors Intrusion Detection, Behavior Risk Analysis of Vicious Executables (BRAVE), and the Strike Team Program.
By leveraging RiskSense cyber risk management solutions, organizations can significantly shorten time-to-remediation, increase operational efficiency, strengthen their security programs, improve cyber hygiene, heighten response readiness, reduce costs, and ultimately minimize cyber risks. For more information, please visit www.risksense.com or follow us on Twitter at @RiskSense.