Experts to Present Research Findings with KOADIC C3 Hacking Tool and Defensive Measures; Session to be Followed by Microsoft Windows Pen Testing Workshop
SUNNYVALE, Calif. and ALBUQUERQUE, N.M. – July 18, 2017 – RiskSense®, Inc., the pioneer and market leader in pro-active cyber risk management, today announced that two of its security researchers will present findings from developing an open source hacking tool called KOADIC™ C3 and reveal a new remote Microsoft® Windows® vulnerability at the DEF CON 25 conference next week.
Sean Dillon, senior security analyst at RiskSense, is a Microsoft Windows kernel expert and penetration tester. He was the first researcher to reverse engineer the DOUBLEPULSAR SMB backdoor. Sean is also a co-author of the ETERNALBLUE Metasploit® module and has made other contributions to the project. He has worked as a software engineer in the avionics and video game hacking industries.
Zach Harding, senior security analyst at RiskSense, previously served in the US Army as a combat medic. He helped improve the leaked NSA code to release the EXTRABACON 2.0 Cisco® ASA exploit package.
KOADIC C3, or COM Command and Control, is a Microsoft Windows post-exploitation tool similar to other penetration testing rootkits such as Metasploit Meterpreter and PowerShell Empire. Unlike these other tools, KOADIC performs most of its operations using the Microsoft Windows Script Host (a.k.a. Jscript / VBScript), which is tightly coupled to the core Microsoft Windows operating system. The 45-minute session titled “KOADIC C3 – Windows COM Command and Control Framework” will explore default COM objects as an attack surface in Microsoft Windows. It will include live demonstrations using KOADIC, obscure Microsoft Windows scripting techniques, interesting workarounds, and exploit basic Microsoft Windows Script Host functions. The speakers will also present defenses for protecting Microsoft Windows systems and networks against attacks that use this type of tool. During the presentation, a 20+ year-old remote Windows 0-day vulnerability that has been disclosed to Microsoft, will be revealed.
In the four-hour workshop, “Advanced Windows Post-Exploitation / Malware Forward Engineering”, Sean and Zach will demonstrate and explain key Microsoft Windows penetration testing techniques. They will present a deep dive on the low-level code that makes it all work, and explore shellcode, COM, WMI, Windows API, and .NET, using open source tools including PowerShell Empire, KOADIC C3, and Metasploit Meterpreter. Attendees will also gain an in-depth understanding of anti-virus detection and evasion methods.
“KOADIC C3 – Windows COM Command and Control Framework”; Saturday, July 29, 2017 at 1:00 PM PDT, Track 2
“Advanced Windows Post-Exploitation / Malware Forward Engineering”; Saturday, July 29, 2017 from 2:30 PM to 6:30 PM PDT in Octavius 5
DEF CON 25, Caesars Palace, Las Vegas, NV