This course teaches learners how to use an opensource tool called SharpShooter to generate advanced payloads for red team engagements. The goal is to bypass various endpoint protections and gain initial access during adversary simulations. The course covers profiling organizations, evading static analysis, sandboxing, and executing payloads using novel techniques like XML stylesheets and COM. The teaching method includes walkthroughs, demos, and discussions on prevention strategies. The intended audience for this course includes cybersecurity professionals, red team members, and individuals interested in offensive security tactics.
Cracking the Perimeter with SharpShooter - Dominic Chell - Hack in Paris - 2019
Hack in Paris via YouTube
Overview
Syllabus
Introduction
Getting a foothold
SharpShooter
What does it do
NetTJScript
HTML Smuggling
SharpShooter Tricks
Targeting Skype for Business
SharpShooter Demo
Signatures
VirusTotal
MSZ
MSZ Architecture
OMSI
Squiggly
Calm Staging
Workflow
XML DOM
Exploit
Example
AMZ payload
DLL hijacking
MG scam before patch
Excel for trick
Excel for payload
Tradecraft
Indicators
Dry Permissions
Injection
Spoofing
Demo
Detection Prevention
Prevention Strategies
Conclusions
Taught by
Hack in Paris
