DeepSec 2023 Talk: Introducing CS2BR – Teaching Badgers New Tricks – Moritz Thomas & Patrick Eisenschmidt
Staying under the radar and remaining undetected is one of our priorities during Red Teaming assessments. After all, we’re simulating real threat actors and want to reach our objectives without raising any suspicion. This becomes a more and more challenging task as new defences are implemented, requiring us to add new tools and techniques to our tool belt. Occasionally, though, there is a new technique that brings a broad set of features and doesn’t leave countless traces. This talk is about one such technique: beacon object files (BOFs)! BOFs aren’t exactly the new hot stuff, as a matter of fact, they’ve been around for more than two years now. In those two years, a de-facto BOF standard has been adapted by many C2 frameworks out there. But what happens when your C2 doesn’t support