Metasploit Autopsy Reconstructing the Crime Scene Peter Silberman, Steve Davis

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=6ZGnmKRXZjk


Duration: 1:04:57
38 views
2

Metasploit Autopsy: Reconstructing the Crime Scene
Meterpreter is becoming the new frontier of malicious payloads, allowing an attacker to upload files that never touch disk, circumventing traditional forensic techniques. The stealth of meterpreter creates problems for incident responders. Such as how does a responder determine what occurred on a box exploited by meterpreter?

During this talk we discuss accessing physical memory for the purpose of acquiring a specific processes’ address space. Process address space acquisition includes DLLs, EXEs, stacks and heaps. This includes memory resident modules. We describe in detail how meterpeter operates in memory and specifically how memory looks when meterpreter scripts/commands are executed and the residue these scripts create in the exploited processes’ memory space. Finally, we tie all this knowledge together and discuss how to reconstruct a meterpreter session – completely from memory – and determine what the attacker was doing on the exploited machine.

The talk will conclude with the demonstration of a new tool, the audience will see how an attacker using meterpreter is no longer hidden from the forensic investigator, as we recreate the meterpreter session from memory.

Black Hat - USA - 2009
Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-28Demystifying Fuzzers Michael Eddington Black Hat - USA - 2009
2021-12-28Johnny Long Me to We Johnny Long Black Hat - USA - 2009
2021-12-28BitTorrent Hacks Michael Brooks Black Hat - USA - 2009
2021-12-28MetaPhish pt 1 Val Smith, Colin Ames & David Kerb Black Hat - USA - 2009
2021-12-28Economics and the Underground Economy Cormac Herley Black Hat - USA - 2009
2021-12-28Black Ops of PKI Dan Kaminski Black Hat - USA - 2009
2021-12-28Kismet and MSF Mike Kershaw Black Hat - USA - 2009
2021-12-28Fighting Russian Cybercrime Mobsters Dmitri Alperovitch Black Hat - USA - 2009
2021-12-28MetaPhish pt 2 Val Smith, Colin Ames & David Kerb Black Hat - USA - 2009
2021-12-28Embedded Management Interfaces Hristo Bojinov, Elie Bursztein, Dan Boneh
2021-12-28Metasploit Autopsy Reconstructing the Crime Scene Peter Silberman, Steve Davis
2021-12-28Fuzzing the Phone in Your Phone Charlie Miller, Collin Mulliner Black Hat - USA - 2009
2021-12-28Exploiting Rich Content Riley Hassell Black Hat - USA - 2009
2021-12-28Mo’ Money Mo’ Problems Jeremiah Grossman, Trey Ford Black Hat - USA - 2009
2021-12-28Gizmo Rachel Engel Black Hat - USA - 2009
2021-12-28Exploratory Android Surgery Jesse Burns Black Hat - USA - 2009
2021-12-28Breaking the “Unbreakable” Oracle with Metasploit Chris Gates Black Hat - USA - 2009
2021-12-28Global Spying Steve Topletz, Jonathan Logan, Kyle Williams
2021-12-28Breaking the Security Myths of Extended Validation SSL Certificates Alexander Sotirov, Mike Zusman
2021-12-28More Tricks for Defeating SSL Moxie Marlinspike Black Hat - USA - 2009
2021-12-28Fast & Furious Reverse Engineering with TitanEngine Mario Vuksan, Tomislav Pericin


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
code
web
concept
thief
protection
scam
fraud
malware
secure
identity
phishing
software
access
safety
theft
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
PETER SILBERMAN
STEVE DAVIS