![DEF CON 22 [Materials] Speeches from the Hacker Convention. artwork](https://is2-ssl.mzstatic.com/image/thumb/Podcasts113/v4/82/04/33/820433a7-10a6-87a7-aea8-9e5e71907412/mza_1749050550477263526.jpg/100x100bb.jpg)
Will Schroeder - Veil-Pillage: Post-exploitation 2.
DEF CON 22 [Materials] Speeches from the Hacker Convention.
English - December 14, 2014 01:31 - 25.4 MBTechnology Education How To def con defcon hacking hacker conference computer security security research defcon 22 def con 22 dc-22 dc22 Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Schroeder/DEFCON-22-Will-Schroeder-Veil-Pillage-Post-Exploitation-2.0.pdf
Veil-Pillage: Post-exploitation 2.0
Will Schroeder SECURITY RESEARCHER, VERIS GROUP
The Veil-Framework is a project that aims to bridge the gap between pentesting and red team toolsets. It began with Veil-Evasion, a tool to generate AV-evading payload executables, expanded into payload delivery with the release of Veil-Catapult, and branched into powershell functionality with the release of Veil-PowerView for domain situational awareness. This talk will unveil the newest additional to the Veil-Framework, Veil-Pillage, a fully-fledged, open-source post-exploitation framework that integrates tightly with the existing framework codebase.
We’ll start with a quick survey of the post-exploitation landscape, highlighting the advantages and disadvantages of existing tools. We will cover current toolset gap areas, and how the lack of a single solution with all the options and techniques desired drove the development of Veil-Pillage. Major features of the framework will be quickly detailed, and the underlying primitives that modules build on will be explained.
Veil-Pillage, released immediately following this presentation, makes it easy to implement the wealth of existing post-exploitation techniques out there, public or privately developed. Currently developed modules support a breadth of post-exploitation techniques, including enumeration methods, system management, persistence tricks, and more. The integration of various powershell post-exploitation components, assorted methods of hashdumping, and various ways to grab plaintext credentials demonstrate the operational usefulness of Veil-Pillage. The framework utilizes a number of triggering mechanisms with a preference toward stealth, contains complete command line flags for third-party integration, and has comprehensive logging and cleanup script capabilities. Welcome to Veil-Pillage: Post-Exploitation 2.0.
Will Schroeder (@harmj0y) is a security researcher and pentester/red-teamer for Veris Group, and is one of the co-founders and active developers of the Veil-Framework, a project aimed at bridging the gap between pentesting and red-team toolsets. Will recently presented at Shmoocon ‘14 on AV-evasion and custom payload delivery methods utilizing tools he developed, Veil-Evasion and Veil-Catapult. He has presented at various BSides events on the Cortana attack scripting language and obfuscated Pyinstaller loaders. He is also the author of Veil-PowerView, a tool for gaining situational awareness on Windows domains, and is an active powershell hacker. A former national lab security researcher, he is happy to finally be in the private sector.
twitter: @harmj0y