THE VEIL FRAMEWORK

Preview:

Click to see full reader

Citation preview

THE VEIL FRAMEWORKSUKESH SHETTY

WHO AM I ? Working with NII Consulting as a Senior Consultant

Certified to CEH v 8, ISO 27001:2013, 22301:2012,20000-2011 LA, CCNA

Web Pen testing, VAPT, Network Security, ISMS & BCMS Implementation & Maintenance, IT Risk Assessments & Security Auditing

AGENDA The Veil Framework Veil-EvasionGenesisVeil-Evasion ApproachVeil-Evasion FeaturesDemo• Veil-Catapult• Veil-Pillage• Veil-Ordinance

THE VEIL FRAMEWORK Created by Veris Group Security Researchers i.e Will Schroeder,

Chris Truncer, Michael Wright A toolset aiming to bridge the gap between pentesting and red

teaming capabilitiesVeil-Evasion: flagship tool, generates AV-evading executablesVeil-Catapult: initial payload delivery toolVeil-PowerView: situational awareness with PowershellVeil-Pillage: fully-fledged post-exploitation frameworkVeil-Ordinance: a tool that can be used to quickly generate valid

stager shellcode

VEIL-EVASION : GENESIS Antivirus can’t catch malware but does catch pentesters

SOLUTION Security Experts : Will Schroeder, Chris Truncer, Michael Wright

found a way to execute existing shellcode in an av-evading way i.e Veil-Evasion

VEIL-EVASION APPROACH Veil Evasion does its’ work by:Using an aggregation of various shellcode injection techniques

across multiple languagesHaving a focus on automation, usability, and developing a true

frameworkUsing some shellcodeless Meterpreter stagers and “auxiliary”

modules as well

VEIL-EVASION FEATURES Can use either Metasploit generated or custom written shellcodeMetasploit Framework payloads/options are dynamically loaded Third-party tools can be easily integratedHyperion, PE Scrambler, Backdoor Factory, etc. Command line switches add in script-ability Check payload hashes against VirusTotal

VEIL-CATAPULT A basic payload delivery tool Tight integration with Veil-Evasion for on-the-fly payload

generation, can upload/execute or host/execute Cleanup scripts generated for payload killing and deletion Now obsoleted with the release of Veil-Pillage

VEIL-PILLAGE A post-exploitation framework Multiple trigger options (wmis, psexec, etc.) Completely modular, making it easy to implement additional post-exploitation actions Comprehensive logging and cleanup capabilities

VEIL-ORDINANCE Fast Shellcode Generation tool 6 different payloadsMost commonly used payloads (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports)All payloads were ported from MSF

• 1 current encoderSingle Byte Xor Encoder

QUESTIONS??? Sukeshs.89@gmail.com Twitter : @sukeshs89

Get the Veil-Framework:Github: https://github.com/Veil-Framework/Now in Kali! apt-get install veilRead more: https://www.veil-framework.com

REFERENCES

• https://www.veil-framework.com/ http://www.slideshare.net/VeilFramework/av-evasion-with-the-veil-framework-30196828

http://www.slideshare.net/VeilFramework/the-veilframework

Recommended

The minister’s black veil
Entertainment & Humor
Lifting the Veil - …sslweb.solidstatelogic.com.s3.amazonaws.com/... · Lifting the Veil: The Science Behind the SSL Sound When you hear an SSL, you hear the world with the veil
Documents
“From Behind the Veil”
Documents
The Veil - Sneak Preview
Documents
Persepolis: The Veil
Documents
THE VEIL OF ISLAM
Health & Medicine
pierce the veil
Documents
The Minister’s Black Veil
Documents
The State of the Veil Framework
Technology
The Veil (issue 3)
Documents
The Lifted Veil Text
Documents
Kult - Beyond the Veil
Documents
BH Arsenal '14 TurboTalk: The Veil-framework
Documents
Beyond the Veil
Documents
AV Evasion with the Veil Framework
Technology
The Castalian Veil
Documents
The Thin Veil
Spiritual
The Veil is Thin
Education
The Veil (issue 1.)
Documents
The Veil-Framework
Technology