David Kennedy
David is a Red Teamer at JUMPSEC. Before working in Cyber Security he has worked for many years in financial services IT focusing on trading systems. These days he is passionate about all things Adversary Simulation, especially exploring and researching the latest techniques in regards to modern Red Teaming infrastructure.
Session
Ever tried to get a callback from a client device only to be continually thwarted by their EDR, so you then have to ask for an exclusion to be placed on a specific folder? Join Red Teamer David Kennedy as he walks you through a novel way of approaching this conundrum by (ab)using trusted binaries that EDR’s normally pay very little attention to.
This presentation will cover the execution of these trusted binaries on Windows as well as running them in ways that even the original developers haven’t advertised as being possible via ‘undocumented features’ within their code! With these techniques, struggling to get access to your client’s infrastructure should hopefully become a thing of the past or at least until these binaries are no longer trusted!