Kirk Trychel
Advanced Persistent Threat
Actions
Kirk is a lifelong hacker, ever since he first sat in front of a computer. As a professional, he has founded and lead red teams with the Department of Defense (Pentagon), Secureworks Adversary Group, CrowdStrike Adversary Emulations, and Box. Kirk designed the methodologies for the first Red Team at USMC Headquarters, and the first Cloud Offensive Pentest team at Secureworks. Recently, he has turned his attention to Artificial Intelligence and developing AI-assisted malware.
Links
Modern Malware Evasion Tactics
As Endpoint Detection and Response (EDR) systems become increasingly sophisticated, malware developers are continuously evolving their strategies to evade detection. This talk explores modern malware evasion techniques aimed at circumventing EDR. Focusing on methods such as direct syscall invocation, avoiding EDR-preloaded modules, dynamic resolution of NT APIs, in-memory mapping of dlls, and stealthy process injection, attendees will gain a comprehensive understanding of how these tactics work and how to recognize them. Suitable for red team researchers and cybersecurity professionals, this session will get attendees up to speed with modern malware techniques.
Outline:
1. Introduction
- Overview of EDR Systems
- Importance of Evasion Techniques
2. Bypassing EDR Hooks
- Direct Syscall Invocation
- Basic implementation strategies
- Avoiding EDR-Preloaded Modules
3. Advanced API Handling
- Dynamic Resolution of NT APIs
- Example methods for dynamic API loading
- In-Memory Mapping of ntdll
4. Stealthy Process Injection
- Overview of Injection Techniques
- Common methods and their detection vectors
- Evasion-Focused Injection Methods
5. Integrating Evasion Techniques
- Synergizing Multiple Tactics
6. Real-World Examples
- Brief case studies of malware utilizing these methods
AI for Red Team and Malware Development
The purpose of this talk is to examine the current and future state of the use of AI in Red Team Operations. We will also examine the use of AI in defense technologies, such as EDR and XDR, but the primary focus will be on red team. Through the presentation, we will explore some use cases for AI within Red Team ops, with a focus on rapid tool development and AI driven operational decision making. The goal is to provide red teamers with the information and tools to quickly begin to leverage this new tech into their own ops.
Tempest c2: Use and Design
Tempest is a new command and control framework written in Rust. The main goal of this framework is to prioritize ease of use for the hacker while also achieving elegant effectiveness on operations. Attendees will learn all about how to use the framework, with a focus on operational security and understanding the underlying code.
This talk will go beyond just showing how to push buttons and learn steps for using a tool. We'll talk about how the c2 works, how post-ex modules work, how to avoid EDR detection, and how to make the most effective use of this or any c2 framework.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top