Shawn Edwards, Cyber Adversarial Engineer, The MITRE Corporation
Old techniques and tools are dying out. As anti-malware systems improve their capability to detect and deter offensive tools, attackers are shifting their focus to technologies that are not observed by AV. Currently, that means operating entirely in memory and avoiding dropping files onto disk. In the Windows world, the .NET Framework provides a convenient mechanism for this. I will introduce the world of .NET exploitation and evasion, demo multiple techniques that bypasses AV using .NET code, and discuss what can be done to mitigate these types of attacks.
Shawn Edwards is a Cyber Adversarial Engineer for the MITRE Corporation. He began his career at the Parsons Corporation, where he worked in software development and IT configuration management in support of the DoD. After being accepted to the SFS: CyberCorps program at the University of Alabama in Huntsville, he resumed his education and obtained a Bachelors of Computer Science with a focus in Cyber Security. In the meantime, he performed security research on a rapid prototyping and development team at MITRE, and interned on a DoD red team in support of their cyber operations and tool-building efforts. Shawn has recently rejoined MITRE, where he is assisting with adversary emulation research and development. In his downtime, he enjoys hiking, watching British comedy, brewing mead, writing offensive C# tools, and searching for new ways to abuse "features" of the Windows operating system.