Don’t Kill My Cat

Back to the list of Speakers and Sessions

The purpose of this presentation is to introduce a tool and the idea behind it. This tool evades antivirus, sandboxes, IDS/IPS using one simple technique. In a nutshell it abuses of polyglot files and compact low level obfuscation using assembly. The target system can then execute the payload using various vectors: powershell or Windows’ executable.

The obfuscated payload can be pretty much everything from classic meterpreter, empire payload and cobalt strike beacon to DLLs and executables. There is no limit, since the tool offers a loader that can deobfuscate an executable in memory and execute it or simply execute shellcode.

Then end goal of that tool was to provide a simple way to evade as many security layers as possible in a single payload instead of using multiple techniques to target each layer of security. This is a must have for pentesting when your target relies on multiple security products!